Cookie Policy
Version 2.0 · Last updated: 5 May 2026
This page explains the cookies and similar technologies we use across rask.au and app.rask.au — what they're for, who sets them, how long they last, and how to turn them off.
Our consent posture
We split cookies into three categories: essential, analytics, and preference. Analytics is off by default until you opt in. The first time you visit rask.au you'll see a small banner letting you accept or decline analytics. You can change your mind at any time using your browser's storage controls or by clicking "Decline" if the banner appears again.
Cookie categories
Essential cookies
Required for login, account security, fraud detection, and core functionality. Without these, the platform won't work. They are set by us or by infrastructure providers we use (Google Cloud Platform, Cloudflare, Firebase Auth).
| Name pattern | Purpose | Set by | Lifetime |
|---|---|---|---|
rask_session | Authenticated session cookie | Rask | Session / configurable expiry |
__Secure-* (Firebase) | Firebase Auth session and ID token cookies | Firebase Auth (Google) | Up to 1 hour, refreshed |
__cf_bm, cf_clearance | Bot detection, edge security | Cloudflare | Up to 30 minutes / up to 30 days |
__Host-* | CSRF protection and security tokens | Rask | Session |
Analytics cookies (consent required)
Help us understand how features are used so we can improve reliability and user experience. We use Google Analytics 4 (GA4), configured with anonymised IPs, no advertising personalisation, and no cross-site advertising signals.
| Name pattern | Purpose | Set by | Lifetime |
|---|---|---|---|
_ga | Distinguishes anonymous users for usage analytics | Google Analytics 4 | Up to 2 years |
_ga_<measurement-id> | Maintains the GA4 session for an anonymous user | Google Analytics 4 | Up to 2 years |
Analytics is disabled by default. We never load GA4 until you grant consent. Your consent state is stored in localStorage under the key rask.analytics.consent.v1 on rask.au; clearing it returns you to the default-disabled state.
Preference cookies
Remember settings like display preferences and dismissed notices.
| Name pattern | Purpose | Set by | Lifetime |
|---|---|---|---|
rask.*.preference.* | UI preferences (e.g. theme, dismissed banners) | Rask | Up to 1 year |
How to control cookies
- Accept or decline analytics using the consent banner shown on rask.au.
- Reset your choice by clearing site data for rask.au in your browser, then reload the page — the banner will reappear.
- Block cookies entirely using your browser settings. Note: blocking essential cookies will stop you signing in or using key parts of the platform.
- Use private/incognito mode to keep cookies session-only.
What we don't do
- We don't run third-party advertising trackers.
- We don't use cookies to build cross-site advertising profiles.
- We don't sell cookie-derived data.
For more on how we handle data — including the Consumer Data Right handling for cashflow / open-banking data — see our Privacy Policy and Data Use Policy.
Questions or requests? Email compliance@rask.au.