Legal · Cookies

Cookie Notice.

What cookies + similar technologies we use on inntally.com and inside the Inntally platform, why, and how to manage them. ePrivacy Regulations (S.I. 336/2011) + GDPR compliant.

Version 1.0 · Effective 25 May 2026

1. What are cookies

Cookies are small text files stored on your device when you visit a website. They’re used for things like keeping you logged in, remembering preferences, and (with your consent) measuring how the site is used. We also use similar technologies such as localStorage + sessionStorage; this Notice covers all of them collectively (“cookies”).

2. Categories we use

  • Essential — always on. Required for the site or platform to function (login, security, session continuity).
  • Analytics — only with consent. Help us understand which pages + features are useful.
  • Preference — only with consent. Remember your settings (theme, language, region).
  • Marketing — only with consent. Used for personalisation + measuring marketing campaign performance.

3. Essential cookies

These cookies cannot be disabled without breaking the site or platform. Examples:

  • Session cookies — keep you logged in during a browsing session.
  • CSRF protection tokens — protect against cross-site request forgery.
  • Load balancing — route your requests consistently to the right server.
  • inntally_consent_v1 — remembers your cookie preferences so we don’t re-prompt (12-month expiry).
  • inntally_sid_v1 (localStorage) — anonymous marketing-site session ID. Only created if you consent to Analytics; never set otherwise.

4. Analytics cookies

Only set after you give consent via our cookie banner. We run our own first-party analytics — no Google Analytics, no Facebook Pixel, no third-party tracking script. Data flows directly to our infrastructure in AWS Dublin.

What we capture (only with consent):

  • Anonymous page-view + journey events (path, title, referrer, scroll depth, time on page).
  • Click events on tracked calls-to-action.
  • UTM parameters from the URL (campaign attribution).
  • An anonymised IP address (last octet stripped before storage) used solely to derive approximate country / region.
  • Device hints (browser, OS, screen size, language) reported by your browser.

Retention: rolling 13-month window for sessions/events, then automated hard-delete. Consent records (your decision + timestamp + banner version) are kept 7 years as evidence of lawful basis — this record contains no behavioural data.

5. Preference cookies

Only with consent. Remember:

  • Region / locale (so we serve the right URL the next visit).
  • Display preferences (e.g. compact / comfortable density).
  • Closed-banner state (we don’t re-show banners you’ve dismissed).

6. Third-party cookies

The following third parties may set cookies when you use our site or platform — listed for transparency. Each is bound by a Data Processing Agreement and named in our DPA sub-processor schedule.

  • Stripe — payments processing. Sets cookies on payment pages for fraud detection (essential when transacting).
  • CloudFront / AWS WAF — security + edge defence (essential).
  • Plausible / Google Analytics (when enabled with consent) — analytics. Anonymised.

7. Managing consent

  • The cookie banner appears on first visit; choose which categories to allow.
  • Re-open the preference panel at any time: Cookie preferences →
  • You can also clear cookies + tracking via your browser settings.
  • Withdrawing consent does not affect data processed lawfully before the withdrawal.
  • Consent is re-requested after 12 months automatically.

8. Updates

We update this Notice when cookies change. Material changes are notified via the cookie banner and timestamped at the top of this Notice.

9. Contact

More on data

Read the Privacy Notice + the Security page.

How we use cookies fits inside a larger commitment to GDPR-native data handling + EU residency.

Privacy NoticeSecurity & compliance