Medly AI Cookie Policy
1. Scope & Relationship to Other Policies
1.1 Who we are
Medly AI Limited (“Medly AI”, “we”, “us”, “our”) is a company registered in England and Wales (Company No. 15110302) and the controller responsible for any personal data collected through cookies and similar technologies operated in connection with our services.
1.2 What this Cookie Policy covers
This policy explains how we deploy cookies, software development kits (SDKs), pixels, local-storage objects and other technologies that store or access information on your device when you: visit www.medlyai.com or any sub-domain that links to this notice; use the Medly AI mobile or tablet app downloaded from an official app store; and interact with embedded Medly AI content (for example, our payment pages or support pop-ups) that may appear on third-party sites. The Privacy and Electronic Communications Regulations 2003 (“PECR”) apply to all of these delivery channels, not just traditional websites, whenever information is written to or read from a user’s equipment.
1.3 How this policy fits with our other legal documents
This Cookie Policy supplements and should be read together with: our Privacy Policy, which explains in detail how Medly AI processes personal data; and our Terms of Use, which set out the contractual rules for accessing our platform. The Privacy Policy remains the primary document for matters such as lawful bases, data-subject rights and international transfers, whereas this notice focuses on the specific technologies that trigger consent or information duties under PECR.
1.4 Personal-data context
Under UK GDPR Recital 30, identifiers like cookie IDs, advertising IDs and device fingerprints qualify as personal data whenever they can be combined with other information to single out or profile an individual. Consequently, where a cookie allows us—or any third party working on our behalf—to recognise you, the processing principles in our Privacy Policy apply alongside the PECR rules summarised here.
1.5 Effective date & future changes
This Cookie Policy takes effect on 12 February 2025 and will be reviewed at least annually or sooner if we introduce new tracking technologies or materially change their purpose. When we update the policy we will: revise the “Last updated” date at the bottom of the page; and display a banner or similar notice to invite you to review the changes and, where required, refresh your cookie preferences. If you have any questions about this section or our wider use of cookies, you can reach our Data Protection Officer at contact@medlyai.com or write to 85 Great Portland Street, London, W1W 7LT, United Kingdom.
2. What are cookies and “similar technologies”?
Cookies are only one of several ways an online service can store or read information from a user’s device. Under the UK Privacy and Electronic Communications Regulations 2003 (PECR) the same rules apply to any such “storage and access technologies,” whether they sit in a web page, an email, a mobile app or a connected-TV SDK. The definitions below explain the main techniques you will meet on Medly AI.
2.1 HTTP cookies
Small text files sent by a website and returned by the browser on subsequent requests. They may be session‑based (deleted when the browser closes) or persistent, and may be first‑party (.medlyai.com) or third‑party.
2.2 Web storage & other browser APIs
localStorage, sessionStorage, IndexedDB and Service‑Worker caches hold larger values than cookies and do not accompany every HTTP request, but are regulated in the same way.
2.3 Tracking pixels
A 1 × 1 transparent image embedded in a page or email that records the device details, IP address and any associated IDs when it is fetched.
2.4 Mobile‑app SDKs & advertising IDs
Third‑party SDKs in native apps may read or write local data or access platform advertising identifiers (IDFA, GAID) for analytics or marketing.
2.5 Device fingerprinting
Combining browser or hardware attributes to derive a statistically unique identifier without writing to storage. The ICO treats this as tracking technology requiring consent.
2.6 Personal‑data context
When any of the above identifiers can be linked to an individual, they are treated as personal data under the UK GDPR; our Privacy Policy therefore applies in parallel with this notice.
3. Cookie inventory, purpose & retention
The table below merges the “Why we use cookies” explanation with the detailed cookie register. Each entry shows who sets the cookie, what it is there for, the kind of data it collects, how long it remains on the device, and whether it is placed by Medly AI (first-party) or by a partner (third-party). Key purpose labels: Necessary – required to make the site/app or your preference centre work Functional – improves site functions (e.g. A/B tests, live-chat) Analytics – measures usage so we can improve the product Advertisement – supports interest-based ads or campaign measurement
| Cookie | Domain / Provider | Purpose | What it does & typical data collected | Expiry | Party |
|---|---|---|---|---|---|
| X-AB | sc-static.net (Snap/Adobe Target CDN) | Functional (A/B testing) | Stores a variant ID so we can show you one version of a page and measure which version performs best | 1 day | 3rd |
| _ttp | tiktok.com & medlyai.com | Advertisement | Assigns a unique TikTok ID to measure and optimise ad campaigns and personalise content; collects pseudonymous ID, page views, ad-event metadata | 3 months | 3rd / 1st |
| CookieScriptConsent | medlyai.com | Necessary | Remembers whether you accepted or rejected non-essential cookies (stores consent string & time-stamp) | 1 month | 1st |
| _scid | medlyai.com | Advertisement | Saves the Snapchat Pixel user ID so Snap can link on-site actions to ads; data = unique ID & event data | 1 year + 1 month | 1st |
| _scid_r | medlyai.com | Advertisement | Same as _scid, used across sub-domains for consistent Snap attribution | 1 year + 1 month | 1st |
| ph_phc_*_posthog | medlyai.com | Analytics | PostHog product-analytics cookie that keeps an anonymous distinctId, session count, feature-flag status to analyse usage across visits | 1 year | 1st |
| _fbp | medlyai.com | Advertisement | Facebook/Meta pixel identifier used to deliver, measure and retarget ads; holds a unique browser ID & time-stamp | 3 months | 1st |
| _tt_enable_cookie | medlyai.com | Advertisement | Flags that TikTok Pixel cookies are enabled; allows subsequent tracking of conversions | 3 months | 1st |
| ttcsid / *ttcsid_ ** | medlyai.com | Advertisement | TikTok Pixel session ID that stitches together events from the same browser session for attribution | 3 months | 1st |
| _ScCbts | medlyai.com | Functional | Snapchat Pixel timing helper that decides whether to fire certain Snap tags (stores a short-lived boolean/timestamp) | 7 days | 1st |
| u_sclid | medlyai.com | Advertisement | Snap “cross-domain linker” ID to recognise a visitor across multiple domains for ad bidding | 13 months | 1st |
| u_sclid_r | medlyai.com | Advertisement | Read-only mirror of u_sclid used by Snap on some sub-domains | 13 months | 1st |
| u_scsid | medlyai.com | Advertisement | Snap cookie that records session-level behaviour for internal analysis/optimisation | Session | 1st |
| u_scsid_r | medlyai.com | Advertisement | Read-only replica of u_scsid for sub-domains | Session | 1st |
| _gcl_ls | medlyai.com | Advertisement | Google Ads Conversion-Linker local-storage key that stores ad-click info so conversions can be matched to clicks | 13 months | 1st |
| lastExternalReferrer | medlyai.com | Analytics | Captures the full URL of the external page that brought you to Medly AI (used for traffic-source reporting) | 13 months | 1st |
| lastExternalReferrerTime | medlyai.com | Analytics | Records the time-stamp of the above referrer event | 13 months | 1st |
| topicsLastReferenceTime | medlyai.com | Advertisement | Stores when Chrome’s Topics API last provided interest segments for this browser, to limit how often topics are refreshed | 13 months | 1st |
| ph_phc_*_window_id | medlyai.com | Analytics | PostHog helper that distinguishes activity in multiple open tabs/windows during one visit | Session | 1st |
| ph_phc_*_primary_window_exists | medlyai.com | Analytics | Prevents duplicating events when a second tab is opened; expires when the tab closes | Session | 1st |
| tt_appInfo | medlyai.com | Analytics | TikTok Pixel storage key that caches app/pixel configuration to speed up subsequent loads | Session | 1st |
| tt_sessionId | medlyai.com | Advertisement | Holds the TikTok Pixel session identifier so conversions in one visit can be linked together | Session | 1st |
| tt_pixel_session_index | medlyai.com | Analytics | Index counter used by TikTok Pixel to label sequential events inside one session | Session | 1st |
Some of our analytics, advertising and customer-support partners are headquartered—or run servers—outside the UK and European Economic Area. Whenever cookie-derived personal data is sent to a country without an adequacy decision, we protect it with the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses and, where necessary, apply additional technical and organisational safeguards. You can obtain a copy of the relevant transfer mechanism by e-mailing contact@medlyai.com. In limited cases we may use device- or browser-fingerprinting techniques (for example, combining screen resolution and installed fonts) to help prevent fraud and secure our platform. Because this method can identify you without placing a file on your device, we treat it as equivalent to a non-essential cookie: it is blocked until you give explicit consent in the Consent-Management Platform and you may withdraw that consent at any time.
Medly AI is designed for users aged 13 and over. We do not knowingly deploy cookies or similar technologies to profile children under 13, and our platform is not marketed to them. If you believe we have inadvertently collected information relating to a child, please contact contact@medlyai.com so we can delete it promptly.
4. Legal basis for cookies & how we collect, record and refresh your consent
Before any non-essential cookie, SDK or similar technology is dropped on your device, Medly AI will ask for your prior, informed, granular and freely-given consent. We do this because Regulation 6 of the UK Privacy and Electronic Communications Regulations (PECR) requires consent for all storage-and-access technologies that are not “strictly necessary” to deliver the online service you actively requested, such as keeping you logged-in or processing a payment.
4.1 Strictly necessary technologies
Cookies that are essential to provide an “information-society service” you have asked for—e.g. authenticating your account, remembering items in a basket, or honouring your cookie choices—do not need consent, but we still list them in Section 3 for transparency.
Our lawful basis for the personal data that these necessary tools incidentally collect is legitimate interests (Article 6(1)(f) UK GDPR).
4.2 All other purposes rely on consent
For Functional, Analytics and Advertising cookies we rely on the definition of consent in Article 4(11) UK GDPR: “any freely given, specific, informed and unambiguous indication … given by a clear affirmative action”.
4.3 How the consent flow works
First visit banner – A banner served by our Consent-Management Platform (CMP) appears the first time you land on any medlyai.com page. It gives buttons of equal size to “Accept all” and “Reject all”.
4.4 Recording and storing your choices
When you make a choice the CMP writes a first-party CookieScriptConsent cookie containing:
- a random identifier for your browser;
- the categories and vendors you opted in or out of;
- a cryptographic hash of the banner version;
- the date-time stamp of your decision.
4.5 Refreshing consent
We will prompt you to review or renew your preferences when:
- 12 months have passed since you last gave consent; or
- we introduce a new purpose, category or third-party vendor; or
- we materially change the way an existing cookie operates.
5 How to withdraw or change consent later
On-site – A persistent “Cookie” button is present at all times at the bottom left of the screen and reopens the CMP at any time so you can adjust or withdraw consent instantly. Browser or device tools – You can also clear cookies via your browser, reset advertising IDs on iOS/Android, or use privacy plug-ins. These methods sit outside Medly AI’s control but will be respected by our platform.
Last updated: 21st May 2025
If you have any questions about this section or our wider use of cookies, you can reach our Data Protection Officer at contact@medlyai.com or write to 85 Great Portland Street, London, W1W 7LT, United Kingdom.