V2.0 12/03/2026
Cookie Policy
1. Our Privacy Commitment
InvestEngine (‘we’, ‘us’, ‘our’) operates on a Privacy by Design basis. This policy explains how we use cookies, web beacons, pixels, and Mobile SDKs (Software Development Kits) to provide a secure and efficient investment service.
This document is compliant with the Data Protection Act 2018, the UK GDPR, and the Privacy and Electronic Communications Regulations (PECR), including the Data (Use and Access) Act 2026 amendments.
2. Categorisation of Technologies
We categorise our tracking technologies based on their technical necessity and legal impact.
| Category | Purpose & Use Case | Legal Basis (UK/EU) | Default Status |
|---|---|---|---|
| Strictly Necessary | Essential for secure login, fraud prevention (AML), and platform stability. Without these, our service cannot function. | Legitimate Interests (PECR Exempt) | Always On |
| Statistical | Used for aggregate audience measurement, identifying technical faults, and service improvement (e.g. counting dashboard visits). | Legitimate Interests (DUAA 2026 Exemption) | Opt-in |
| Functional | Remember choices you make to personalise your experience, such as your language or ETF "Watchlist". | Explicit Consent (UK GDPR) | Opt-in |
| Marketing | Used to attribute app installs to campaigns and show relevant InvestEngine news on third-party platforms. | Explicit Consent (UK GDPR) | Opt-in |
3. Consent Management: ‘Parity of Choice’
In accordance with ICO guidelines, we ensure that rejecting non‑essential tracking is as simple and prominent as accepting it.
- Web Control: You can modify your preferences at any time via the 'Cookie Settings' link in our website footer.
- Mobile App Control: Privacy & Tracking to toggle SDK permissions is being implemented.
4. International Data Transfers
Where we utilise service providers (e.g. AWS, Google) that process data outside the UK or EEA, we ensure compliance via International Data Transfer Agreements (IDTAs). These provide the same level of protection for your personal information as required under UK law. Further information can be found in our Privacy Policy.
5. Contact the Data Protection Team
If you have any questions regarding this policy or our use of cookies and SDKs, please contact our Data Protection Officer:
Email: privacy@investengine.com
Appendix 1: Technical Service Table
This list is audited periodically to ensure accuracy.
Third‑Party SDK & Data Collection Summary
| Provider | Category | Platforms | Identifiers Collected |
|---|---|---|---|
| Marketing / Statistical | iOS, Android, Web | IDFA, GAID, Device ID | |
| Meta | Marketing | iOS, Android, Web | IDFA, GAID |
| Amplitude | Statistical | iOS, Android, Web | Device ID, GAID |
| Appsflyer | Marketing / Statistical | iOS, Android | IDFA, GAID, Device ID |
| TikTok | Marketing | Web | Pixel / Browser Cookies |
| Customer.io | Functional / Marketing / Statistical | iOS, Android, Web | IDFA, GAID |
| TrustPilot | Marketing | Web | Browser Cookies / Order IDs |
What Cookies we use and why
| Type | Name | Service | Domain | Notes | TTL |
|---|---|---|---|---|---|
| Strictly Necessary | AEC | .google.com | Used to detect spam | 180d | |
| Strictly Necessary | AMP_bb6e3000ff | Amplitude | .investengine.com | Amplitude first-party state cookie used to persist analytics identity and configuration across visits. | 365d |
| Strictly Necessary | CookieScriptConsent | CookieScript | .investengine.com | This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly. | 395d |
| Strictly Necessary | FPGSID | .investengine.com | This cookie is used to preserve user session state across page requests. | 30m | |
| Strictly Necessary | INGRESSCOOKIE | NGINX | investengine.com | Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. | Session |
| Strictly Necessary | VISITOR_PRIVACY_METADATA | YouTube | .youtube.com | This cookie is used to store the user's consent and privacy choices for their interaction with the site. It records data on the visitor's consent regarding various privacy policies and settings, ensuring that their preferences are honored in future sessions. | 180d |
| Strictly Necessary | __Secure-ROLLOUT_TOKEN | Google / YouTube | .youtube.com | YouTube / Google rollout token used to assign the browser to staged feature launches and measure their impact. | 180d |
| Strictly Necessary | __cf_bm | Cloudflare | .blog.investengine.com / .help.investengine.com / .t.co / .twitter.com | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | 30m |
| Strictly Necessary | __cfruid | Cloudflare | Cloudflare rate-limiting cookie used to manage incoming traffic and improve visibility into the origin of a request. | Session | |
| Strictly Necessary | _help_center_session | Zendesk Guide | help.investengine.com | Stores a unique Help Center session key so the Zendesk Guide help centre can work correctly during the browsing session. | Session |
| Strictly Necessary | _tt_session | Teamtailor | careers.investengine.com | Used by Teamtailor to keep the visitor context on the careers site, including keeping the user logged in when needed. | 2d |
| Strictly Necessary | cf_clearance | Cloudflare | .investengine.com | This cookie is used by the CloudFlare service to identify trusted web traffic and override any security restrictions based on the visitor's IP address. It is essential for supporting a website's security features and in providing protection against malicious visitors. | 365d |
| Strictly Necessary | ie-campaign-tye-2026 | InvestEngine | investengine.com | First-party campaign cookie used to persist the active InvestEngine campaign or promotional variant for attribution and personalisation. | 1d |
| Strictly Necessary | ie_device_id | InvestEngine | investengine.com | First-party device identifier observed in runtime browser cookies. | 365d |
| Strictly Necessary | passport_csrf_token | TikTok | .tiktok.com | CSRF protection cookie observed in runtime browser cookies. | 60d |
| Strictly Necessary | passport_csrf_token_default | TikTok | .tiktok.com | Default CSRF protection cookie observed in runtime browser cookies. | 60d |
| Strictly Necessary | uid | Full Circle Studies | investengine.com | This cookie provides a uniquely assigned, machine-generated user ID and gathers data about activity on the website. This data may be sent to a 3rd party for analysis and reporting. | Session |
| Analytics | AMP_TEST_2d818e70 | Amplitude | investengine.com | Amplitude A/B testing cookie used to assign the browser to an experiment or rollout cohort. | 5m |
| Analytics | AMP_TLDTEST_703fad4c | Amplitude | .investengine.com | Amplitude test cookie used during top-level-domain checks and experiment setup for A/B testing. | 5m |
| Analytics | AMP_TLDTEST_9c2268b4 | Amplitude | .investengine.com | Amplitude test cookie used during top-level-domain checks and experiment setup for A/B testing. | 5m |
| Analytics | AMP_TLDTEST_dd0129eb | Amplitude | .investengine.com | Amplitude test cookie used during top-level-domain checks and experiment setup for A/B testing. | 5m |
| Analytics | ANONCHK | Microsoft | .c.clarity.ms | Stores a session identifier so clicks from Bing adverts can be verified for reporting and personalisation. | 600s |
| Analytics | CLID | Microsoft | www.clarity.ms | Identifies the first-time Clarity saw this user on any site using Clarity. | 365d |
| Analytics | FPLC | Google Analytics | .investengine.com | Links user identity across domains to support analytics attribution and cross-domain measurement. | 20h |
| Analytics | SM | Microsoft | .c.clarity.ms | Stores non-personally identifiable information and is used to synchronise the Microsoft unique user ID (MUID) across Microsoft domains. | Session |
| Analytics | _cioanonid | Customer IO | .investengine.com | This cookie is used to identify and track visitors anonymously to improve their user experience and collect information about website usage. | 365d |
| Analytics | _clck | Microsoft | .investengine.com | Persists the Clarity User ID and preferences, unique to that site, on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. | 365d |
| Analytics | _clsk | Microsoft | .investengine.com / investengine.com | Connects multiple page views by a user into a single Clarity session recording. | 1d |
| Analytics | _cltk | Microsoft | Installed by Microsoft Clarity and stores information about how visitors use the website. | Session | |
| Analytics | _ga | Google Analytics | Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | 365d | |
| Analytics | _ga_* | Google Analytics | Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. | 365d | |
| Analytics | _gat | Google Analytics | Used to monitor number of Google Analytics server requests when using Google Tag Manager. | 60s | |
| Analytics | _gid | Google Analytics | Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | 1d | |
| Analytics | _gtmeec | Google Analytics | .investengine.com | Set by Google Tag Manager as part of Event Enhancement to enrich event data and improve conversion attribution. | 90d |
| Analytics | ab_variant_onboarding-assistant | InvestEngine | investengine.com | First-party experiment cookie that stores the assigned variant for the onboarding-assistant A/B test. | 30d |
| Analytics | amp_device_id | Amplitude | .investengine.com | Amplitude device identifier used to recognize the browser or device across visits and associate analytics events. | 365d |
| Analytics | sa-user-id | StackAdapt | .srv.stackadapt.com / investengine.com / tags.srv.stackadapt.com | This cookie is used to track user interaction and behavior on the website. It collects anonymous data about the user's visits, such as the number of visits, average time spent on the website, and what pages have been loaded. This information is used to improve the user's experience by customizing our page content based on the visitor's browser type and/or other information. | 365d |
| Analytics | sa-user-id-v3 | StackAdapt | .srv.stackadapt.com / investengine.com / tags.srv.stackadapt.com | This cookie is used to collect information about how visitors interact with a website. It is typically used for tracking and analytics purposes to improve the user experience and site performance. | 365d |
| Analytics | sgtm_ga | .investengine.com | Server-side Google tag / GA cookie used to preserve first-party analytics identifiers and session state when measurement is routed through a tagging server. | 395d | |
| Analytics | sgtm_ga_XT0HYVN11N | .investengine.com | Server-side Google tag / GA cookie for a specific property, used to preserve first-party analytics identifiers and session state. | 395d | |
| Functional | CookieControl | Cookie Control | .amplitude.com | Consent-related cookie observed in runtime browser cookies. Added from live browser inspection. | 90d |
| Functional | FPAU | Google Ads | .investengine.com | Used by Campaign Manager, Display & Video 360, Google Ads and Search Ads 360 to store interaction and attribution data for ad performance measurement. | 90d |
| Functional | SOCS | Stores a user's state regarding their cookie choices. | 30d | ||
| Functional | __ddg1_ | Career site CDN | Career-site support cookie used to maintain a browser-level identifier for functionality, delivery, or security on the careers site. | 365d | |
| Functional | _cfuvid | Cloudflare | .help.investengine.com | Used by Cloudflare WAF to distinguish individual users sharing the same IP address and apply rate limits. | Session |
| Functional | _tt_enable_cookie | TikTok | .investengine.com | Used by TikTok for tracking the use of embedded services. | 90d |
| Functional | bcookie | .linkedin.com | Used for sharing website content via social media. | 365d | |
| Functional | customerly_jwt | Customerly | .cookie… | Customerly JWT/auth-style cookie observed in runtime browser cookies. | 365d |
| Functional | customerly_sid | Customerly | .cookie… | Customerly session identifier cookie observed in runtime browser cookies. | 365d |
| Functional | dpr | .facebook.com | Facebook display preference cookie observed in runtime browser cookies. | 7d | |
| Functional | gb_variant_gb-aa-test-validation_1774494656991-julrydvz8q | InvestEngine | investengine.com | First-party experiment cookie that stores the assigned variant for the gb-aa-test-validation A/B test. | 30d |
| Functional | intercom-device-id-gjvo8fgi | Intercom | .amplitude… | Intercom device identifier cookie observed in runtime browser cookies. | 270d |
| Functional | intercom-session-gjvo8fgi | Intercom | .amplitude… | Intercom session cookie observed in runtime browser cookies. | 7d |
| Functional | li_gc | .linkedin.com | Used by LinkedIn to store consent of guests regarding the use of cookies for non-essential purposes. | 180d | |
| Functional | lidc | .linkedin.com | Used by LinkedIn for routing. | 1d | |
| Functional | org_login_production | Amplitude / Auth | .amplitude… | Organisation login cookie observed in runtime browser cookies. | 365d |
| Functional | tildasid | Tilda | Tilda ID. | 10m | |
| Functional | tildauid | Tilda | Tilda visitor identifier used to support site functionality and persist visitor or session-related state on Tilda-built pages. | 90d | |
| Functional | wd | .facebook.com | Facebook window/device state cookie observed in runtime browser cookies. | 7d | |
| Functional | x_debug | InvestEngine | investengine.com | First-party debugging and diagnostics cookie used to persist client-side debug state. | 365d |
| Advertising | AMP_MKTG_bb6e3000ff | Amplitude | .investengine.com | Amplitude marketing-state cookie used to persist attribution and marketing-related analytics state across visits. | 365d |
| Advertising | FPID | .investengine.com | This cookie is used to track user behavior and preferences to provide a more personalized experience. | 395d | |
| Advertising | IDE | Doubleclick | .doubleclick.net | DoubleClick / Google Ads cookie used for ad targeting, campaign analysis, and conversion measurement. | 730d |
| Advertising | IR_* | Impact | Impact.com affiliate cookie family used to link referral clicks, sessions, and conversions for attribution and reporting. | Session | |
| Advertising | IR_13581 | Impact.com | .investengine.com | Impact.com affiliate tracking cookie used to attribute referrals and conversions to a partner or campaign. | Session |
| Advertising | IR_gbd | Impact | .investengine.com | Used to measure the success of affiliate marketing activity and attribute sales to an affiliate partner. | Session |
| Advertising | MR | Microsoft | .c.bing.com | Used by Microsoft Clarity to indicate whether to refresh MUID. | 7d |
| Advertising | MSPTC | Microsoft Bing | .bing.com | Registers visitor data used to optimize advertisement relevance. | 365d |
| Advertising | MUID | Microsoft | .bing.com / .clarity.ms | Microsoft User Identifier tracking cookie used by Bing Ads. It can be set by embedded Microsoft scripts and is widely believed to sync across many Microsoft domains, allowing user tracking. | 365d |
| Advertising | NID | Used to show Google ads in Google services for signed-out users. | 180d | ||
| Advertising | SRM_B | Microsoft Bing | .c.bing.com | Identifies unique web browsers visiting Microsoft sites. | 365d |
| Advertising | VISITOR_INFO1_LIVE | .youtube.com | This cookie is set by YouTube to keep track of user preferences for YouTube videos embedded in sites; it can also determine whether the website visitor is using the new or old version of the YouTube interface. | 180d | |
| Advertising | YSC | .youtube.com | This cookie is set by YouTube to track views of embedded videos. | Session | |
| Advertising | _fbp | .investengine.com | Facebook Pixel advertising first-party cookie. Used by Facebook to track visits across websites to deliver a series of advertisement products such as real time bidding from third party advertisers. | 90d | |
| Advertising | _gcl_au | .investengine.com | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 90d | |
| Advertising | _rdt_em | Reddit Pixel | .investengine.com | Reddit Pixel cookie used to store event-match information for ad attribution and campaign optimisation. | 90d |
| Advertising | _rdt_pn | Reddit Pixel | .investengine.com | Reddit Pixel cookie used to persist click or session information for conversion attribution and campaign measurement. | 90d |
| Advertising | _rdt_uuid | .investengine.com | Set by Reddit to help build a profile of your interests and show you relevant ads. | 90d | |
| Advertising | _ttp | TikTok | .investengine.com / .tiktok.com | This cookie is used to track user interaction and behavior on the website for site performance and usage analysis. This information is used to improve the user experience and optimize the website's functionality. | 90d |
| Advertising | _twpid | Twitter / X Pixel | .investengine.com | X / Twitter pixel identifier used to persist browser-level attribution and campaign measurement state. | 365d |
| Advertising | _uetsid | Bing / Microsoft | .investengine.com | Used by Bing to determine what ads should be shown that may be relevant to the end user browsing the site. | 1d |
| Advertising | _uetvid | Bing / Microsoft | .investengine.com | Tracking cookie used by Microsoft Bing Ads to engage with a user that has previously visited the website. | 365d |
| Advertising | c_user | .facebook.com | Facebook login identifier cookie that stores the logged-in user ID and is used together with xs to authenticate the user. | 365d | |
| Advertising | datr | .facebook.com | Facebook browser identifier used for security, site integrity, and fraud / spam prevention. | 730d | |
| Advertising | fr | .facebook.com | Facebook advertising cookie that contains a unique browser and user ID for ad delivery, targeting, and measurement. | 90d | |
| Advertising | guest_id | Twitter / X | .twitter.com | X / Twitter cookie used to identify and track the website visitor, including whether the user is signed in. | 400d |
| Advertising | guest_id_ads | Twitter / X | .twitter.com | X / Twitter advertising cookie used for ad delivery and measurement when the user is logged out. | 400d |
| Advertising | guest_id_marketing | Twitter / X | .twitter.com | X / Twitter marketing cookie used for advertising delivery and measurement when the user is logged out. | 400d |
| Advertising | muc_ads | .t.co | This cookie is used for targeting and advertising purposes. It helps track and personalize advertising content to enhance user experience. | 395d | |
| Advertising | personalization_id | .twitter.com | This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. | 395d | |
| Advertising | presence | .facebook.com | Facebook presence/session cookie observed in runtime browser cookies. | Session | |
| Advertising | receive-cookie-deprecation | Google test cookie used for Chrome cookie-deprecation / Privacy Sandbox experiments and related request-header handling. | 180d | ||
| Advertising | sa-r-date | StackAdapt | investengine.com | StackAdapt runtime attribution cookie that stores the referral or attribution timestamp for campaign measurement. | 30d |
| Advertising | sa-r-source | StackAdapt | investengine.com | StackAdapt runtime attribution cookie that stores the referral source used for campaign measurement and debugging. | 30d |
| Advertising | sa-user-id-v2 | StackAdapt | .srv.stackadapt.com / investengine.com / tags.srv.stackadapt.com | This cookie is used to identify unique visitors by assigning a randomly generated number as a client identifier. It is used to enhance the user's experience by tailoring advertisements and content to the user's interests and to improve site performance and targeting capabilities. | 365d |
| Advertising | sb | .facebook.com | Facebook browser identification cookie used for authentication, security, and related Facebook functions. | 730d | |
| Advertising | test_cookie | Doubleclick | .doubleclick.net | DoubleClick test cookie used to check whether the visitor's browser supports cookies. | 1d |
| Advertising | tt_appInfo | TikTok | TikTok Pixel cookie that stores app or page context information to help attribute events correctly. | Session | |
| Advertising | tt_pixel_session_index | TikTok | TikTok Pixel cookie that stores the current pixel session index to group events within the same browsing session. | Session | |
| Advertising | tt_sessionId | TikTok | TikTok Pixel cookie that stores a current session identifier for event attribution and session continuity. | Session | |
| Advertising | ttcsid | TikTok Pixel | .investengine.com | TikTok Pixel click or session identifier used to recognize and match events for ad attribution and optimisation. | 90d |
| Advertising | ttcsid_CBCLMF3C77U9C04LJRGG | TikTok Pixel | .investengine.com | TikTok Pixel click or session identifier scoped to a specific pixel, used for ad attribution and optimisation. | 90d |
| Advertising | twid | TikTok | .tiktok.com | TikTok identifier cookie observed in runtime browser cookies; used for attribution or embedded-service tracking. | 365d |
| Advertising | xs | .facebook.com | Facebook session / auth cookie used together with c_user to authenticate the user and store session-related information. | 365d |
Appendix 2: Glossary
| Abbreviation | Meaning |
|---|---|
| AML | Anti-Money Laundering |
| AWS | Amazon Web Services |
| DPA 2018 | Data Protection Act 2018 |
| DPO | Data Protection Officer |
| DUAA (2026) | Data (Use and Access) Act 2026 |
| EEA | European Economic Area |
| EU | European Union |
| GA / GA4 | Google Analytics (including Google Analytics 4, where applicable) |
| GAID | Google Advertising ID (Android advertising identifier) |
| GDPR | General Data Protection Regulation (UK GDPR refers to the UK version) |
| ICO | Information Commissioner's Office |
| IDFA | Identifier for Advertisers (Apple iOS advertising identifier) |
| IDTA | International Data Transfer Agreement |
| iOS | Apple mobile operating system |
| NGINX | NGINX web server / reverse proxy (often used for load balancing) |
| PECR | Privacy and Electronic Communications Regulations |
| SDK | Software Development Kit |
| TTL | Time To Live (how long a cookie persists) |
| UK | United Kingdom |
| UK GDPR | UK General Data Protection Regulation (as incorporated into UK law) |