This Cookie Policy explains how Paragon Cyber Advisory Ltd uses cookies and similar tracking technologies on our website. It supplements our Privacy Policy and is governed by the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK General Data Protection Regulation (UK GDPR).
We only place non-essential cookies on your device with your prior consent. You can update your preferences at any time using the panel in Section 2 below.
What Are Cookies
Cookies are small text files placed on your device — computer, tablet, or smartphone — when you visit a website. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to the site's owners.
Beyond traditional cookies, we may also use similar technologies including:
- Local storage: Data stored in your browser that persists after you close the tab, used for preference retention.
- Session storage: Temporary data stored only for the duration of your browser session.
- Pixel tags / web beacons: Tiny invisible images embedded in emails or web pages that signal when content has been viewed.
- Fingerprinting: We do not use browser fingerprinting or device fingerprinting on this website.
Cookies can be session cookies (deleted when you close your browser) or persistent cookies (which remain on your device for a defined period or until manually deleted). They may be set by us (first-party cookies) or by third-party services we embed (third-party cookies).
As a cybersecurity firm, we take data minimisation seriously. We use no cross-site tracking cookies, we do not sell data derived from cookies to third parties, and we prefer privacy-preserving analytics solutions over invasive tracking. Our analytics provider (Plausible) does not use cookies at all.
Manage Your Preferences
Essential Cookies
Essential cookies are necessary for our website to function correctly. Without them, you could not navigate the site or use features such as contact forms. These cookies do not collect any information about you that could be used for marketing or to remember where you have been on the internet.
We do not require your consent to place essential cookies — they are set automatically when you access our site. However, you can disable them in your browser settings, though this will break core site functionality.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
pca_session | Maintains your browsing session. Required for forms, navigation, and secure page access. | Session | Paragon |
pca_csrf | Cross-site request forgery prevention token. Protects form submissions from malicious attacks. | Session | Paragon |
pca_consent | Records your cookie consent choices so we don't prompt you on every page visit. | 1 year | Paragon |
pca_locale | Stores your language/region preference if set. | 1 year | Paragon |
Analytics Cookies
Analytics cookies help us understand how visitors interact with our website — which pages are most visited, how long people spend on each page, and where visitors come from. This information is used in aggregate to improve the structure, content, and performance of our site.
We have deliberately chosen privacy-first analytics tools. Our primary analytics solution, Plausible Analytics, is cookieless — it counts visits without setting any cookies or storing any personal data, making it fully PECR-compliant without requiring consent. The secondary HubSpot cookies are only set when you submit a contact form.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
_plausible | Cookieless analytics — no cookies set. Counts page views and unique sessions using anonymised, aggregate data only. IP addresses are never stored. | No cookie | Plausible Analytics (self-hosted, EU) |
hs_ab_test | HubSpot A/B testing. Determines which version of a form or landing page element you see. Only set after form interaction. | Session | HubSpot |
hubspotutk | HubSpot visitor tracking token. Used to associate form submissions with a website visitor for lead management. Only set when a form is submitted. | 13 months | HubSpot |
__hssc | HubSpot session cookie. Tracks session number and timestamps for analytics purposes. Only set when a form is submitted. | 30 minutes | HubSpot |
__hssrc | HubSpot source tracking. Set when a browser restarts to distinguish returning sessions from new ones. | Session | HubSpot |
Marketing Cookies
Marketing cookies are used to show you relevant advertisements on other websites based on your visit to ours, and to measure the effectiveness of our advertising campaigns. They build a profile of your interests and can track you across multiple websites.
These cookies are entirely optional and we require your explicit consent before placing them. If you decline marketing cookies, you may still see our advertisements online but they will be less targeted to your interests. We do not use marketing cookies for profiling that produces automated decisions affecting you.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
_fbp | Meta (Facebook) Pixel. Records visits and actions on our website to measure the effectiveness of Facebook/Instagram advertising campaigns. Used to build lookalike audiences. | 90 days | Meta Platforms |
_fbc | Meta click ID. Stores the click identifier when you arrive from a Facebook ad, linking your visit to the campaign that drove it. | 90 days | Meta Platforms |
li_fat_id | LinkedIn first-party ad tracking. Links LinkedIn ad clicks to conversions on our website to measure campaign ROI. | 30 days | |
UserMatchHistory | LinkedIn audience matching. Used to sync LinkedIn member IDs for retargeting and Matched Audiences features. | 30 days | |
bcookie | LinkedIn browser identifier. A unique identifier used across LinkedIn services. | 1 year | |
lidc | LinkedIn data centre routing cookie. Facilitates data centre selection. | 1 day |
Functional Cookies
Functional cookies enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you disable these cookies, some features may not work as intended — for example, embedded video players or live chat widgets.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
hs-messages-* | HubSpot live chat / messaging widget state. Remembers whether you have opened or closed the chat widget and any in-progress conversations. | Session – 1 year | HubSpot |
__cf_bm | Cloudflare Bot Management. Distinguishes between humans and bots to protect the site from malicious automated traffic. Required where Cloudflare is in use. | 30 minutes | Cloudflare |
intercom-* | If Intercom support widget is active: stores visitor identity and conversation history for continuity in support interactions. | 9 months | Intercom (if enabled) |
Third-Party Cookies
Some cookies on our site are placed by third-party services. We do not control these cookies and they are governed by the privacy policies of the respective third parties. Where we embed third-party content, those providers may set their own cookies regardless of your choices on our site — where possible we have configured these to require your consent before loading.
| Third Party | Service | Privacy Policy | Opt-Out |
|---|---|---|---|
| HubSpot | CRM & Form analytics | legal.hubspot.com | Toggle analytics above |
| Meta Platforms | Advertising pixel | facebook.com/privacy | Ad preferences |
| Insight Tag & ads | linkedin.com/legal | Opt-out page | |
| Cloudflare | CDN & security | cloudflare.com | Essential — cannot opt out |
| Plausible Analytics | Cookieless analytics | plausible.io/privacy | No cookies set |
Your Consent
When you first visit our website, we display a cookie banner asking for your consent before placing non-essential cookies. Your consent is recorded in the pca_consent cookie. For consent to be valid under PECR and UK GDPR, it must be:
- Freely given: We do not make access to our website conditional on accepting non-essential cookies;
- Specific: You can consent to individual categories of cookie rather than accepting everything at once;
- Informed: This policy explains what each cookie does before you give consent;
- Unambiguous: Consent requires a clear, affirmative action — pre-ticked boxes are not used;
- Withdrawable: You can withdraw your consent at any time using the preference panel in Section 2, with the same ease as it was given.
Your consent preferences are stored locally in your browser and expire after 12 months, at which point we will ask for your consent again. If you clear your cookies, you will be asked to consent again on your next visit.
You may also withdraw consent at any time by visiting Section 2 of this page and saving updated preferences, or by clearing all cookies through your browser settings.
Some cookies that are strictly necessary for security purposes (such as the Cloudflare __cf_bm cookie) may be placed on the basis of legitimate interests rather than consent, as they are essential to protecting the site from automated attacks. These are listed under Functional cookies and cannot be disabled via the toggle.
Browser Controls
In addition to our consent panel, you can control cookies through your browser settings. All major browsers allow you to view, block, and delete cookies. Note that blocking all cookies may prevent some parts of this website from functioning correctly — in particular, essential cookies must be enabled for forms to work.
For more detailed guidance on managing cookies, visit the aboutcookies.org website or the ICO's guidance on cookies.
For information on opting out of interest-based advertising across multiple companies, visit the Your Online Choices website (managed by the European Interactive Digital Advertising Alliance) or the Digital Advertising Alliance opt-out tool.
Do Not Track & GPC
Do Not Track (DNT) is a browser signal that requests websites not to track your browsing behaviour. While we respect user privacy, there is currently no legally enforceable standard governing how websites must respond to DNT signals, and many advertising networks and analytics platforms do not honour it. As a result, our website does not currently alter its behaviour in response to a DNT signal.
Global Privacy Control (GPC) is a newer browser signal that communicates a user's opt-out of the sale of personal data and certain types of targeted advertising. While GPC is legally recognised under some US state laws (such as the CCPA), it does not have legal force under UK GDPR or PECR at this time. We are monitoring developments and will update this policy if our obligations change.
The most reliable way to control how we use cookies is through the preference panel in Section 2 of this policy, which gives you granular control over each category.
Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, updates to our services, or changes in applicable law. The "Last updated" date at the top of this page will be revised accordingly.
Where we make material changes — for example, introducing a new category of cookies or a new third-party provider — we will re-present the cookie consent banner so that you have the opportunity to review and update your preferences. We will also notify registered contacts by email where appropriate.
v1.3 (March 2025): Added Plausible Analytics detail (cookieless), updated LinkedIn cookie register, added GPC section.
v1.2 (September 2024): Added functional cookies category, Cloudflare entry, expanded third-party table.
v1.1 (April 2024): Updated consent validity requirements to align with ICO guidance.
v1.0 (January 2024): Initial publication.
Contact Us
If you have questions about our use of cookies, wish to withdraw your consent, or want to make a complaint about our cookie practices, please contact our Data Protection representative: