1.1 Paranimo Limited (Company Number 11992617) is a company incorporated in England and Wales with its registered office at 28 Salisbury Road, Farnborough, England, GU14 7AL. We operate two platforms: Paranimo and Matchifi.
1.2 This policy explains how Paranimo Limited ("We," "Us," or "Our") collects, uses, and protects personal data from users of our websites and platforms (collectively, "Platform"). The security and privacy of our users' personal data is central to our service, and we want this document to give our users the confidence to use our platforms without concern or anxiety.
1.3 The UK Data Protection Act 2018, the UK GDPR, and the Data (Use and Access) Act 2025 set out the data protection framework for UK citizens. More information can be found here: https://ico.org.uk/for-organisations/guide-to-data-protection/
1.4 Our platforms comprise:
1.5 These Platforms act as technology marketplaces that facilitate independent Service Providers delivering services to Clients, including through Business Customer portals, education providers, and reseller arrangements.
2.1.1 We aim to minimise the personal data we collect and process to what is necessary to provide and operate our services.
2.1.2 We only collect personal data for specified, explicit and legitimate purposes.
2.1.3 We will only use personal data for the purposes described in this policy or as otherwise permitted by law. Where those purposes materially change, we will update this policy and notify users where required.
2.2.1 We do not knowingly collect personal data from individuals under the age of 18 unless access to the Platform is provided through a Business Customer Scheme (for example, Paranimo Schools) that is expressly configured to permit under-18 users.
2.2.2 Where a user is under 18, access to the Platform is provided by a school, college or other education provider acting as a Business Customer.
2.2.3 Where a Scheme permits users under 18, the relevant Business Customer (for example, a school) must complete a mandatory safeguarding confirmation, on a per-child basis, before that child can be invited. The confirmation depends on age: for a young person aged 16 or 17, the school confirms the young person has consented (they may consent in their own right); for a child under 16, the school confirms either that parental consent has been obtained, or that a Gillick competence assessment has been completed (with evidence available on request), and provides a parent/guardian email. This is enforced by the Platform as a mandatory step — a child cannot be invited unless the applicable confirmation is made, and the selection is recorded. The Business Customer is responsible for the underlying consent or competence assessment and the related safeguarding arrangements. (In Scotland, the equivalent of Gillick competence is the "sufficient understanding" test under section 2(4) of the Age of Legal Capacity (Scotland) Act 1991.)
2.2.4 A child under the age of 13 cannot, under UK data protection law, consent on their own behalf to the processing of their personal data in connection with online services. Paranimo therefore does not rely on a child's own consent as its lawful basis for processing the personal data of under-13 users. Instead, Paranimo relies on the lawful bases set out in Sections 2.4 and 4, alongside the consent or competence confirmation provided by the Business Customer in respect of the counselling service itself.
2.2.5 We design services likely to be accessed by children in accordance with the ICO's Age Appropriate Design Code (the "Children's Code") and the children's protection requirements introduced by the Data (Use and Access) Act 2025. This includes considering how children of different ages and stages of development can be protected and supported when using the Platform, and recognising that children merit specific protection because they may be less aware of the risks involved.
2.2.6 By using our Platforms, you confirm that you are either: (a) at least 18 years old; or (b) authorised to access the Platform through a Business Customer Scheme that permits under-18 users, with any required parental or guardian consent in place.
2.2.7 We do not use advertising or advertising-related tracking to target, profile, track or market to children. Our advertising features (including the Meta, LinkedIn and Google conversion features described in Section 5.8) operate only in relation to adults and are never directed at, and do not process the data of, persons under 18. Any marketing connected with under-18 provision is directed only at schools and other organisations as customers, not at young people themselves.
2.2.8 In-platform messaging is disabled for under-18 user accounts: an under-18 user cannot send or receive messages through the Platform, and no private messaging channel exists between an under-18 Client and a Service Provider. We do not collect or store messages from under-18 users. Messages between adult users (for example, a school administrator contacting our support team) may occasionally refer to a young person; such messages are handled under the confidentiality and safeguarding arrangements described in this policy.
2.2.9 If you are under 18 (Paranimo Schools). If you use Paranimo Schools through your school or college, your school is responsible for safeguarding decisions and for deciding which of its staff can manage the service. That means certain staff at your school can see that you have booked or attended counselling sessions — but they cannot see what you talk about in your sessions. Your school should only let appropriate staff see this, and should keep it confidential. Your school is responsible for making sure the right consent is in place before you can use the service, and for explaining this to you (and, where appropriate, to your parent or guardian).
(a) Required personal data: Email address and password (encrypted). We do not share email addresses with Service Providers without consent.
(b) Optional: Display name (real name or pseudonym), phone number and availability. The display name will be used to identify you in the Client list of your Service Provider, but you can remove your name from their list at any time by withdrawing your consent.
(c) Booking Records: Service Providers booked, date, time, and session status, session duration and type, number of sessions, payment transaction history.
(d) Communications: Platform messages and their content (carried and stored via Twilio Conversations), support enquiries and notifications. Messaging is intended for booking coordination and is disabled for under-18 users.
(e) Data we do NOT collect or store:
(f) Payment Processing: All payment processing is handled by Stripe. We do not collect or store bank account details or full card numbers. See Section 5.7 and https://stripe.com/gb/privacy.
(g) Platform Analytics: We analyse usage patterns to understand and improve the Platform, primarily in aggregated form. Searches for Service Providers (for example, the specialisms searched for) are recorded against a session identifier only — we do not record your IP address or browser details with your searches, and they are not linked to your client profile. Searches and article views in our help centre are likewise recorded against a session identifier only, not your user ID. None of this is used to build a profile of you; these records are kept in pseudonymised form for ongoing product improvement. Where analytics involves non-essential cookies or similar technologies, we rely on your consent — see the Cookie Policy below.
(a) Required Data: Full name (publicly displayed), email address, password (encrypted) and phone number (for business customer portal administration).
(b) Public Profile Data: Photograph (optional), video introduction, biography, specialisations, qualifications and availability.
(c) Verification Documents — Paranimo Platform:
(d) Verification Documents — Matchifi Platform: Requirements determined by each Business Customer, which may include professional qualifications, insurance documentation, industry accreditations, training certificates, references, and background checks. Service Providers are informed of requirements before joining a Matchifi Business Customer portal.
(e) Booking and Payment Data: Clients served, session dates, times and types, duration, payment and commission records (processed via Stripe), and cancellations and rescheduling.
(f) Communications: Client messages via the Platform, Business Customer communications and support enquiries.
(g) Data we do NOT store:
Professional records are maintained by Service Providers as independent data controllers. See Sections 5.7 and 6.2.3.
(a) Business Customer Data:
(b) Administrator Data:
Processed under Article 6(1)(b) (performance of contract with the Business Customer) and Article 6(1)(f) (our legitimate interests in security and platform administration).
(a) As all Business Customers have reseller rights, additional data may include:
Processed under Article 6(1)(b) UK GDPR. Reseller rights terminate with subscription.
2.4.1 The Platform is designed to operate without us holding clinical or health information about Clients. We do not collect reasons for seeking support, diagnoses, clinical notes, or session content (see Sections 2.3.1(e) and 2.3.2(g)).
2.4.2 However, because Paranimo is a mental health platform, certain information we necessarily process — such as the fact that a Client has booked a counselling session — may indirectly reveal information relating to a person's health, which is treated as special category data under Article 9 UK GDPR.
2.4.3 In addition, where a Scheme operates for under-18 users (for example, Paranimo Schools), the Platform may record limited safeguarding-related information, including a student's GP contact details (name, phone, email, address) captured by scheme administrators for safeguarding purposes, and limited safeguarding flags or administrative notes (see Section 5.3.3). Such information may constitute special category data and, in some cases, criminal offence data.
2.4.4 Where we process special category data, we rely on one or more of the following conditions:
We maintain an appropriate policy document in respect of our processing of special category and criminal offence data, as required by the Data Protection Act 2018.
3.1 Personal data may be voluntarily given to Paranimo by you through the Platforms, or as metadata passed to us through standard online communication.
3.2 We may also receive personal data from:
3.3 Additional data collection:
3.4 We will never record any content from video call sessions.
3.5 Where information is supplied to us through third parties under a contractual arrangement, we ensure by contract that GDPR-compliant consent or another valid lawful basis exists.
3.6 Where we obtain your personal data from a source other than you directly, we will provide you with the information required under Article 14 UK GDPR within a reasonable period, unless an exemption applies.
4.1.1 The legal bases for processing your information are:
Where we process special category data, we additionally rely on the conditions set out in Section 2.4.
4.1.2 Where a Business Customer manages its own users within a Scheme, they act as Joint Data Controllers for decisions relating to their internal organisational requirements, as set out in Section 6.
(a) Registration and login functionality (b) To advertise skills and experiences through publicly viewable profiles (c) Processing bookings and payments (including as disclosed agent) (d) Account and profile management (e) Self-billing invoice generation and commission calculations
(a) Registration and login functionality (b) To show Service Providers your name (with permission) in advance of booking (c) Processing bookings and payments (d) Account management
(a) Platform access management and billing (b) Scheme administration and user management (c) Usage reporting and analytics (d) Customer support and technical assistance (e) Reseller activity management and commission processing
(a) Registration and login (b) Creating and managing profiles (c) Advertising booking availability (d) Managing calendars and bookings (e) Processing payments and generating invoices (f) Facilitating video calls (g) Commission calculations and payments
(a) Where we act as disclosed agent for Service Providers, we process personal data for:
(a) Service updates, maintenance notifications, and technical issues (b) Account security matters and verification requirements (c) Terms and policy changes requiring attention (d) Payment and billing matters (e) Platform improvements and feature updates (f) Support and assistance related to account usage (g) Compliance and regulatory matters
(a) Analysing user interactions to ensure functionality works effectively (b) Usage analysis to assess growth and inform business development (c) Ensuring service compatibility with devices and browsers (d) Assessing service effectiveness
5.1.1 Sensitive personal data will not be shared with any third party unless you give permission, except where we are obliged to do so by law, regulation, or legal process.
5.2.1 Only a Client's chosen Service Provider can see the Client's name (with Client permission).
5.2.2 Service Provider profiles are publicly available for marketing purposes.
5.2.3 Service Providers may see Business Customer organisation names when providing services to scheme members.
5.3.1 In accordance with our Terms of Service, certain personal data may be shared between Clients, Service Providers, and Business Customers for:
Business Customers receive access only to personal data relating to users within their own scheme and do not have control over the Platform's processing purposes or technical means.
5.3.2 Business Customer Administrators can:
Administrator access operates within the permissions and system rules defined by Paranimo.
5.3.2A What your organisation's administrators can and cannot see. If you access the Platform through an organisation, that organisation has administrators who manage its scheme. Those administrators can see scheme-administration information about you — including your account and contact details, your eligibility and access, and the fact that you have booked or attended sessions, and when.
Your organisation's administrators cannot see the content of your sessions. Sessions are not recorded, and administrators have no access to session content, any notes a Service Provider keeps, or your private messages. Administrators can only see information relating to their own scheme — not the users or data of any other organisation.
5.3.3 Paranimo Schools and safeguarding-related data. Where a Business Customer operates a Scheme for under-18 users (for example, Paranimo Schools), the Business Customer may have access to limited personal data necessary for safeguarding, administration and oversight purposes, such as:
Business Customers do not have access to session content, recordings, clinical notes, or private communications between Clients and Service Providers unless required by law.
5.4.1 As Business Customers have reseller rights, they may:
5.5.1 In our role as disclosed agent for Service Providers:
5.6.1 We may share personal data with third parties in these circumstances:
We use the following trusted third parties to operate the Platform. Each processes personal data only as necessary for the purpose described.
Core infrastructure
Application services
Business operations
For US-based providers, we ensure appropriate safeguards through Standard Contractual Clauses, the UK Extension to the EU–US Data Privacy Framework (the "UK–US Data Bridge") where the provider is certified, or other approved transfer mechanisms. See Section 11.
5.8.1 Some Service Providers advertise their services on Meta platforms (Facebook and Instagram) through our optional advertising feature. Where you interact with the Platform after engaging with such an advertisement, we use Meta's Conversion API ("CAPI") to measure advertising performance.
5.8.2 Events. We send the following server-side conversion events to Meta: PageView, Lead, and CompleteRegistration (the last when a booking is completed).
5.8.3 Data shared. With each event we transmit a limited set of fields to Meta: your email address and phone number, which are sent in hashed (pseudonymised) form; together with your IP address and browser user agent, which are sent as connection data (Meta's specification requires these to be sent unhashed). We do not send the content of any session, the reason for seeking support, or any clinical information.
5.8.4 Children. We do not fire conversion events, or share any data with Meta via CAPI, in connection with Paranimo Schools or any booking or interaction involving a person under 18.
5.8.5 Lawful basis and your choice. We share this data with Meta only where you have given your consent through our cookie and consent tool (Cookiehub). You can decline, or withdraw your consent at any time, using that tool, without affecting your ability to use the Platform. Where you do not consent, conversion events are not sent.
5.8.6 Controllers. For this processing, Paranimo Limited and Meta act as separate, independent controllers: Paranimo determines which events are sent and why; Meta independently determines how it uses the data for advertising delivery, measurement and its own purposes, under Meta's own terms (including its controller and Limited Data Use terms). International transfers to Meta are covered by Meta's own transfer mechanisms (see Section 11).
5.8.7 Retention. We retain conversion-event records only as long as necessary for advertising measurement and reconciliation; Meta retains data it receives in accordance with its own policies.
5.8.8 LinkedIn Ads and Google Ads. We use equivalent conversion/attribution features provided by LinkedIn and Google to measure advertising performance. These operate on the same basis as the Meta CAPI processing described above: the same limited, where-possible-hashed event data; the same consent requirement (Cookiehub); the same adults-only restriction (no events for Paranimo Schools or any interaction involving a person under 18); and the same separate-controller relationship, with each provider determining its own use of the data under its own terms and transfer mechanisms (Section 11). You can decline or withdraw consent for these at any time via the consent tool.
5.8.9 Future scope. We do not currently use the Meta Pixel or build advertising audiences (such as custom or lookalike audiences). If we introduce these in future, we will update this Policy and obtain any further consent required before doing so.
Who is responsible for your data — in summary. Paranimo Limited is the controller for operating the Platform — for example creating and securing your account, authentication, matching, messaging, facilitating bookings and payments, invoicing, platform analytics, fraud prevention and support. Where you access the Platform through an organisation (your employer, an insurer or occupational-health provider, a membership body, or a school), that organisation is the controller for what it does with your data outside the Platform (for example its own HR, case-management or pastoral records). For certain scheme-administration activities, your organisation and Paranimo Limited are joint controllers — meaning we both decide how that limited set of data is handled: your eligibility and access, the limits and settings of your scheme, and the management of your bookings and sessions (see Sections 5.3.2A and 6.2.4). You can exercise your data protection rights against either your organisation or Paranimo Limited. Service Providers (therapists and other professionals) are independent controllers for the professional records they keep about you outside the Platform (for example their own clinical notes), in line with their professional and regulatory obligations.
Our Platforms serve several categories of users:
In providing and operating the Platform — including user registration, authentication, hosting, security, access controls, matching, messaging, facilitating bookings and payments, invoicing, platform analytics, fraud prevention and support — Paranimo Limited acts as an independent Data Controller and determines the purposes and means of that processing.
Paranimo does not act as a Data Processor for Business Customers except where explicitly stated. Paranimo acts as a processor in two cases: (1) for safeguarding flags, notes and related records concerning under-18 (or at-risk) users under the Schools Data Protection Arrangement; and (2) where a Business Customer or Service Provider uses the Platform's tools to create their own questionnaires, intake forms or assessments and collect responses. In the second case the Business Customer or Service Provider is the controller, decides what to ask (which may include health or other special category data, for example a standardised screening questionnaire), and is responsible for the lawful basis and transparency for it; Paranimo processes those responses only on their documented instructions and does not determine their content. In both cases the Article 28 processor terms in our Terms of Service (clause 13.3B) apply, and for schools the Schools Data Protection Arrangement applies in addition.
Business Customers act as Joint Data Controllers only for the processing that results from decisions they make about their own users within their scheme, such as eligibility, access permissions, safeguarding responsibilities and administrative actions. All processing takes place within the framework and limitations defined by Paranimo. Business Customers do not determine platform-wide purposes or means of processing.
These decisions relate only to the Business Customer's internal organisational needs and do not give the Business Customer control over the Platform's technical architecture, data flows or processing purposes outside their own scheme.
Service Providers are independent Data Controllers for professional, clinical or service-delivery records they create or maintain outside the Platform, such as treatment notes, assessments, or any information required by their regulator or insurer. Paranimo does not access or store such material.
Where both Paranimo and a Business Customer determine the purposes and means of certain processing — scheme administration, comprising eligibility and access, scheme limits and settings, onboarding confirmations (including the per-child consent/competence confirmation for under-18 users), the management and visibility of bookings and sessions, and access and permissions relating to safeguarding within the Scheme — they act as Joint Controllers under UK GDPR Article 26. The responsibilities are allocated through our Terms of Service (clause 13.6A), which each Business Customer accepts (and, for schools, through the Schools Data Protection Arrangement). The essence of that allocation is:
"Where your organisation provides you with access to our platform, your organisation and Paranimo Limited are joint controllers for certain scheme-administration data — for example your eligibility and access, and the fact that you have booked or attended sessions. Your organisation's administrators can see this scheme-administration data, but cannot see the content of your sessions, recordings, notes, or private messages. You can exercise your data protection rights against either your organisation or Paranimo Limited."
When acting as a disclosed agent for Service Providers, Paranimo Limited processes personal data necessary to facilitate bookings, invoicing, billing, payment processing and commission calculations.
In this context, Paranimo Limited acts as an independent Data Controller for:
This agency role does not create a data processor relationship between Paranimo and Service Providers.
7.1 We retain personal data only as long as necessary to fulfil the purpose for which it was collected, to provide our services, or to comply with applicable legislation, regulatory requests, and court orders.
7.2 Retention periods vary by data type:
7.3 What happens when you close your account. Where you delete your account (or it is closed as part of a Business Customer termination), we remove your personal data from our live systems within 60 days: your profile and account records are anonymised, your profile media (photographs, videos and uploaded documents) is permanently deleted, and your login record is deleted once no profiles remain attached to it.
7.4 We do not delete everything immediately. A limited identity record is retained separately, in encrypted form, so that your sessions remain traceable to you where needed for clinical-continuity, insurance, liability, complaint-handling and legal purposes — alongside records we must keep by law (for example, invoice and payment records, kept for 7 years). This retained record is encrypted under managed keys held in the UK; it can be decrypted only by a named, authorised operator, and every access is logged. It is permanently destroyed at the end of its retention period: by default 7 years from account closure or your last session (whichever is later), or, where you were under 18 on a school or family scheme, when you reach age 25. For more detail, contact our Data Protection Lead (Section 9).
7.5 Platform messages. Messages exchanged through the Platform belong to both participants in a conversation. If you close your account, your identity is removed as described in 7.3–7.4, but the content of conversations you took part in is retained — because it is also the other participant's record and may be needed to handle complaints or legal claims — and the whole conversation is permanently deleted 7 years after the first participant's account is closed and anonymised. During that period it is not used for any other purpose.
8.1 Platform data is stored in the cloud. The PlanetScale database is hosted in Ireland (eu-west-1, Dublin); other AWS storage (S3) is in Ireland (eu-west-1); Auth0 authentication data is stored in the EU; application logs are stored in a UK-based AWS S3 bucket. (A migration of the database to a London (UK) region is planned but has not yet taken place.) Vercel blob storage is used for invoices. AWS GDPR information: https://aws.amazon.com/compliance/gdpr-center/
8.2 Personal data is encrypted in transit and at rest. The Platform is a cloud-based service: personal data is not synced to, or persistently stored on, the personal devices used to administer it.
8.3 We take appropriate administrative and technological measures to protect personal data, including:
8.4 We hold the Cyber Essentials certification.
8.5 We cannot guarantee absolute security of personal data. Optional personal data provided beyond registration requirements is provided at your own risk.
8.6 In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours where required, and will notify affected individuals promptly where the breach is likely to result in a high risk to them.
8.7 Access controls differ for Paranimo personnel, Service Providers, Business Customers and Clients in accordance with the controller roles defined in Section 6.
9.1 Given the nature of our processing activities — including operating platforms used for wellbeing, counselling and safeguarding-related services — we take data protection seriously and have appointed a Data Protection Lead as the point of contact for all data protection matters.
9.2 Our Data Protection Lead can be contacted at: support@paranimo.co.uk
9.3 You may contact our Data Protection Lead directly regarding:
10.1.1 Right to access: Request to see all personal data we hold about you.
10.1.2 Right to rectification: Request correction of inaccurate data or completion of incomplete data.
10.1.3 Right to erasure: Request deletion of your data under certain circumstances.
10.1.4 Right to restrict processing: Request restriction of processing under certain circumstances.
10.1.5 Right to portability: Request transfer of data to another organisation or directly to you.
10.1.6 Right to object to processing: Object to processing under certain circumstances.
10.1.7 Right to withdraw consent: Withdraw consent at any time. Your consent to share your name and booking relationship with a Service Provider can be withdrawn via the Platform — this stops further bookings with that Service Provider and removes your name from their client list. Cookie and marketing consent can be withdrawn via our cookie consent tool (Cookiehub). Any other consent can be withdrawn by contacting us.
10.2.1 Depending on who is the Data Controller for your specific data:
10.2.2 We will help direct your requests to the appropriate Data Controller where necessary.
10.2.3 Where Paranimo and your organisation are joint controllers for scheme-administration data (see Section 6.2.4), you may exercise your rights against either of them, regardless of how responsibilities are allocated between them (Article 26(3) UK GDPR).
10.3.1 If you are unhappy with how we have handled your personal data, you have the right to complain to us directly. You can do so by contacting us at support@paranimo.co.uk. We will acknowledge your complaint and respond within the timeframes required by law.
10.3.2 You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: https://ico.org.uk. We would, however, appreciate the opportunity to address your concerns first.
10.4.1 All marketing messages are opt-in. You can:
11.1 Some of the third-party providers we use to operate the Platform (see Section 5.7) are based outside the UK, principally in the United States. In addition, our database and most cloud storage are currently hosted in the EEA (Ireland), and our authentication provider stores data in the EU. As a result, some personal data is transferred outside the UK as a routine part of delivering our service.
11.2 Where personal data is transferred outside the UK/EEA, we ensure an appropriate level of protection through one or more of the following:
12.1 You are responsible for keeping your login credentials confidential.
12.2 We recommend:
12.3 You are liable for all activities conducted through your account until you notify us of unauthorised access.
13.1.1 This Privacy Policy applies only to our Platforms. Third-party websites linked from our Platforms have their own privacy policies.
13.2.1 This Privacy Policy is under regular review and will be updated on this webpage.
13.2.2 We will notify you of material changes by email or platform notification.
13.3.1 If Paranimo Limited is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. Where this happens, we will notify you, and the recipient will be required to honour the commitments set out in this Privacy Policy or to seek your consent where required by law.
14.1 For questions about this Privacy Policy or to exercise your data protection rights:
Email: support@paranimo.co.uk
14.2 Company Details: Paranimo Limited Company Number: 11992617 Registered Office: 28 Salisbury Road, Farnborough, England, GU14 7AL
This Cookie Policy explains our use of cookies on Paranimo and Matchifi subdomains (e.g. app.paranimo.co.uk, therapist.paranimo.co.uk, admin.paranimo.co.uk). For questions, contact support@paranimo.co.uk.
Cookies are small text files stored by your browser. They are used to authenticate logins, manage permissions, keep the service secure, and — where you consent — to understand how the Platform is used. Most browsers accept cookies by default, but you can adjust your settings. Disabling certain cookies may impair Platform functionality.
Strictly necessary cookies. These enable registration, login, secure access and core functionality. They do not require consent, but the Platform cannot function properly without them.
Analytics and performance cookies. Where you consent, we use these to understand how the Platform is used so we can improve it. This includes Google Analytics and Google Tag Manager. You can accept or reject these, and change your choice at any time, using our cookie consent tool (provided by Cookiehub).
Marketing and advertising cookies. Where you consent, we use these to measure the performance of our advertising and attribute sign-ups to advertising campaigns. This includes cookies and similar technologies associated with Meta, LinkedIn and Google advertising. These are set only where you give consent, are never used in relation to Paranimo Schools or anyone under 18, and you can accept or reject them, and change your choice at any time, using our cookie consent tool (provided by Cookiehub). See section 5.8 for more detail on how advertising measurement works.
We manage cookie consent through Cookiehub. When you first visit the Platform, you will be asked to accept or reject non-essential cookies. Strictly necessary cookies will be set regardless, as they are required for the service to work.
Some cookies are set by trusted third parties acting for us — for example our authentication provider sets cookies needed to keep you securely logged in, and (where you consent) our analytics and advertising providers set non-essential cookies. Which third parties set cookies, and for what, is shown in the cookie preference centre below; advertising cookies are consent-based and adults only (see section 5.8).
A complete, current list of the specific cookies we use — including the third parties that set them, their purposes and durations — is available in our cookie preference centre (Cookiehub), which is scanned and kept up to date automatically. The categories in this policy describe the purposes; the preference centre shows the live detail.
You can adjust your cookie settings at any time via our cookie management tool on the Platform, or through your browser settings. Disabling strictly necessary cookies may block registration and login.
Browser guides: