What are Cookies?
Like most websites, our website uses cookies (“Cookies”). Cookies are text files which contain small amounts of information that are downloaded to your device when you visit a website. These Cookies are then sent back to the originating website on each visit, or to another website that recognises that Cookie. Cookies are useful because they help a website recognise a user’s device.
Some Cookies are essential for the website to function properly, while others help us improve your experience or provide insights into how the website is being used. By using our website, you agree that we can place essential Cookies on your device.
Where Cookies involve the processing of personal data, we rely on the lawful bases of legitimate interests (for essential cookies) and consent (for non-essential cookies), in accordance with applicable data protection laws.
Most browsers are initially set to accept Cookies by default, until set otherwise. Information on how to manage or delete Cookies is available at www.AboutCookies.org. However, please note that by disabling or rejecting certain Cookies, you may not be able to proceed with your online application, access certain areas or features of our website or take advantage of certain promotions which we may run from time to time.
Why do we use Cookies?
We use or may use Cookies for the following purposes:
- to monitor and manage traffic to our website;
- if required as a matter of law or regulation, to protect our customers’ rights;
- for login purposes;
- for security purposes, including detecting and mitigating malicious bot activity;
- to enable us to remember preferences, track visitors and target adverts; and
- to make the browsing experience on the website more efficient and enjoyable.
Types of Cookies we use
Cookies can be classified in different ways, depending on their purpose and how they are set.
Essential vs Non-Essential Cookies:
- Essential cookies are strictly necessary for the operation of our website. These enable core functions like security, login, and accessibility. They are usually set in response to actions made by you, such as submitting forms or setting privacy preferences. Because they are required for the website to work, they do not require your consent.
- Non-essential cookies are not required for the website to function, but help us enhance your experience (for example, through analytics, advertising, or personalisation). These cookies are not strictly necessary for the operation of our website and will only be placed where you have provided your consent.
First-party vs Third-party Cookies:
We use both our own (“first-party”) and partner companies' (“third-party”) cookies for the purposes outlined above. More specifically:
- First-party Cookies are Cookies that are placed by us or by a third party for us. Most (if not all) of our first-party cookies are essential to the running of our website; by disabling or deleting them, you may not be able to access certain areas or features of our website. These cookies include security cookies set by Amazon Web Services (AWS) Web Application Firewall (WAF) Bot Control, which help detect and mitigate malicious or automated traffic (e.g., scrapers or bot attacks) to ensure website stability. These cookies are short-lived and may use device or browser characteristics to distinguish between legitimate users and automated bots. Cookie names may vary depending on configuration.
- Third-party Cookies are Cookies that are placed by our partners, vendors and other third parties. We do not control the collection or further use of data by third parties using third-party Cookies. Certain of our third-party cookies are essential to the running of our website; by disabling or deleting them, you may not be able to proceed with your online application or access certain areas or features of our website. Some third-party cookies may involve the transfer of personal data outside the UK or the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as the use of standard contractual clauses.
Cookies can be “Persistent”, “Permanent” or “Session”:
- Permanent Cookies remain on your device even after you have gone offline;
- Persistent Cookies will remain on your browser until you delete them manually or until your browser deletes them based on the duration specified in the Cookie file itself. The duration of the cookie file can be any period of time between one day and ten years. To find out how to learn about an individual cookies’ duration, please click here; and
- Session Cookies are deleted as soon as you close your web browser, or they may expire shortly after being set (for example, within a few minutes to a few hours), depending on their function and technical configuration.
Managing your Cookie preferences
We use a cookie management tool to present you with clear choices and to help you manage your preferences.
You can manage your cookie preferences via our cookie banner when you first access the website, or through your browser settings. We only place non-essential cookies (such as those used for analytics or advertising) where you have provided consent. You can withdraw or change your consent at any time through your browser settings. Please note that disabling certain cookies may affect your ability to use some features of the website.
What Third Party Cookies do we use?
| S.No | Cookie Name | Type | Description | Duration | Source |
|---|---|---|---|---|---|
| 1 | mcf_aggregator | Essential | Stores aggregator information. | 1 day | MCF |
| 2 | cookie_mcf | Essential | Stores cookie consent. | 14 days | MCF |
| 3 | mcf_savaggr | Essential | Stores aggregator URL for savings. | 1 day | MCF |
| 4 | mcf_validate_payment_token | Essential | Validated payment token data. | 1 day | MCF |
| 5 | auth_token | Essential | Payment authentication token. | 1 day | MCF |
| 6 | _ga | Non-Essential (Analytics) | Used to distinguish users. | 13 months | Google Analytics |
| 7 | _ga_* | Non-Essential (Analytics) | Used to persist session state. | 13 months | Google Analytics |
| 8 | _gat_gtag_UA_* | Non-Essential (Analytics) | To store a unique user id. | 1 min | Google Analytics |
| 9 | _gid | Non-Essential (Analytics) | To store and count page views. | 1 day | Google Analytics |
| 10 | _hjSession_* | Non-Essential (Functional) | Used by Hotjar to hold current session data. | Session | Hotjar |
| 11 | _hjSessionUser_* | Non-Essential (Functional) | To store unique user id. | 12 months | Hotjar |
| 12 | _hjDonePolls | Non-Essential (Functional) | Hotjar cookie indicating the user has completed a poll. | 12 months | Hotjar |
| 13 | _hjMinimizedPolls | Non-Essential (Functional) | Hotjar cookie indicating a poll widget has been minimized. | 12 months | Hotjar |
| 14 | __Secure-has-sid | Essential | Detects a user’s login state on the client side. Set during login to Aura or LWR Experience. Must not be HttpOnly. | Session | Salesforce |
| 15 | CookieConsentPolicy | Essential | Used to apply end-user cookie consent preferences set by Salesforce’s client-side utility (values like 1:1 or 0:1). | 12 months | Salesforce |
| 16 | inst | Essential | Used to redirect requests to an instance after migrations, splits, or URL updates. | Session | Salesforce |
| 17 | LSKey-c$CookieConsentPolicy | Essential | Locker Service version of CookieConsentPolicy. Set when Locker Service is enabled because standard cookies can't be read normally. | 12 months | Salesforce |
| 18 | oid | Essential | Stores last logged-in org for redirecting requests. Used for logging presence in guest-user requests. | 12 months | Salesforce |
| 19 | pctrk | Essential | Counts unique page views by guest users in Experience Cloud sites for billing entitlements. | 12 months | Salesforce |
| 20 | renderCtx | Essential | Stores site parameters in the session for fetching pages and components based on metadata like pageId, schema, viewType, etc. | 12 months | Salesforce |
| 21 | RRetURL | Essential | Used with 'Log in As' to restore original state after switching user. | Session | Salesforce |
| 22 | RSID | Essential | Session ID and login-as session ID. Copied to allow rebuilding target URLs in proxy situations. | Session | Salesforce |
| 23 | sid | Essential | Salesforce session ID used to track authenticated user sessions in a multi-tenant environment. | Session | Salesforce |
| 24 | sid_client | Essential | Used to detect and prevent session tampering. Ensures the session belongs to the browser, wasn't manipulated, and wasn’t copied between environments. | Session | Salesforce |
| 25 | fp_token_{id} | Essential | Salesforce security cookie used to bind session to device, support secure login flows. It is created by salesforce's identity/fraud protection subsystem. | 12 months | Salesforce |
| 26 | io_token_{id} | Essential | This cookie is created when we use iovation service. This is a transUnion fraud detection service. | 12 months | mpsnare.iesnare.com(iovation) |
| 27 | oinfo | Essential | Tracks the last logged in salesforce org. | 3 months | Salesforce |
| 28 | my_community_finance_session | Essential | Used in ID verification for OCR (this is the redirection to a third party site). This doesn't persists when customer is redirected to SF after completing the ID verification | Session | staging.amplifi.idkit.co |
| 29 | XSRF-TOKEN | Essential | Used in ID verification for OCR (this is the redirection to a third party site). This doesn't persists when customer is redirected to SF after completing the ID verification | Session | staging.amplifi.idkit.co |
| 30 | idCaptureAttempt | Essential | Used in ID verification for OCR.(this is the redirection to a third party site). This doesn't persists when Customer is redirected to SF after completing the ID verification | 1 day | staging.amplifi.idkit.co |
Last updated: December 2025
V3 2025