HENLEY EDUCATION

COOKIE POLICY

Last updated: March 13, 2026

1. What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, work more efficiently, and to provide information to site owners. We also use localStorage — a similar browser feature that stores data locally on your device but is never transmitted to our servers automatically.

2. How We Use Cookies and Local Storage

Henley Education uses cookies and localStorage for:

Essential functionality: Authentication, session management, and security (CSRF protection)
Functional preferences: Remembering your chosen theme (dark/light mode) and preserving practice session state across page refreshes
Payment processing: Stripe sets cookies on the checkout page to detect fraud and manage your payment session

We do not use advertising, behavioural tracking, or profiling cookies of any kind.

3. Essential Cookies (Cannot Be Disabled)

These cookies are strictly necessary for the platform to function. The site cannot work without them.

Cookie / Storage Item	Purpose	Duration	Type
`henley_session`	Keeps you logged in during your visit. Stores your user ID and role server-side.	24 hours	Essential
CSRF token (meta tag)	Prevents cross-site request forgery attacks on form submissions and API calls.	Per session	Essential
Parent session token	Separate secure token for the parent portal, stored server-side and validated on every request.	Per session	Essential
`cookies_functional` (localStorage)	Stores your functional cookie preference so the consent banner is not shown on every visit.	Until cleared	Essential

4. Functional Local Storage (Optional)

These items are stored in your browser's localStorage, not transmitted as cookies. They improve your experience but are not required for the platform to work. You can disable them below or via your data settings page.

Storage Key	Purpose	Duration	Type
`theme`	Remembers whether you chose dark or light mode.	Until cleared	Functional
Practice session keys (timer start, timer total, seen question IDs, seen date)	Preserves your in-progress practice session timer and seen questions across page refreshes. Prevents losing your place if the page is accidentally reloaded.	Until practice session ends or cleared	Functional

5. Third-Party Services

The following third parties may set cookies or log network requests when you use certain parts of the platform:

Stripe (Payment Processing)

Service	When Active	Purpose	Type
Stripe JS (`js.stripe.com/v3/`)	Checkout/payment page only	Fraud prevention, payment session management. Stripe sets its own cookies governed by their privacy policy.	Third-Party

Stripe is PCI-DSS compliant. See Stripe's Privacy Policy for details of cookies they set.

Content Delivery Networks (CDNs)

The platform loads fonts and UI assets from external CDNs. These CDNs may log your IP address in their access logs but do not set tracking cookies:

Google Fonts (fonts.googleapis.com / fonts.gstatic.com) — loads the Inter typeface used across the site
jsDelivr (cdn.jsdelivr.net) — Bootstrap CSS/JS for UI layout
Cloudflare CDN (cdnjs.cloudflare.com) — Bootstrap and FontAwesome icons

No consent is required for CDN asset loading under most GDPR interpretations, but we disclose it here for full transparency.

6. Your Cookie Preferences

Manage Preferences Here

Essential — Required for login and security (cannot be disabled) Functional — Theme preference and practice session state Analytics — Not currently used

✓ Saved

You can also manage preferences from your data settings page at any time.

Browser Settings

You can block or delete cookies through your browser settings. Note that blocking essential cookies will prevent you from logging in:

Chrome: Settings → Privacy and security → Site Settings → Cookies
Firefox: Options → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Site permissions → Cookies and site data

7. Children and Young People

Our platform is used by secondary school students, some of whom may be under the age of 13. We take the ICO's Age Appropriate Design Code (Children's Code) seriously:

We do not use advertising, behavioural tracking, or profiling cookies
No cookie or localStorage data is used to target, profile, or serve content to children
All AI processing of student data uses anonymised inputs with no personally identifiable information
Schools act as data controllers for their pupils and are responsible for ensuring appropriate consent mechanisms are in place

8. Updates to This Policy

We may update this policy to reflect changes in technology, legislation, or our services. We will update the "Last updated" date at the top of this page when changes are made.

9. Contact Us

Questions About Our Cookie Policy?

Email: privacy@henleyed.co.uk
Response time: Within 5 working days
Subject line: "Cookie Policy Enquiry"

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Back to Platform Privacy Policy Data Settings