Cookie Policy

This Cookie Policy explains how IncorpAssist (“we”, “us”, “our”) uses cookies and similar storage technologies when you access incorpassist.com (the “Service”). This Policy should be read alongside our Privacy Policy, which sets out the broader legal basis and data-subject rights framework applicable to our processing.

1. What Are Cookies?

Cookies are small text files placed on your browser or device by a website when you visit it. They are widely used to make websites work or work more efficiently, to remember your preferences, and to provide analytical or advertising information to website operators. Cookies are typically categorised as:

• Session cookies: temporary files deleted automatically when you close your browser
• Persistent cookies: files that remain on your device for a set period or until you manually delete them
• First-party cookies: set by the domain you are visiting directly (incorpassist.com)
• Third-party cookies: set by a domain other than the one you are visiting, typically via embedded scripts, fonts, or other resources loaded from external servers

This Policy also covers similar storage technologies, including browser localStorage and sessionStorage. Unlike HTTP cookies, localStorage entries are not automatically transmitted to any server with each request; they are confined to the browser on your device. Under the EU ePrivacy Directive and UK Privacy and Electronic Communications Regulations 2003 (PECR), the consent rules applicable to cookies apply broadly to any technique that stores or accesses information on a user’s terminal equipment.

2. Storage Technologies Used by IncorpAssist

We set no first-party HTTP cookies on your device. We use browser localStorage exclusively for the following strictly functional purposes:

Because these entries are stored in localStorage rather than as HTTP cookies, they technically fall outside the strict definition of “cookies” under the EU ePrivacy Directive and are not subject to the same consent requirement under UK PECR as tracking or analytics cookies. However, in the interest of full transparency and in line with updated regulatory guidance from data protection authorities (including the ICO), we document all device-side storage here. We take the view that these uses constitute strictly necessary storage that does not require opt-in consent under Regulation 6 PECR. You may clear any of these entries at any time. See Section 7 for instructions.

3. Third-Party Cookies and Trackers

The following third parties may set cookies or process personal data in connection with your use of the Service. IncorpAssist does not control the cookie-setting behaviour of these third parties and is not responsible for their privacy practices.

3.1 Google LLC: Web Fonts

We load typefaces from the Google Fonts service via the domains fonts.googleapis.com and fonts.gstatic.com, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When your browser loads a page, it sends a request to Google’s servers that includes your IP address and browser user-agent string as technical HTTP metadata. Google has published documentation confirming that the Google Fonts API does not log personally identifying information and that data received via the Fonts API is not used to build advertising profiles or for targeted advertising.

3.2 Google LLC: Analytics (Google Analytics 4)

We use Google Analytics 4 (“GA4”), operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA4 is implemented with Consent Mode v2, which means analytics measurement is denied by default. GA4 only activates full measurement (including setting client-identifier cookies) when you explicitly accept analytics via our cookie consent banner. Your choice is stored in your browser and honoured on every subsequent visit.

When consent is denied (default), GA4 operates in a cookieless modelling mode. No client-identifier cookie is set, but Google may receive aggregate page-level signals used for statistical modelling. For details on opting out see Section 6.

3.3 Vercel Inc.: Hosting Infrastructure

Our website is hosted and delivered via Vercel’s global edge network. Vercel’s infrastructure may set technically necessary cookies, for example for load balancing, session routing, or DDoS protection at the edge. These are strictly necessary for the delivery of the Service and are not used for advertising, tracking, or profiling of individual users. Vercel does not use data collected through hosting infrastructure for its own marketing purposes. For details, see Vercel’s Privacy Policy.

3.4 Functional Software, Inc. (dba Sentry): Error Monitoring

We use Sentry to capture software errors and a small sample of performance traces in production, operated by Functional Software, Inc. (dba Sentry), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. The Sentry browser SDK is loaded from browser.sentry-cdn.com and beacons error and performance events to *.ingest.sentry.io.

Sentry sets no HTTP cookies. The SDK does not store a persistent identifier in your browser. Sentry is configured with sendDefaultPii: false, which disables transmission of IP addresses, request cookies, and request headers. Performance-trace sampling is set to 10%. For full disclosure of data categories transmitted to Sentry and retention periods, see our Subprocessors page.

3.5 Formation Service Partners: Affiliate and Referral Links

IncorpAssist displays referral links to third-party formation service providers (including, without limitation, Stripe Atlas, Clerky, Osome, Sleek, and Healy Consultants). These links may contain affiliate or referral tracking parameters appended to the URL query string. When you click such a link, you navigate away from incorpassist.com and interact directly with the third-party’s website, which may set its own cookies (including analytics, marketing, affiliate-tracking, and personalisation cookies) subject to that website’s own privacy and cookie policies.

These cookies are set by the third-party partner domain, not by incorpassist.com, and are activated only when you choose to click a referral link. We may receive aggregate referral metrics from partners (such as anonymised click or conversion counts). We do not receive your personal data from partners as a direct result of affiliate referral tracking. We strongly recommend reviewing each partner’s cookie policy before submitting personal information to them.

4. Cookie Categories: EU ePrivacy Directive and UK PECR

The EU ePrivacy Directive (Directive 2002/58/EC, as amended by 2009/136/EC) and the UK Privacy and Electronic Communications Regulations 2003 (PECR) classify cookies into categories based on their function and the extent to which they require user consent. Our use of storage technologies in each category is as follows:

5. Global Privacy Control and Do Not Track

Global Privacy Control (GPC) is a browser-level signal that communicates a user’s preference to opt out of the sale or sharing of their personal information for cross-context behavioural advertising. Under the California Privacy Rights Act (CPRA, Cal. Civ. Code §1798.135(b)), businesses that sell or share personal information must treat a GPC signal as a valid opt-out request.

Because we do not sell or share personal information as those terms are defined under the CCPA/CPRA, and because we do not deploy advertising or tracking technologies that would require responding to GPC signals, no opt-out action beyond our existing practices is required. We recognise the GPC signal and confirm that its presence does not result in any change in our data practices, as we already do not sell or share your data.

Similarly, we respect the spirit of browser Do Not Track (DNT) signals. Because we do not track users across third-party websites and do not set behavioural advertising cookies, we apply consistent data minimisation practices to all users regardless of DNT signal status.

6. UK PECR: Additional Disclosure

For UK users, our use of storage technologies is governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426), as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208), collectively referred to as “PECR”.

Under Regulation 6 PECR, a person must not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the subscriber or user has been provided with clear and comprehensive information about the purposes of the storage or access and has given their consent, except where such storage or access is strictly necessary for the provision of an information society service explicitly requested by the subscriber or user.

We rely on the strictly necessary exemption for all our localStorage entries:

• incorpassist-draft is strictly necessary to maintain wizard session state across page loads. Without this entry, the multi-step wizard would lose all answers on every navigation event, rendering the Service non-functional for its core purpose.
• theme is functional preference storage enabling the website to load in the user’s chosen theme without a disruptive flash of incorrect styling (FOIT/FOUC). We acknowledge that this may not strictly satisfy the “strictly necessary” exemption under a narrow reading of PECR; however, it is a minimal, non-tracking preference that we consider falls within the spirit of functional necessity.
• cookie-consent is strictly necessary to avoid repeatedly displaying the consent notice to users who have already acknowledged it. Storing this entry is logically essential to the operation of any consent or notice mechanism.

We have implemented a cookie notice to ensure UK users are informed of our storage practices prior to or upon first use of the Service. We welcome any questions regarding our PECR compliance at privacy@incorpassist.com. Users may also contact the Information Commissioner’s Office (ICO) at ico.org.uk.

7. Managing Cookies and Local Storage

You have the right to control how cookies and storage technologies operate on your device. The options available to you are described below.

Browser Cookie Controls

Most browsers allow you to view, block, or delete cookies via their privacy and security settings. Blocking Vercel infrastructure cookies may affect website availability in edge cases. Blocking all third-party cookies (including from Google) will affect font rendering (causing fallback system fonts to be used) but will not impair the core functionality of IncorpAssist.

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and Site Permissions
• Brave: Settings → Privacy and Security → Cookies

Additional cookie management resources: aboutcookies.org / allaboutcookies.org.

Opting Out of Google Fonts

To prevent your browser from making requests to Google Fonts servers, you may:

• Use a content-blocking browser extension (such as uBlock Origin) with a custom filter targeting fonts.googleapis.com and fonts.gstatic.com
• Configure your browser’s content-blocking settings to block requests from Google domains

Blocking Google Fonts will cause your browser to fall back to system fonts, which may alter the visual appearance of the website but will not affect its functionality.

Clearing IncorpAssist Local Storage

To delete IncorpAssist’s localStorage entries from your browser:

• Open your browser’s developer tools (F12 or right-click → Inspect) → Application or Storage tab → Local Storage → incorpassist.com → right-click individual keys and select Delete, or right-click the domain and select Clear to remove all entries
• Use your browser’s privacy settings: Settings → Privacy / Site Data → Clear data for incorpassist.com
• Use the “Reset” or “Start over” button in the wizard results view to clear the incorpassist-draft key

Clearing the cookie-consent entry will cause the cookie notice to reappear on your next visit, which is the expected behaviour.

8. Changes to This Policy

We may update this Cookie Policy from time to time, for example if we introduce new analytics tools, add third-party integrations, or in response to changes in applicable law or regulatory guidance (including updated ICO or EDPB guidance on cookies and consent). Material changes will be reflected in a revised “Last updated” date at the top of this page and, where appropriate, in a prominent notice on the website. We encourage you to review this Policy periodically.

9. Contact

For questions about this Cookie Policy or our use of storage technologies, please contact us at: privacy@incorpassist.com

UK residents may also contact the Information Commissioner’s Office (ICO) (the UK supervisory authority for data protection and PECR) at ico.org.uk if they have concerns about our use of cookies or similar technologies that have not been resolved to their satisfaction.