This Cookie Policy explains how Ampthilly AB (“we”, “us”, “our”) uses cookies and similar technologies on https://ampthilly.com, https://app.ampthilly.com, and related subdomains (collectively, the “Sites”). It should be read with our Privacy Policy and Terms of Service.
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. We also use local storage, session storage, and pixels for similar purposes - for example remembering preferences, keeping you signed in to the product, measuring aggregate traffic on our marketing site, and protecting against abuse.
2. Where cookies apply
| Site | What this policy covers |
|---|---|
| https://ampthilly.com (marketing) | Cookie banner and consent for non-essential cookies (including Google Analytics and Tawk.to live chat). See Sections 4–7. |
| https://app.ampthilly.com (product) | Strictly necessary authentication and session cookies required to use AMPthilly. Non-essential marketing, analytics, or live chat cookies from Sections 6–7 are not deployed on the application subdomain. |
3. Who sets cookies?
- First-party cookies are set by AMPthilly.
- Third-party cookies are set by tools we use, such as Cloudflare (security/CDN), Google (analytics on the marketing site only), and Tawk.to (live chat on the marketing site, only after you opt in).
4. Consent
Strictly necessary cookies do not require consent.
Non-essential cookies - including Google Analytics (GA4) and Tawk.to live chat on https://ampthilly.com - are only set after you give consent through our cookie banner or preference controls, where regional law requires it. You can change or withdraw consent at any time via the banner or by clearing cookies and revisiting the marketing site.
The application at https://app.ampthilly.com uses strictly necessary cookies and similar technologies for sign-in and session management, together with limited functional storage for non-sensitive UI preferences (Section 5).
5. Cookie categories
5.1 Marketing site (https://ampthilly.com)
| Category | Purpose | Typical duration | Examples |
|---|---|---|---|
| Strictly necessary | Core site operation, security, load balancing, storing consent choices | Session to 12 months | Consent-state cookie; Cloudflare __cf_bm (bot management) |
| Preferences | Remember UI choices such as reduced motion or dismissed notices | Up to 12 months | Preference flags in local storage |
| Analytics (consent-based) | Understand aggregate traffic and performance | Up to 24 months | Google Analytics GA4 (_ga, _ga_*) |
| Live chat (consent-based) | Let you message our team and keep an ongoing chat session | Session to 12 months | Tawk.to (__tawkuuid cookie; Tawk_* / twk* in local and session storage) |
5.2 Application (https://app.ampthilly.com)
| Category | Purpose | Typical duration | Examples |
|---|---|---|---|
| Strictly necessary | Authenticated session, security (including CSRF protection), routing to your workspace | Session / per Supabase configuration | Supabase auth cookies (pattern sb-<project-ref>-auth-token and related); short-lived OAuth/PKCE cookies during sign-in |
| Functional (optional) | Non-sensitive UI preferences | Until cleared by you or the browser | localStorage / sessionStorage for layout or dismissed notices |
Exact Supabase cookie names depend on your project reference (sb-<project-ref>-…).
When you sign in to AMPthilly, strictly necessary cookies or tokens maintain your session, protect against cross-site request forgery and session fixation, and route requests securely. They are required to use the product and are not used for cross-site advertising.
Stripe may set cookies when you interact with Stripe-hosted payment pages; see Stripe’s privacy notice.
We review this inventory periodically and update it when vendors or site behaviour change.
6. Analytics - Google Analytics (GA4)
We use Google Analytics 4 only on https://ampthilly.com to understand how visitors use our marketing site. GA4 sets cookies and sends information (including a pseudonymous identifier and IP-derived approximate location) to Google, which may process it in the United States under appropriate transfer safeguards.
GA4 is not loaded on the marketing site and sets no cookies until you give consent through our cookie banner. GA4 is not used on https://app.ampthilly.com. You can withdraw consent at any time, after which GA4 will no longer load on the marketing site. You can also use Google’s opt-out browser add-on. See Google’s privacy policy for details on its processing.
7. Live chat - Tawk.to
We use Tawk.to live chat only on https://ampthilly.com so you can message our team. When you grant the Live chat category, we load Tawk.to’s widget, which sets cookies and uses local and session storage to maintain your chat session, and sends the information you provide (and limited technical data such as an IP-derived approximate location) to Tawk.to, Inc., which may process it outside the EU/EEA, including the United States, under appropriate transfer safeguards.
Tawk.to is not loaded and sets nothing until you give consent through our cookie banner. It is not used on https://app.ampthilly.com. You can withdraw consent at any time, after which the widget is hidden and its cookies and storage are cleared on a best-effort basis (reloading the page fully removes it). See Tawk.to’s privacy policy for details on its processing.
8. Managing cookies
You can control cookies through your browser settings (block, delete, or limit cookies). Blocking strictly necessary cookies on https://app.ampthilly.com may prevent sign-in or normal use of the product. On the marketing site, use our banner or preference mechanism to manage non-essential cookies where consent is required.
Signing out of the product clears session authentication cookies for that browser session.
9. Do Not Track
There is no uniform industry standard for “Do Not Track” signals. We treat non-essential analytics cookies on the marketing site according to consent requirements in your region rather than DNT alone.
10. Third-party policies
Third-party providers may set their own cookies subject to their policies, including Cloudflare (security and performance), Google (analytics on the marketing site), and Tawk.to (live chat on the marketing site).
11. Updates
We revise this policy when categories, vendors, or consent flows change. The effective date above shows when this version was published.
12. Contact
Questions about cookies: hello@ampthilly.com, or see our Privacy Policy for data subject rights.