Cookie Policy

Updated: 19 March 2026

1. About Cookies & Local Storage

This policy explains what cookies and browser storage technologies the SectorSMART platform uses, why we use them, and how you can control them in accordance with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. The SectorSMART platform primarily uses localStorage (a browser storage mechanism) rather than traditional cookies. localStorage data is stored on your device and is not automatically transmitted to our servers with each request.

2. Essential Storage (Always Active)

These items are strictly necessary for the platform to function securely. They cannot be disabled. (a) sectorsmartToken — your authentication token (JWT) that keeps you signed in. Stored for the duration of your session and cleared on logout. Category: Essential. (b) sectorsmartRefreshToken — used to refresh your session without requiring you to log in again. Stored until logout or token expiry. Category: Essential. (c) csrfToken — a security token that protects against cross-site request forgery attacks. Stored for the duration of your session. Category: Essential. (d) sectorsmartCookieConsent — stores your cookie/storage consent preferences (which categories you accepted or rejected, and when). Stored until you reset your preferences. Category: Essential (required to honour your consent choices under PECR).

3. Functional Storage (User Preferences)

These items store your personal preferences to improve your experience. They are set when you change settings and persist until you change them again or clear your browser data. Under PECR, we treat these as strictly necessary because they store choices you have actively made. (a) darkMode — your dark/light theme preference. (b) textScale — your preferred text size scaling. (c) reduceMotion — whether you have enabled reduced animation. (d) colourBlindMode — your selected colour vision accessibility mode (none, protanopia, deuteranopia, tritanopia). (e) dyslexiaFont — whether the OpenDyslexic font is enabled. (f) highContrast — whether high contrast mode is enabled. (g) enhancedFocus — whether enhanced keyboard focus indicators are enabled. (h) sectorsmartBranding — cached organisation branding data (logo, colours) to reduce load times. Refreshed on login.

4. Functional Storage (Admin Preferences)

These items are only set for users with administrator access and store workspace preferences. (a) ss_user_filter_presets — saved filter presets for the user management admin panel. Persists until manually deleted. (b) scenario_draft_[key] — auto-saved drafts of scenarios being edited in the scenario editor. One entry per scenario. Cleared when the scenario is saved or discarded. (c) scenario_editor_list_mode — your preferred view mode (flat or grouped) in the scenario editor.

5. Analytics Storage (Consent Required)

The SectorSMART platform does not currently use any third-party analytics services (such as Google Analytics, Hotjar, or Mixpanel). If analytics are introduced in the future, they will only be activated after you give explicit consent via the cookie banner. You will be able to opt out at any time via Settings > Privacy. This policy will be updated to list specific analytics technologies before they are deployed. If Sentry error monitoring is enabled in production (via the REACT_APP_SENTRY_DSN environment variable), it is classified as essential (error monitoring for platform stability). Sentry strips all personally identifiable information (email and IP address) before transmission.

6. Third-Party Storage

The SectorSMART platform does not set any third-party cookies or storage. However, if you use SSO (Single Sign-On) to access the platform, your identity provider (e.g. Microsoft Entra ID, Okta, Google Workspace) may set their own cookies during the authentication flow. These are governed by the respective provider's cookie and privacy policies and are outside our control.

7. Managing Your Preferences

You can manage your storage preferences in several ways: (a) Cookie banner — when you first visit the platform, you can choose Accept All, Essential Only, or Customise to select individual categories. (b) Settings > Privacy — you can change your consent preferences at any time from within the platform. (c) Browser settings — you can clear all localStorage data for the SectorSMART domain via your browser settings (note: this will sign you out and reset all preferences). (d) Reset consent — the Settings > Privacy page includes an option to reset your cookie consent, which will re-display the cookie banner on your next visit.

8. Data Sent to Our Servers

Unlike traditional cookies, localStorage data is not automatically sent to our servers with every request. Your authentication token (sectorsmartToken) and CSRF token (csrfToken) are included in API request headers for security purposes. Your cookie consent preferences (sectorsmartCookieConsent) are synced to your account on login so your choices are consistent across devices. No other localStorage data is transmitted to our servers.

9. Changes to This Policy

We will update this policy if we introduce new storage technologies or third-party services. Material changes will be communicated via the platform. If new categories of non-essential storage are introduced, fresh consent will be requested via the cookie banner.