This Cookie Policy explains how Helpsome Limited (trading as Helpsome.ai), operator of Pricebook.vet, uses cookies and similar technologies on pricebook.vet and on the embed widget served from cdn.vetprices.com and cdn.pricebook.vet. It complements the Privacy Policy.
We follow the UK Privacy and Electronic Communications Regulations (PECR) and the UK GDPR: we set only strictly necessary cookies without consent, and we set other non-essential cookies only after you give consent through our consent banner.
#1. What cookies are
Cookies are small text files stored on your device by your browser. We also use similar technologies (for example, localStorage, sessionStorage, and the odd pixel). For simplicity this policy calls them all "cookies".
#2. How to accept or reject cookies
When you first visit pricebook.vet you will see a cookie consent banner. The banner lets you:
- Accept all cookies (strictly necessary + analytics).
- Reject all non-essential cookies (only strictly necessary remain).
- Customise - choose each category individually.
You can change your choices at any time by clicking "Cookie settings" in the site footer. You can also block or delete cookies via your browser settings - though blocking strictly-necessary cookies will break parts of the dashboard (for example, staying logged in).
The banner itself is covered in issue #254 and must match the categories in this policy.
#3. Categories of cookies we use
On pricebook.vet and app.pricebook.vet we set cookies in two categories: strictly necessary (always on, needed for the site to function) and analytics (only set after you consent via the banner). We do not set functional, advertising, or cross-site tracking cookies. The embed widget served to practice websites is a separate case and is covered in §3.3.
#3.1 Strictly necessary
Needed for the site to work. Set without consent under PECR.
| Cookie | Purpose | Expiry | Set by |
|---|---|---|---|
authjs.session-token (prod: __Secure-authjs.session-token) |
Keeps you signed in to the dashboard | 30 days | Pricebook.vet |
authjs.csrf-token (prod: __Host-authjs.csrf-token) |
Protects the sign-in flow from cross-site request forgery | Session | Pricebook.vet |
authjs.callback-url (prod: __Secure-authjs.callback-url) |
Records where to return after sign-in | 30 days | Pricebook.vet |
pricebook_consent |
Records your consent choices so the banner does not keep appearing | 12 months | Pricebook.vet |
| Auth-provider cookies (e.g. Google, Microsoft) | Only if you sign in with a third-party identity provider | Provider-controlled | The chosen provider |
#3.2 Analytics
We use Google Analytics 4 (measurement ID G-QWVCBBP4S3) to understand how pricebook.vet and the dashboard are used so we can improve them. Analytics cookies are set only if you consent through the banner. If you reject analytics, these cookies are not set and Google Analytics is not loaded.
| Cookie | Purpose | Expiry | Set by |
|---|---|---|---|
_ga |
Distinguishes individual visitors with a randomised client identifier | 2 years | |
_ga_QWVCBBP4S3 |
Stores session state for the Pricebook.vet property | 2 years |
What we do and don't send to Google:
- No personal identifiers. We never pass your email, name, telephone number, or any free-text field into analytics events.
- IP addresses are anonymised by Google Analytics 4 before they are stored - this is the default GA4 behaviour and we rely on it.
- No cross-site advertising. Google Signals (cross-device tracking for advertising audiences) is turned off on our property. We do not use Google Analytics for ad targeting.
- Retention at Google. User and event data is retained for 2 months (the Google Analytics 4 default), after which it is deleted or aggregated by Google.
International transfer. Google Analytics data is processed by Google LLC in the United States. We rely on the UK-US Data Bridge (the UK extension of the EU-US Data Privacy Framework, in force since October 2023) as the adequacy mechanism for this transfer. Google LLC is a certified participant. See our Sub-processors page for the full list and our Privacy Policy for the legal basis.
#3.3 The embed widget
The Pricebook.vet widget embedded on practice websites is designed to run without setting cookies on the pet owner's device. It fetches pricing JSON from the CDN, renders HTML, and fires one first-party analytics beacon to Pricebook.vet's own ingestion endpoint (no personal data, no third-party scripts, no Google Analytics). The hosting practice's website may set its own cookies, which are governed by that practice's cookie policy, not ours.
#4. Third-party cookies
Some cookies are set by third parties we integrate with. The one currently in use is Google Analytics 4 (see §3.2), which is only loaded after you consent. Authentication providers (e.g. Google, Microsoft) may set their own cookies as part of the sign-in flow; those are strictly necessary and covered in §3.1. We do not allow third-party advertising trackers.
The current list of sub-processors is on our Sub-processors page. Once an email provider is finalised (#256) this policy will name it explicitly.
#5. Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. There is no UK legal requirement to honour DNT, but our default behaviour is equivalent: we do not set non-essential cookies until you explicitly consent through the banner.
#6. Changes
We will update this policy if our cookies or providers change. The banner will re-prompt for consent if a material new category is added.
#7. Contact
Questions about cookies: privacy@helpsome.ai.