Cookie Notice
Version 2.0 - Effective 2026-07-08 - Change log Template document: review by a qualified data-protection lawyer or DPO before commercial reliance. Not legal advice.
We do not use tracking cookies. We load no third-party advertising, no cross-site profiling, and no analytics that identify you.
Why there is no cookie banner
The UK Privacy and Electronic Communications Regulations (PECR, Regulation 6) and the EU ePrivacy Directive (Article 5(3)) require consent before storing information on your device, unless the storage is strictly necessary for a service you have asked for. Both regimes are technology-neutral: they cover browser localStorage as well as cookies (ICO storage-and-access guidance, 2026; EDPB Guidelines 2/2023).
Everything the Whistle widget stores falls under that strictly necessary exemption: it exists solely so the conversation you started is not lost when you navigate between pages (the classic shopping-basket analogy). No consent banner is therefore required. Transparency still is, so the exact keys are listed below.
What the widget stores (localStorage, first party)
| Key | Contents | Lifetime | How to clear |
|---|---|---|---|
whistle:<clientId> |
Your conversation state: messages, lead reference (leadId), name, conversation phase |
Per the site's persistHours setting, default 24 hours, then auto-deleted |
"Start a new conversation" in the widget, or clear site data in your browser |
whistle:teaser-dismissed:<clientId> |
A timestamp recording that you dismissed the chat teaser bubble | 7 days, then ignored | Clear site data in your browser |
These keys are single-purpose. They are never read for analytics, advertising or marketing, never shared with third parties, and stay on your device.
Analytics
Our aggregate site analytics (where enabled) is cookieless and EU-hosted. It counts pages and events without cookies, fingerprinting or identifying you.
If this changes
If we ever introduce a cookie or storage that needs consent under PECR or ePrivacy, we will update this notice and ask for consent first.
Related: Privacy Policy and Consent Notice.
This document is a GDPR-aligned template and must be reviewed by a qualified data-protection lawyer or DPO before commercial reliance. It is not legal advice.