Cookie Policy
Last updated: 24 April 2026 — Draft pending solicitor review
This Cookie Policy explains how Rubo Ltd (“Rubo”, “we”, “us”) uses cookies and similar technologies on the websites askrubo.ai and console.askrubo.ai (the “Sites”). It supplements our Privacy Policy and is written to comply with the UK Privacy and Electronic Communications Regulations 2003 (“PECR”) and the UK GDPR.
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device, remember your preferences, and deliver a reliable experience. Similar technologies — including localStorage, sessionStorage, pixel tags, server-side tracking, and SDKs in our mobile and embedded surfaces — are treated the same way under this Policy.
2. How we use cookies
We use cookies to:
- Keep you logged in and route you to your workspace.
- Remember preferences such as language, theme, and consent choices.
- Understand how visitors use the Sites so we can improve them.
- Measure the effectiveness of marketing (for consented visitors only).
- Protect the Sites from fraud and abuse.
3. Cookie categories
We group cookies into three categories. You can accept, reject, or customise cookie use via our consent banner on first visit and via the Cookie preferences link in the website footer at any time.
| Category | Purpose | Consent required | Examples |
|---|---|---|---|
| Strictly necessary | Essential for the Sites to function — authentication, session state, load balancing, CSRF protection, cookie-consent state. | No | Session cookie, auth token, consent record |
| Analytics | Help us understand how visitors interact with the Sites so we can improve them. Aggregated, pseudonymised. | Yes | Self-hosted analytics / privacy-preserving analytics |
| Marketing | Measure marketing effectiveness, re-target known business prospects, attribute conversions. | Yes | Ad-platform pixel, LinkedIn Insight Tag, email tracking pixel |
Strictly-necessary cookies operate without consent because they are essential for a service you have explicitly requested. All other categories are off by default until you opt in.
4. Specific cookies we set
The following table lists the specific cookies we use. Names and durations may change as our stack evolves; this Policy is updated in step.
| Name | Category | Purpose | Duration |
|---|---|---|---|
[TO FILL — e.g. sb-access-token] | Strictly necessary | Supabase authentication | Session |
[TO FILL — e.g. sb-refresh-token] | Strictly necessary | Supabase session refresh | 30 days |
[TO FILL — e.g. rubo-consent] | Strictly necessary | Stores your cookie-consent choices | 12 months |
[TO FILL — e.g. NEXT_LOCALE] | Strictly necessary | Language preference | 12 months |
| [TO FILL — analytics cookie] | Analytics | Aggregated visit metrics | 13 months |
| [TO FILL — marketing pixel] | Marketing | Conversion attribution | 13 months |
| [TO FILL — LinkedIn Insight] | Marketing | B2B attribution | 13 months |
Where we work with third-party providers, those providers may set their own cookies subject to their privacy policies. We will update this table as third parties are added or removed.
5. Consent and how to change your mind
On your first visit to the Sites we show a consent banner that lets you Accept all, Reject non-essential, or Customise. Your choice is recorded in a strictly-necessary cookie for 12 months.
You can change your choice at any time by:
- Clicking the Cookie preferences link in the footer.
- Clearing cookies in your browser (this will re-trigger the banner).
- Using your browser’s Do Not Track or Global Privacy Control settings where supported.
Withdrawing consent is as easy as granting it and takes effect prospectively. Strictly-necessary cookies cannot be disabled because the Sites would not function without them.
6. Browser controls
Most browsers let you:
- See and delete cookies that have been set.
- Block cookies from specific sites.
- Block third-party cookies.
- Clear all cookies when you close the browser.
Check the help pages for your browser — Chrome, Safari, Firefox, Edge, and Brave all provide granular controls.
7. Do-not-track and Global Privacy Control
We respect Global Privacy Control (GPC) signals where they indicate a clear rejection of non-essential tracking. Do-not-track signals are not standardised, so we do not currently treat a DNT header as automatic consent rejection; use the in-page banner or GPC instead.
8. Children
The Sites are not directed at children. We do not knowingly set marketing or analytics cookies on devices we believe to be used by anyone under 18.
9. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified in the consent banner so you can review and re-consent where appropriate.
Contact
Questions? Email legal@askrubo.ai (or privacy@askrubo.ai for privacy-specific).
Draft pending solicitor review. Rubo is a software tool, not a law firm.