Cookie Policy
Version 1.0 · Last updated 19 May 2026
This Cookie Policy explains how the AML Certification Centre OÜ Learning Platform uses cookies and similar technologies. It supplements the Privacy Policy.
1. Summary
The AML Certification Centre Learning Platform sets only strictly necessary cookies — the ones required to authenticate you and protect against cross-site request forgery. We do not set analytics, advertising or behavioural-tracking cookies of our own.
You do not need to give consent for strictly necessary cookies under EU ePrivacy rules; they are exempt because they are essential for a service you have explicitly requested (signing in to use the Platform). For that reason we show a one-time acknowledgement banner rather than a category-by-category consent panel.
2. What is a cookie?
A cookie is a small text file a website stores in your browser. Cookies allow the website to remember things about you between page loads — for example, the fact that you are signed in.
The Platform also uses local-storage entries — small bits of data stored in your browser, never sent to our servers. They keep your preferences (light/dark mode, video-playback resume position) on the device you are using.
3. Cookies we set
| Name | Purpose | Type | Lifetime |
|---|---|---|---|
| __Secure-next-auth.session-token (next-auth.session-token in development) | Holds your authentication session. HttpOnly, SameSite=Lax, Secure in production. | Strictly necessary | 24 hours (sliding) |
| __Secure-next-auth.csrf-token | Protects sign-in forms against cross-site request forgery. | Strictly necessary | Session |
| __Secure-next-auth.callback-url | Remembers where you should be redirected after sign-in. | Strictly necessary | Session |
All three are required to sign you in and keep you signed in. Disabling them will prevent you from using the Platform.
4. Local-storage entries we set
These are stored in your browser only and are never sent to our servers. You can clear them at any time using your browser settings.
| Key | Purpose | Lifetime |
|---|---|---|
| amlcc:theme-mode | Your light/dark/system theme preference | Until you clear it |
| amlcc:cookie-notice-acknowledged | Records that you have dismissed our cookie banner | Until you clear it |
| recording-watched:<id> | Cumulative seconds watched of a specific webinar recording — so you can resume from where you left off | Until you clear it |
| Per-video resume keys | Last-watched position in a course video — so you can resume playback | Until you clear it |
| Per-(submodule, block) scroll position | Last scroll position on long reading blocks — so you can resume reading | Until you clear it |
5. Cookies from third parties
When the Platform embeds video or webinars from third-party services, those services may set their own cookies on their own domains as you interact with them. Specifically:
- Vimeo (
player.vimeo.com) — used for course-video and recording playback. We request playback in "Do Not Track" mode (dnt=1) so Vimeo limits the cookies it sets. Even so, Vimeo may set technical playback cookies. See Vimeo's cookie statement. - Zoom (
zoom.us) — used when you join a live AML Certification Centre webinar via the link in your registration confirmation. Zoom sets its own cookies on its own domain. See Zoom's cookie statement.
These third-party cookies are set on third-party domains, not on learn.amlcertification.com. We have no technical ability to read or set them. They are subject to the privacy and cookie policies of the relevant third party.
6. What we do not set
For clarity:
- No Google Analytics, Google Tag Manager, Plausible, PostHog, Mixpanel, Amplitude, Segment, Hotjar, FullStory, Heap, LogRocket, Datadog RUM or any other analytics tool of our own.
- No advertising cookies, retargeting pixels or any marketing tracker.
- No social-media share pixels (Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, etc.).
- No cross-site tracking identifiers of any kind.
If we ever add any of the above we will update this Cookie Policy and switch to a category-by-category consent banner before any non-essential cookie is set.
7. How to control cookies
You can:
- Clear or block cookies in your browser settings. Every modern browser lets you see what cookies a site has set, delete them, and block future cookies. Note that blocking the cookies in §3 will prevent you from signing in.
- Use private/incognito mode to ensure no cookies persist past your browser session.
- Withdraw a saved "I've seen the cookie banner" acknowledgement by clearing the local-storage entry
amlcc:cookie-notice-acknowledgedfrom your browser's developer tools — the banner will reappear on your next visit.
8. Changes to this policy
If we change the set of cookies we use, we will update this policy, refresh the last-updated date, and show a fresh banner asking you to re-acknowledge. We will also notify you by email if the change introduces any non-essential cookie, so you can give or refuse consent before it is set.
9. Contact
Questions about cookies: [email protected].