Privacy Policy | UK property area reports

Who we are

RightRoof operates rightroof.co.uk. For questions about cookies or your personal data, contact us using the details below. The identity of the data controller and other company information is set out in our Privacy policy (not repeated on this page).

privacy@rightroof.co.uk Contact us

What are cookies and similar technologies?

Cookies are small text files stored on your device when you visit a website. We also use browser storage (localStorage, sessionStorage) for some product features, such as remembering that you have used a free report preview.

Always on Strictly necessary

Required for security, sign-in, and core operation. Not controlled by the optional analytics choice.

Your choice Analytics

Traffic and usability measurement. Google Analytics 4 and Microsoft Clarity load only if you choose Accept analytics.

We do not use analytics cookies for advertising personalisation on this site today. If you accept analytics, we configure Google Consent Mode so advertising-related storage stays denied unless we change this policy and the banner first.

Your choices (cookie banner and settings)

On your first visit (or when no preference is stored), you will see a banner with two options:

Accept analytics

Measure and improve the site

Loads Google Analytics and Microsoft Clarity and allows their cookies/storage as described below.

Essential cookies only

Core site only

We do not load Google Analytics or Microsoft Clarity. Strictly necessary cookies still apply.

Change your mind anytime:

Use Cookie settings in the site footer (re-opens the banner), or
Visit Privacy → Cookies.

Switching to essential-only stops analytics on future page loads. You may need to refresh or clear third-party cookies in your browser. If analytics scripts are already loaded, the page may reload to apply your choice. Your preference is stored in rr_cookie_consent_v1 (up to 180 days).

You can also block or delete cookies in browser settings. Blocking strictly necessary cookies may prevent sign-in or other core features.

Strictly necessary cookies and storage

Essential for secure operation of the website, or to remember your cookie choice.

Name / type	Provider	Purpose	Duration
`rr_cookie_consent_v1`	RightRoof	Stores essential-only vs analytics choice	Up to 180 days
Auth cookie e.g. `.AspNetCore.Cookies`	RightRoof	Keeps you signed in	Session or remember-me period
`rr_rt`	RightRoof	HttpOnly refresh after external redirects (e.g. payment return)	Aligned with sign-in settings
Session cookie e.g. `.AspNetCore.Session`	RightRoof	Server-side session and API access for your account	Idle timeout (typically hours)
Antiforgery / CSRF	RightRoof	Protects forms and sign-in from cross-site forgery	Session
`rr_clarity_vid`	RightRoof	First-party visitor id for analytics alignment when enabled; no data sent to Microsoft until Clarity loads	Up to 365 days
`rr_clarity_sid`	RightRoof	First-party session id for the same purpose	Session idle period

Browser storage (not cookies)

Guest free reports — e.g. rr_free_report_used in localStorage.
UI state — e.g. email verification resend cooldown in sessionStorage.

Not used for third-party advertising.

Analytics cookies and technologies

Consent required Loaded only if you accept analytics (or have a stored analytics preference).

Provider	Google Ireland Limited / Google LLC
Purpose	Traffic, navigation, and product events (sign-up, reports, checkout) to improve RightRoof
How loaded	`gtag.js` injected only after you accept analytics; Consent Mode defaults deny analytics storage until then
Typical cookies	`_ga`, `_ga_*`, and related Google identifiers when the tag runs
Privacy	Google Privacy Policy ? Partner sites data use
Opt-out	Banner rejection, GA opt-out add-on, or browser cookie controls

We do not publish a Google Analytics measurement ID in this policy.

Server-side measurement: Purchase reporting may also use server-side measurement (not browser cookies). See our Privacy policy.

Provider	Microsoft Corporation
Purpose	Session recordings, heatmaps, and usability diagnostics
How loaded	Clarity script injected only after you accept analytics
Typical cookies	Clarity session and user identifiers when the script runs
Privacy	Microsoft Privacy ? Clarity docs
Opt-out	Banner rejection or browser cookie controls

When signed in, we may pass a pseudonymous account id to Clarity (not your email in the tag). Google Analytics may receive a hashed internal user id for cross-session analysis.

Cookies set by other services

Payments

Stripe

Checkout may set cookies on checkout.stripe.com (Stripe controls them, not our banner).

Stripe Privacy Policy

Sign-in

Google Sign-In

Google’s auth flow may set cookies on google.com or related domains under Google’s terms.

Lawful basis (UK GDPR)

Category	Typical lawful basis
Necessary Strictly necessary	Legitimate interests (secure site) and, where applicable, contract
Analytics Analytics	Consent — Accept analytics in the banner

Withdraw analytics consent anytime via Cookie settings without affecting strictly necessary cookies.

International transfers

Google and Microsoft may process data outside the UK. Where required, they use appropriate safeguards (e.g. UK addenda to standard contractual clauses). See their privacy notices for detail.

Your rights

Under UK data protection law you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to complain to the ICO.

Email privacy@rightroof.co.uk Contact us

Changes to this policy

We may update this Cookie Policy when our site, tools, or legal requirements change. The “Last updated” date at the top will change. Material changes may be highlighted on the site or in the cookie banner.

What changed in May 2026

Cookie banner: Essential cookies only vs Accept analytics
GA4 and Clarity only after consent; Consent Mode v2 until acceptance
Product analytics to improve reports, search, and checkout
Footer Cookie settings to revisit your choice