Last updated: 26 May 2026
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners. This Cookie Policy explains how AI-Assist for SMEs (“we”, “us”) uses cookies and similar technologies on our platform.
This policy should be read alongside our Privacy Policy, which provides further details on how we handle your personal data.
We use cookies for the following purposes:
These cookies are essential for the Service to function. They cannot be switched off. They are usually set in response to actions you take, such as logging in or filling in forms.
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
| sb-*-auth-token | Supabase authentication session token. Required for login functionality. | Session / 1 year | Supabase |
| sb-*-auth-token-code-verifier | PKCE code verifier for secure OAuth authentication flows. | Session | Supabase |
| __stripe_mid | Stripe fraud prevention. Used to detect and prevent fraudulent payment transactions. | 1 year | Stripe |
| __stripe_sid | Stripe session identifier for payment processing. Set only when you reach a checkout page. | 30 minutes | Stripe |
| aa_mfa_trust | Marks this device as trusted for two-factor authentication. Only set if you have enabled MFA on your account and ticked “Trust this device for 30 days” on the verification screen. HttpOnly, Secure, SameSite=Lax. | 30 days | AI-Assist |
These items remember helpful preferences. They are stored in your browser's local storage (not as HTTP cookies) — they never get sent to any server. They remain on your device until you clear your browser data, and can be wiped at any time without affecting the platform.
| Storage Key | Purpose | Duration | Provider |
|---|---|---|---|
| cookie-consent | Remembers your cookie banner choice (“accepted” or “essential-only”) so we don't keep asking. | Until cleared | AI-Assist |
| theme | Remembers your dark / light mode preference. | Until cleared | AI-Assist |
| notifications_last_read | Tracks when you last opened the notification bell so the unread count is accurate. Only present when you're signed in to your dashboard. | Until cleared | AI-Assist |
| pwa_install_dismissed | Remembers that you dismissed the “Install AI-Assist as an app” banner so it doesn't reappear. | Until cleared | AI-Assist |
These trackers help us understand how visitors use the platform and catch errors so we can fix them. They are only activated if you click “Accept All Cookies” on our banner. Picking “Essential Only” means none of these load — and the platform works the same.
| Cookie / Tracker | Purpose | Duration | Provider |
|---|---|---|---|
| _va_id | Vercel Analytics visitor identifier. Anonymous aggregate page-view counts. | 1 year | Vercel |
| _va_ses | Vercel Analytics session tracking. | 30 minutes | Vercel |
| Vercel Speed Insights | Page-load timing telemetry so we can spot slow pages and fix them. No cookies — sends aggregate timing measurements only. | No persistence | Vercel |
| Sentry | Captures JavaScript errors and stack traces so we can fix bugs quickly. No cookies set in your browser; events are sent to Sentry only when something goes wrong. | Per event | Sentry |
We use one analytics tool that is exempt from the consent requirement under UK PECR because it does not use cookies, does not store anything on your device, does not identify you, and does not track you across sites:
| Tool | What it does | Storage | Provider |
|---|---|---|---|
| Plausible Analytics | Cookieless aggregate page-view counts. Your IP address is hashed (irreversibly) and discarded the same day, so visits cannot be tied back to you. No cross-site tracking, no fingerprinting, no personal data leaves your browser. | None | Plausible (EU-hosted) |
Plausible's privacy model is documented at plausible.io/privacy-focused-web-analytics. If you would still prefer to block it, your browser's tracking-protection settings or any standard ad blocker will do so.
When you first visit the platform, our cookie consent banner gives you two equally prominent choices:
You can change your choice at any time — withdrawing consent is as easy as giving it. Scroll to the bottom of any page and click the “Cookie Settings” link in the footer. The banner will reappear and you can choose again. If you switch from “Accept All” to “Essential Only”, we will remove the analytics cookies we previously set on your device.
Most web browsers also let you control cookies directly through their settings. You can typically:
Blocking strictly necessary cookies may prevent sign-in, payment processing, or two-factor authentication from working. All optional cookies can be blocked at the browser level with no impact on functionality.
The following third-party services may set cookies or load scripts on the platform. Each is listed with its purpose and consent status:
We do not control the cookies set by these third parties beyond gating them behind consent where required. Please refer to each provider's own privacy / cookie policy for full details.
Alongside cookies, we use two other browser storage mechanisms. Both stay on your device and are not transmitted to any server unless explicitly noted:
The full list of items we put in your browser's local storage is in section 3.2 above (cookie-consent choice, theme preference, notification-bell read state, PWA-install dismissal). None of these are tracked, sold, or shared. Authentication session tokens are stored as HTTP cookies (section 3.1), not in local storage.
When you visit the site, a service worker caches static assets (CSS, JavaScript, fonts, images) so the platform loads faster on repeat visits and can work briefly offline. This is treated as strictly necessary functionality under PECR. The cache is automatically invalidated when we deploy new versions, and you can clear it any time via your browser's “Clear site data” setting.
If you would like us to delete all data associated with your account (including any server-side records), see your rights under our Privacy Policy (section “Your Rights”) and email info@aiassistsmes.co.uk.
We may update this Cookie Policy from time to time to reflect changes in our practices or applicable regulations. The “Last updated” date at the top of this page indicates when this policy was last revised.
If you have questions about our use of cookies, please contact us:
For more information about your rights under UK GDPR and how we protect your data, please read our Privacy Policy.