Cookie Notice
This Cookie Notice explains how Clarence Legal Limited ("Clarence", "we", "us") uses cookies and similar technologies on clarencelegal.ai (the "Platform"), and the choices you have. Read it alongside our Privacy Policy.
We have written this to comply with the Privacy and Electronic Communications Regulations (PECR) in the UK and the cookie‑consent requirements under UK GDPR.
1. What is a cookie?
A cookie is a small text file that a website asks your browser to store on your device. The next time you visit, the browser sends the cookie back so the site can recognise you. Similar technologies include local storage, session storage and pixels. We use the word "cookie" in this notice as shorthand for all of them.
Cookies fall into four broad categories under PECR / ICO guidance:
- Strictly necessary — required for the Platform to work (e.g., authentication). No consent required.
- Functional / preference — remember choices you make (e.g., theme, sidebar state). Consent required if not strictly necessary.
- Analytics / performance — measure how the Platform is used to help us improve it. Consent required.
- Marketing / advertising — track you across sites for behavioural advertising. Consent required. We do not use these.
2. Cookies we use
| Cookie name | Set by | Category | Purpose | Duration |
|---|---|---|---|---|
sb-<project-ref>-auth-token | Supabase (first‑party) | Strictly necessary | Holds your authentication session so you stay signed in across pages. Required for the Platform to work. | Session + refresh token (sliding; default 1 hour access / 30 days refresh). |
sb-<project-ref>-auth-token-code-verifier | Supabase (first‑party) | Strictly necessary | PKCE flow integrity during sign‑in / magic link / password reset. | Short‑lived (minutes). |
__Host-clarence-csrf | Clarence (first‑party) | Strictly necessary | Cross‑site request forgery protection on sensitive requests. | Session. |
clarence-ui-prefs | Clarence (first‑party) | Functional | Remembers UI preferences (e.g., sidebar state, last‑used Plan view, table sort orders). | 12 months. |
__stripe_mid, __stripe_sid | Stripe (third‑party) | Strictly necessary (during checkout) | Stripe fraud‑prevention and Checkout session continuity. Only set when you visit the Stripe Checkout page from our pricing or billing flow. | __stripe_mid 1 year; __stripe_sid 30 minutes. |
vercel-analytics-id (if enabled) | Vercel (first‑party tag, server‑side) | Analytics | Anonymous traffic measurement to help us improve performance. We do not link it to your Account. | Session. |
Local storage and session storage: the Platform uses browser local storage for caching the user's preferred filters and sort orders on a few pages (e.g., Document Centre, Reports lobby). This is technically not a "cookie" but is covered by PECR. The data is held only on your device and is not transmitted to a server. You can clear it from your browser at any time.
3. Why consent matters and what we do
Under PECR, we may set strictly necessary cookies without your consent. For anything else (functional, analytics, marketing), we need your prior, informed consent before the cookie is set.
Today. The current set of cookies on the Platform consists of strictly necessary cookies, one functional cookie (clarence-ui-prefs) that is set only after sign‑in, and — if enabled in production — anonymous Vercel analytics. We have therefore concluded that a separate cookie consent banner is recommended for the public marketing pages once analytics is switched on, and optional while only strictly necessary cookies are present. We will deploy a banner before any analytics or behavioural tag is added to the public site.
Tomorrow. If we later add analytics, A/B testing, marketing pixels or any other non‑essential cookie, we will:
(a) deploy a compliant consent banner that gives a clear accept/reject choice with equal prominence; (b) record your consent decision and the version of the notice you saw; (c) honour your choice on the device and let you change it at any time from a "Cookie settings" link in the footer; and (d) update this Cookie Notice and the cookies table above before turning on any new tag.
4. How to control cookies in your browser
You can control cookies through your browser settings. Most modern browsers let you:
- view cookies that have been set;
- delete some or all cookies;
- block cookies from specific sites; and
- block all third‑party cookies.
Helpful links:
- Chrome: chrome://settings/cookies
- Safari: Preferences → Privacy
- Firefox: about:preferences#privacy
- Edge: edge://settings/content/cookies
Blocking strictly‑necessary cookies will stop the Platform from working — in particular, you won't be able to stay signed in.
5. Do Not Track
The Platform does not currently respond to "Do Not Track" browser signals because there is no consistent industry standard for how to do so. If a recognised standard emerges, we will update this notice.
6. Changes to this notice
We may update this Cookie Notice from time to time. We will update the "Last updated" date and the version number, and we will list material changes in the version history at /legal/version-history.
7. Contact
Questions about cookies and similar technologies: privacy@clarencelegal.ai.
Version v0.2 — prepared 2026-05-26 incorporating John's review comments on v0.1. Not yet in force.