UK Cookie Consent Notice
Effective Date: 10 February 2026 Last Updated: 10 February 2026
This Cookie Consent Notice is provided in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR for users located in the United Kingdom.
1. Why This Notice Matters
UK law requires us to obtain your informed consent before using any cookies or tracking technologies that are not strictly necessary for our service to function. This notice explains exactly what we use, so you can make an informed choice.
2. Cookie Categories
2.1. Strictly Necessary Cookies (No Consent Required)
These cookies are essential for the Platform to operate. You cannot opt out of these.
| Cookie | Purpose | Duration | Details |
|---|---|---|---|
session_token | Authentication — keeps you logged in | 30 days | httpOnly, Secure, SameSite=Lax. Contains an encrypted session identifier. No personal data is stored in the cookie itself. |
Why exempt: The ICO guidance confirms that cookies strictly necessary for a service explicitly requested by the user do not require consent. Authentication cookies fall into this category.
2.2. Analytics/Performance (Consent Required)
Our self-hosted analytics system collects usage data to help us understand how the Platform is used and improve it.
What we collect:
| Data Point | Description |
|---|---|
| Page path and title | Which page was visited |
| Hashed visitor ID | A one-way hash, reset daily — cannot track you across days |
| Session ID | Groups views in one visit |
| Referrer URL and domain | How you arrived at our site |
| UTM parameters | Campaign source, medium, campaign, term, content |
| Device type | Desktop, mobile, or tablet |
| Browser and OS | e.g., Chrome on Windows |
| Country and region | Derived from IP (IP itself is not stored) |
| Screen dimensions | Width and height |
Blog post engagement:
| Data Point | Description |
|---|---|
| Post view count | Number of views per blog post |
| Visitor ID | Same daily-reset hash |
| Referrer domain | Where the reader came from |
Custom events:
| Event | What It Measures |
|---|---|
| Engaged | Whether the visitor meaningfully interacted |
| Scroll depth | How far down the page was scrolled |
| Time on page | Duration of the visit |
2.3. What We Do NOT Use
We confirm that we do not use:
- Google Analytics
- Facebook Pixel or Meta tracking
- Any third-party advertising cookies
- Any cross-site tracking technologies
- Any cookies that persist beyond 30 days
All analytics data is processed and stored on our own Azure infrastructure. No data is shared with third-party analytics or advertising companies.
3. Your Consent Choices
3.1. How to Give Consent
When you first visit our Platform from the UK, you will be presented with a consent mechanism allowing you to:
- Accept analytics — we will track your page views using our privacy-focused system
- Reject analytics — we will not track your page views; only the strictly necessary session cookie will be set
3.2. Requirements for Valid Consent (ICO Standards)
Your consent is:
- Freely given — you can use the Platform regardless of your choice
- Specific — you are consenting only to analytics tracking, not bundled with other consents
- Informed — this notice provides full details of what is tracked
- Unambiguous — requires a clear affirmative action (no pre-ticked boxes)
3.3. How to Change Your Mind
You may withdraw or change your consent at any time by:
- Visiting your account privacy settings
- Clearing your browser cookies for our domain
- Contacting us at support@discoverworthy.com
Withdrawing consent is as easy as giving it.
4. Impact of Your Choice
| Choice | What Happens |
|---|---|
| Accept analytics | Your page views are counted using a hashed daily ID. We can see aggregate usage patterns. |
| Reject analytics | No analytics data is collected from your visits. The Platform works exactly the same. |
| Block session cookie | You will not be able to log in or use authenticated features. |
5. Data Retention
| Data | Retention |
|---|---|
| Session cookie | 30 days from creation (or until you log out) |
| Analytics data | 24 months, then aggregated (anonymized) |
| Consent record | Retained for the duration of your account (required for audit) |
6. Legal Basis
- Session cookie: Strictly necessary — exempt from consent under PECR Regulation 6
- Analytics tracking: Consent — required under PECR Regulation 6 for non-essential tracking
Under the UK GDPR, the legal basis for analytics processing is consent (Article 6(1)(a)).
7. Our Commitment
We deliberately chose a privacy-focused analytics approach:
- No cross-day visitor tracking (hashed IDs reset daily)
- No IP address storage
- No third-party data sharing
- No advertising or profiling
- All data stays on our infrastructure
We believe in earning your trust through transparency, not tracking.
8. Further Information
- Full Cookie Details: See our Cookie & Tracking Policy
- Privacy Rights: See our Privacy Policy
- UK GDPR Rights: See our UK GDPR Data Processing Addendum
- ICO Guidance: ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/
9. Contact Us
For questions about cookies and consent:
- Email: support@discoverworthy.com
- Address: 140 Keller Road, ESSENDON NORTH, VIC 3041
- ICO Complaints: ico.org.uk or 0303 123 1113