Cookie Notice

Version … | Version Effective Date: … | UK PECR & UK GDPR | Controller: Formulize Ltd

1. What Are Cookies?

Cookies are small text files placed on your device by a website when you visit it. They allow the website to remember information about your visit — such as whether you are logged in — and to function correctly. Some cookies are essential for a website to work at all; others are used for optional purposes such as analytics or advertising.

Cookies are governed in the United Kingdom by the Privacy and Electronic Communications Regulations 2003 (UK PECR) and, where they involve personal data, by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Cookies We Use

Strictly necessary cookies only. Formulize currently uses only cookies that are essential for the Platform to function. No analytics, advertising, or tracking cookies are used. No consent is required for strictly necessary cookies under UK PECR Regulation 6(4).

2.1 Strictly necessary cookies

Cookie name	Provider	Purpose	Expiry
.AspNetCore.Identity.Application	Formulize	Authentication — keeps you logged in to your account. Set when you sign in and cleared when you sign out or when the session ends. Without this cookie the Platform cannot confirm your identity and you will not be able to access your account.	Session (or up to 14 days if "Remember me" is selected)
.AspNetCore.Antiforgery.*	Formulize	Security — cross-site request forgery (CSRF) protection. Ensures that form submissions and state-changing requests originate from the legitimate Platform and not from a malicious third-party site. The cookie name includes a short application-specific hash suffix.	Session
.AspNetCore.Identity.TwoFactorUserId	Formulize	Two-factor authentication (2FA) — temporarily identifies your account during a 2FA login flow before the second factor is verified. Set only if you have 2FA enabled on your account. Cleared immediately on completion or abandonment of the login flow.	Session
.AspNetCore.Identity.TwoFactorRememberMe	Formulize	Two-factor authentication — remembers a trusted device so that you are not prompted for your second factor on every login from the same browser. Set only if you have 2FA enabled and choose to trust a device. Can be cleared by signing out or removing it via your browser settings.	30 days

No session cookie: The Platform is built on Blazor Server, which maintains your active connection via a secure WebSocket (SignalR) rather than an HTTP session cookie. No session cookie is set.

2.2 Cookies we do not use

Not in use: Analytics cookies (e.g. Google Analytics) · Advertising or retargeting cookies · Social media cookies · Third-party tracking pixels · Fingerprinting or supercookies.

3. Legal Basis and Consent

All cookies listed in Section 2.1 are strictly necessary for the operation of the Platform. Under UK PECR Regulation 6(4), consent is not required for cookies that are strictly necessary to provide a service that the user has explicitly requested. You do not need to accept a consent banner to use the Platform.

If we introduce non-essential cookies in the future — for example, analytics cookies to help us understand how the Platform is used — we will implement a consent mechanism before those cookies are set, update this Notice, and notify registered users at least 30 days in advance in accordance with our Privacy Notice.

4. How to Manage or Delete Cookies

Because the cookies we set are strictly necessary, blocking or deleting them will prevent the Platform from working correctly. Specifically:

Deleting or blocking .AspNetCore.Identity.Application will sign you out immediately and prevent you from signing back in.
Blocking the antiforgery cookie will cause login and form submission failures.
Deleting .AspNetCore.Identity.TwoFactorRememberMe will require you to complete your second factor on your next login.

You can manage cookies through your browser settings. The links below provide instructions for the most common browsers:

5. Third-Party Cookies

We do not allow any third party to set cookies on the Platform. All cookies described in this Notice are set solely by Formulize Ltd (first-party cookies). If you follow a link from the Platform to a third-party website, that website's own cookie policy applies.

Cloudflare Turnstile (registration page only): The Platform uses Cloudflare Turnstile for CAPTCHA verification on the registration page. A Cloudflare script is loaded on that page to verify that the request is made by a human rather than an automated bot. Turnstile does not set cookies on our Platform; it processes your IP address and browser signals to generate a one-time verification token that is validated server-side. Cloudflare is listed as a sub-processor in our Privacy Notice. Turnstile is not used on any other page of the Platform.

6. Changes to This Notice

We will update this Notice when we make any change to the cookies we use. The version number and Version Effective Date at the top of this page will be updated accordingly. For material changes — particularly the introduction of any non-essential cookies — we will notify registered users by email at least 30 days before the change takes effect and will implement a consent mechanism before any non-essential cookie is set.

7. Contact Us

If you have any questions about our use of cookies, please contact us at privacy@formulize.io or write to us at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

If you are unhappy with how we handle cookies, you have the right to complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.