Cookie policy

What we store, and why.

The small files PracticaCPD writes to your browser, what each one does, and how to change your mind any time.

Last updated 15 May 2026

Overview

PracticaCPD uses two kinds of cookies: essential ones (required for the site to work) and analyticsones (so we can see which features matter and which don't).

Essential cookies are always on — without them, you can't stay signed in. Analytics cookies are off by default; you decide per-category in the consent banner (Accept all, Essential only, or Customise individual categories). We don't use advertising cookies, behavioural profiling, fingerprinting, or any third-party trackers beyond Google Analytics.

What are cookies

A cookie is a small file your browser stores when you visit a website. Some are written by the site you visited; others are written by third parties (like Google Analytics) when their scripts load. Cookies persist between visits, which is how a site remembers that you're signed in or which preferences you've set.

LocalStorage and IndexedDB are similar — also covered by this policy where we mention them.

Essential cookies

These run regardless of your consent choice because the platform doesn't function without them. We use the minimum required.

Name	Set by	Purpose	Lifetime
sb-*-auth-token	Supabase	Keeps you signed in across page loads.	Session + refresh
pcpd_consent	PracticaCPD	Remembers your cookie consent choice so you don't see the banner on every visit.	12 months
__stripe_*	Stripe	Fraud prevention on the checkout pages. Set only when you visit a Stripe-hosted page.	Up to 1 year

Analytics cookies

Analytics cookies are off by default and only run if you click “Accept all” in the consent banner. Google's Consent Mode v2 keeps the tag dormant until you opt in — no analytics storage, no event collection.

Name	Set by	Purpose	Lifetime
_ga	Google Analytics 4	Distinguishes unique visitors with an IP- anonymised client identifier.	2 years
_ga_*	Google Analytics 4	Maintains session state for the analytics property.	2 years

We've configured Google Analytics with IP anonymisation, Google signals disabled, and ad personalisation disabled. The data we collect is aggregate behavioural — which pages get visited, how long sessions last, which features get clicked — and is never tied to your AHPRA number, CPD records, or any other identifying field stored in PracticaCPD.

Third parties

The only third parties that may write cookies through PracticaCPD are Supabase (auth, on every page; essential), Stripe (only on checkout pages; essential), and Google Analytics 4(only after consent; analytics). We don't embed Facebook pixels, LinkedIn insights, Twitter scripts, retargeting SDKs, or any advertising network.

Change your mind

You can revoke, grant, or fine-tune your consent at any time:

Or scroll to the bottom of any page and click Cookies in the footer. The Customise view shows a toggle for each non-essential category; flick analytics off and Google Analytics stops recording on the very next page load.

Browser-level controls

Every modern browser lets you block or delete cookies site-by-site. Look for “Site settings”, “Privacy & security”, or “Cookies and site data” in your browser's settings. Blocking essential cookies will sign you out and prevent payment from completing, but is your right.

PracticaCPD respects the Global Privacy Control (GPC) signal — if your browser sends GPC headers, we treat that as a “decline analytics” choice and won't show the banner.

Changes to this policy

If we add a new cookie or third-party tool, we'll update this page and reset everyone's consent cookie so the banner reappears for fresh consent. Material changes will also be announced by email to active users.

Contact

Questions about cookies, or want details on a specific one we've missed: support@practicacpd.com.au. Our full Privacy Policy covers everything beyond cookies.