Cookie Policy
Last updated: 16 May 2026
What are cookies?
Cookies are small text files placed on your device by a website. They help the site function correctly and remember your preferences between visits. This policy also covers similar technologies we rely on, including browser local storage, which the UK Information Commissioner's Office treats the same way as cookies for transparency purposes.
Cookies we use
Strictly necessary cookies (always active)
These cookies are essential for MyPKU to work. Without them you cannot log in or use the service reliably. Under the Privacy and Electronic Communications Regulations 2003 (PECR) and UK GDPR, consent is not required for strictly necessary cookies; we disclose them here so you know what is set and why.
| Cookie | Purpose | Provider | Duration |
|---|---|---|---|
AWSALB, AWSALBCORS | Load-balancing “sticky session” cookies. Keep your browser pinned to the same server during a request, which prevents partial page loads and errors during deployments. Set automatically by our infrastructure. | AWS (Application Load Balancer) | 10 minutes |
Payment cookies (subscription page only)
If you visit the subscription page, Stripe may set cookies to process payments securely and prevent fraud. These are considered strictly necessary because they are set in connection with a payment service you have explicitly requested. See Stripe's Cookie Policy for details.
| Cookie | Purpose | Provider |
|---|---|---|
__stripe_mid | Fraud prevention for payment processing | Stripe |
__stripe_sid | Fraud prevention for payment processing | Stripe |
Browser local storage (similar technologies)
MyPKU stores some information directly in your browser's local storage rather than in cookies. Local storage works differently from cookies (it is not sent to our servers automatically), but the UK ICO treats it the same way for transparency, so we disclose it here too. All entries below are strictly necessary for the service to function.
| Key | Purpose | Provider | Duration |
|---|---|---|---|
CognitoIdentityServiceProvider.*, amplify-* | Stores your authentication tokens (ID, access, refresh) so you stay logged in between page loads. Removed automatically when you sign out or when the refresh token expires. | AWS Amplify / Cognito | Up to 30 days (refresh-token lifetime) |
mypku-cookie-acknowledged | Records that you have seen the cookie notice so we don't show it again. | MyPKU | Persistent (until you clear browser storage) |
Analytics (cookieless)
We use Umami Cloud to measure aggregate usage of MyPKU (which pages and features are used most). Umami is deliberately cookieless and writes nothing to your browser storage, so this processing does not require your consent under PECR. See the Privacy Policy for a full description of what Umami receives and how it is hosted.
What we do not use
MyPKU uses no advertising cookies and does not use Google Analytics, Facebook Pixel, or any similar tracking tool that profiles individual visitors. If we ever introduce non-essential cookies, we will ask for your explicit consent through an updated cookie banner before any are set.
Managing cookies and local storage
You can control or delete cookies and local storage through your browser settings. Please be aware that blocking the strictly necessary cookies and storage entries listed above will prevent you from logging in to MyPKU or using the service reliably.
Changes
We will update this policy if we introduce new cookies or change how existing entries work. Check the “last updated” date above for the current version. Recent changes:
- 4 May 2026: Disclosed ALB sticky-session cookies (
AWSALB/AWSALBCORS) added to support reliable deployments. Re-categorised the Cognito and Amplify auth entries as browser local storage rather than cookies (no functional change; the previous policy described the storage mechanism inaccurately).