Cookie Notice for the Trustworthy and Ethical Assurance Platform

This Cookie Notice explains how the Trustworthy and Ethical Assurance (TEA) Platform ("we", "us", or "our") uses cookies on our website, https://assuranceplatform.azurewebsites.net/ (the "Platform"). This notice is designed to help you understand what cookies are, why we use them, and your choices regarding their use.

What are Cookies?

Cookies are small text files that are stored on your computer or mobile device by your web browser when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the website owners.

How We Use Cookies

The TEA Platform uses cookies exclusively for essential functionalities. These cookies are strictly necessary for the operation of our Platform, particularly for user authentication and session management. Without these cookies, registered users would not be able to log in and access the core features of the TEA Platform securely.

We do not use cookies for:

  • Tracking your browsing activity across other websites.
  • Marketing or advertising purposes.
  • Analytics on anonymous users before login.

Types of Cookies We Use (Essential Cookies)

The following are the essential cookies used by the TEA Platform. These are set by NextAuth.js, the authentication library we use:

  • next-auth.csrf-token
    • Purpose: Helps protect against Cross-Site Request Forgery (CSRF) attacks, enhancing the security of your interactions with the Platform.
    • Duration: Session cookie (expires when you close your browser) or for a short, fixed period for security.
  • next-auth.callback-url
    • Purpose: Stores the URL the user was trying to access before being redirected to log in. This allows the Platform to redirect you back to your intended page after successful authentication.
    • Duration: Session cookie (expires when you close your browser).
  • next-auth.session-token
    • Purpose: Stores your session information, allowing you to stay logged in as you navigate the Platform. This is fundamental for accessing features available only to registered and authenticated users.
    • Duration: This is a session cookie that typically persists for the duration of your browsing session or for a pre-defined secure session length to keep you logged in.

Note: The exact names and precise behaviour of these cookies may be subject to minor changes by the NextAuth.js library. We will endeavor to keep this notice updated with significant changes.

Why These Cookies Are Essential

These cookies are classified as "strictly necessary" because:

  • They enable you to log in and access secure areas of the Platform.
  • They help maintain the security and integrity of your session.
  • The Platform cannot provide the authenticated services you request without them.

Your Choices Regarding Cookies

When you first visit our Platform, you will see a cookie banner informing you about our use of essential cookies.

Because the cookies we use are strictly necessary for registered users to log in and use the Platform's features:

  • You cannot opt-out of these essential cookies if you wish to log in and use the authenticated sections of the TEA Platform.
  • If you do not wish for these cookies to be placed on your device, you can choose not to register or log in to the Platform.
  • You can always manage or delete cookies through your browser settings. However, please be aware that if you block or delete our essential cookies, you will not be able to log in or use certain parts of the Platform. Instructions for managing cookies in popular browsers can typically be found in the browser's "Help" section or by searching online.

Data Protection and GDPR Compliance

We are committed to protecting your privacy and complying with data protection laws, including the General Data Protection Regulation (GDPR) and UK data protection laws.

The use of strictly necessary cookies, such as those for authentication and security, is permissible under GDPR (Article 6(1)(b) - processing is necessary for the performance of a contract to which the data subject is party, or Art. 6(1)(f) legitimate interest, balanced with user rights). We provide this notice to ensure transparency about their use.

Third-Party Cookies

Currently, the TEA Platform itself primarily uses the first-party essential cookies listed above for its core authentication functionality.

If you choose to authenticate using a third-party provider (e.g., GitHub), that provider will set its own cookies as part of their authentication process. These cookies are governed by the respective third-party's cookie policy, which you should review. The TEA Platform does not control these third-party cookies once you are on their domain for authentication.

Changes to This Cookie Notice

We may update this Cookie Notice from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We encourage you to review this notice periodically to stay informed about how we use cookies.

Contact Us

If you have any questions about our use of cookies or this Cookie Notice, please raise an issue via our GitHub repository: https://github.com/alan-turing-institute/AssurancePlatform/issues

As this is preview only it should not to be used for business critical use cases.

We use cookies

This site uses essential cookies to support authentication of registered users only.