This policy covers our use of cookies in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003 and UK GDPR. It should be reviewed by a qualified solicitor before publication.
Cookie Policy
Last updated: 8 April 2026
1. What are cookies
Cookies are small text files that are stored on your device (computer, tablet, or phone) when you visit a website. They help the website remember your preferences and understand how you use the site.
We also use similar technologies including sessionStorage and localStorage, which store data in your browser for the duration of your visit or until you clear your browser data.
2. How we use cookies
We use a minimal number of cookies and browser storage items. We do not use third-party advertising cookies, tracking pixels from ad networks, or cross-site tracking technologies.
3. Cookies and storage we use
3.1 Strictly necessary (no consent required)
These are essential for the website to function. Under PECR, these do not require consent.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| bp-cookie-consent | localStorage | Records your cookie consent preference (accepted/declined) so we don't show the banner again | Persistent until cleared |
3.2 Analytics (consent required)
These help us understand how visitors use the website so we can improve it. They are only activated if you accept cookies via our consent banner.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| bp_session_id | sessionStorage | A random identifier (UUID) that groups your page views into a single session for analytics. Not linked to your identity. | Browser session (cleared when tab/window closes) |
| bp_utm | sessionStorage | Stores UTM marketing parameters (source, medium, campaign) from the URL so we can attribute your visit to a marketing channel | Browser session |
3.3 Third-party cookies
We currently use the following third-party services that may set their own cookies:
| Service | Purpose | Cookie policy |
|---|---|---|
| Stripe | Payment processing — may set cookies during the checkout process for fraud prevention | Stripe cookie policy |
| Formspree | Contact form processing — may set cookies when you submit the contact form | Formspree privacy policy |
We do not control the cookies set by these third-party services. Please refer to their respective policies for details.
3.4 Cookies we do NOT use
We do not use:
- Advertising or targeting cookies
- Social media tracking pixels (Facebook Pixel, TikTok Pixel, etc.)
- Cross-site tracking technologies
- Fingerprinting or device identification technologies
- Google Analytics or any Google tracking products
4. Your consent
When you first visit our website, a cookie consent banner will appear. You can choose to:
- Accept: We will activate analytics tracking (session ID, UTM capture, page view tracking)
- Decline: We will not activate analytics tracking. Only the strictly necessary cookie consent preference will be stored.
Your choice is recorded in your browser's localStorage and persists until you clear your browser data.
5. How to manage cookies
5.1 Our consent banner
You can change your cookie preference at any time by clearing your browser's localStorage for thebrandprotocol.ai. The consent banner will reappear on your next visit.
5.2 Browser settings
Most browsers allow you to control cookies through their settings. You can typically:
- View and delete existing cookies
- Block all cookies or only third-party cookies
- Set preferences for specific websites
- Clear localStorage and sessionStorage
Instructions for managing cookies in common browsers:
Please note that blocking all cookies may affect the functionality of some websites, including ours.
6. Data collected via cookies
The analytics data collected via our session tracking is stored in our database (hosted by Supabase) and is subject to the data handling practices described in our Privacy Policy.
Key points:
- Session IDs are random UUIDs — they are not linked to your identity
- We do not combine analytics data with personally identifiable information
- Analytics data is automatically deleted after 90 days
- All analytics data is stored with row-level security — only our server can read or write it
7. Changes to this policy
We may update this cookie policy from time to time, particularly if we add new services or change our analytics setup. If we make significant changes, we will reset the consent banner so you can make a new choice.
The "last updated" date at the top of this page indicates when the policy was last revised.
8. Contact
If you have questions about our use of cookies, contact us:
RightsTech Ltd (trading as The Brand Protocol)
Company No. 16602847
Email: hello@thebrandprotocol.ai
You also have the right to contact the Information Commissioner's Office (ICO) at ico.org.uk if you have concerns about how we use cookies.