Last updated: 13 March 2026

Cookie Policy

1. Introduction

This Cookie Policy explains how AutoRevenue Systems LTD ("we", "us", or "our") uses cookies when you use the AutoRevenueOS website and application. Most cookies are first-party: essential cookies for the service and your consent choice, and optional cookies for conversion tracking (e.g. visit → calculator → chat → signup) that only run if you accept. A small number are set by trusted providers — Supabase for login session cookies, Stripe for card-setup fraud prevention (these are technically third-party to stripe.com), and Google Analytics 4 for aggregated analytics (only after you accept, with IP addresses anonymised). We do not use other marketing or third-party advertising trackers. Our own cookies use Secure and SameSite=Lax, and we do not store personal data in them.

2. List of cookies

The table below lists every cookie we or our providers set when you use the site. Cookies set by Supabase (authentication), Stripe (card setup, fraud prevention) and Google Analytics 4 (analytics, only after you accept) are included so you have a complete picture.

Name	Set by	Purpose	Duration	Essential
`ar_cookie_consent`	AutoRevenueOS (first-party)	Stores your cookie consent decision (Accept / Reject optional cookies).	12 months	Yes
`sb-<project-ref>-auth-token.0` / `.1` (chunked)	Supabase Auth (first-party)	Login session — stores your encrypted access and refresh tokens so you stay signed in.	~12 months (rotated on use)	Yes
`__stripe_mid`	Stripe (third-party, `stripe.com`)	Stripe fraud prevention during card setup. Only set when you open Settings → Billing.	12 months	Yes
`__stripe_sid`	Stripe (third-party, `stripe.com`)	Stripe session identifier during card setup. Only set when you open Settings → Billing.	30 minutes	Yes
`ar_vid`	AutoRevenueOS (first-party)	Unique visitor ID for conversion tracking (e.g. visit → calculator → chat → signup).	12 months	No
`ar_source`	AutoRevenueOS (first-party)	Traffic source (direct, google, twitter, referral).	90 days	No
`ar_campaign`	AutoRevenueOS (first-party)	UTM campaign data when present in the URL.	90 days	No
`ar_chat`	AutoRevenueOS (first-party)	Website chat session continuity so your messages stay in one conversation.	30 days	No
`_ga`	Google Analytics 4 (first-party)	Distinguishes unique visitors for aggregated site analytics. Only set when you accept optional cookies.	2 years	No
`_ga_<stream-id>`	Google Analytics 4 (first-party)	Persists GA4 session state. Only set when you accept optional cookies.	2 years	No

3. Strictly necessary

ar_cookie_consent

We store your choice (Accept or Reject optional cookies) so we do not ask again on every visit. This cookie is essential for the consent mechanism and does not require consent itself under UK/ePrivacy rules.

Authentication (Supabase)

When you log in, our authentication provider Supabase sets cookies so your session is recognised and you stay logged in. These are strictly necessary for the service. Name pattern: sb-<project-ref>-auth-token.0 and .1 (the token may be split across chunked cookies for size). First-party, HttpOnly, Secure, SameSite=Lax. Duration roughly 12 months, rotated automatically whenever you use the site.

Card setup (Stripe)

When you open Settings → Billing and load the "Add your card" form, Stripe Elements sets two third-party cookies on stripe.com for fraud prevention:

__stripe_mid — a merchant/device identifier used to detect fraudulent payment attempts. Duration: 12 months.
__stripe_sid — a short-lived session identifier scoping the current card-setup attempt. Duration: 30 minutes.

These cookies are strictly necessary for safely saving a payment method and are exempt from consent under UK/ePrivacy rules. They are set by Stripe, not by us, and are not used for advertising. For details see Stripe's cookie notice.

4. Functional

ar_chat

The website chat widget uses this cookie to associate your messages with the same conversation when you return. It is set only when you have accepted optional cookies and when you first open the chat. If you reject optional cookies, chat still works within a single session using session storage only. Duration: 30 days. First-party, no personal data.

5. Conversion (with consent)

If you click "Accept" in our cookie banner, we set the following cookies to understand how visitors move through the site (e.g. visit → calculator → chat → signup). We use this only to improve our product and messaging; we do not use them for advertising or to identify you personally.

ar_vid — A random unique visitor ID. Duration: 12 months.
ar_source — Traffic source: direct, google, twitter, or referral (derived from referrer, not personal data). Duration: 90 days.
ar_campaign — UTM campaign data (utm_source, utm_medium, utm_campaign) when present in the URL. Duration: 90 days.

6. Google Analytics 4

When you have accepted optional cookies, we load Google Analytics 4 (GA4) only on the marketing site (home and marketing pages) and the login page. We do not load or track GA4 on authenticated app pages (e.g. dashboard, inbox, settings). GA4 is used to understand how visitors move through the site (e.g. page views, use of the revenue calculator, chat, and signup). We have configured IP anonymisation and send only a minimal set of events (page_view, calculator_used, chat_started, signup_started, signup_completed). Google may set cookies such as _ga and _ga_* when GA4 is loaded; these are non-essential and are only set after you accept. For more information, see Google's Privacy Policy and use of cookies.

7. No other marketing trackers

We do not use marketing cookies other than the analytics described above, third-party advertising cookies, or social-media pixels. If we introduce any additional tracking in the future, we will update this policy and obtain consent where required.

8. Similar technologies

Our website chat widget also uses browser session storage (not cookies) for a small amount of continuity data when you have not accepted optional cookies:

ar_chat_session — a short random identifier that keeps your chat messages in a single conversation during one browser session. Stored in window.sessionStorage, cleared automatically when you close the tab, never sent to a third party. This is strictly necessary for the chat widget to work while consent is rejected and does not require consent under UK/ePrivacy rules. If you accept optional cookies, we use the ar_chat cookie described above instead so your conversation persists across visits.

9. Technical details

Cookies we set ourselves use Secure (sent only over HTTPS), SameSite=Lax, and path=/. They are first-party to autorevenueos.com. We do not store personal data in them; values are random identifiers or non-personal categories (e.g. "google", "direct"). Cookies set by Stripe (__stripe_mid, __stripe_sid) are technically third-party — they belong to stripe.com — and are controlled by Stripe's own cookie policy. Google Analytics 4 cookies (_ga, _ga_<stream-id>) are set first-party on autorevenueos.com but the underlying service is provided by Google.

10. Managing cookies

You can block or delete cookies in your browser settings. Blocking strictly necessary cookies may prevent you from staying logged in, from completing card setup, or from having your consent choice remembered. If you previously accepted optional cookies and want to withdraw, clear the ar_cookie_consent, ar_vid, ar_source, ar_campaign, ar_chat, _ga, and _ga_<stream-id> cookies; we will show the banner again and will not set conversion or analytics cookies until you accept.

For more about how we process personal data, see our Privacy Policy.

11. Contact

For questions about this Cookie Policy, contact us at support@autorevenueos.com.

AutoRevenue Systems LTD
Office 326, 18 Young St, UNIT LGE
Edinburgh EH2 4JB
Scotland