Cookie Policy

Cookies are small text files that websites place on your device when you visit them. They are widely used to make websites work, or work more efficiently, as well as to provide information to the website operators. Similar technologies include local storage, session storage, and pixel tags, all of which we refer to collectively as "cookies" in this Policy for convenience.

Cookies can be "session cookies" that are deleted when you close your browser, or "persistent cookies" that remain until they expire or are deleted. They can be "first-party cookies" set by us, or "third-party cookies" set by a service we embed (such as an analytics provider).

Not all cookies are the same. Some cookies are strictly necessary for a website to function; others are used to improve the user experience, analyse how visitors interact with the site, remember preferences, or serve advertising. The legal rules that apply depend on the category.

Strictly necessary cookies: These cookies are essential for the Service to function and cannot be switched off in our systems. They are usually set in response to actions you take, such as logging in to a paid account, submitting a wallet for screening, or filling in a form. On AMLRegister, these include a session token cookie set only after successful login, a CSRF token, and a short-lived rate-limit cookie. We do not require consent for strictly necessary cookies, but we tell you about them for transparency.

Preference cookies: These cookies allow the Service to remember choices you make, such as your preferred language, the chain filter you have selected, or the last-used tab in a research view. They are used to provide a more personal experience and are optional. You can clear them at any time from your browser.

Analytics cookies: These cookies help us understand how visitors use the Service so we can improve it. They collect information such as the pages visited, how long you spend on each page, the features you use, and the referring site. We use an analytics platform that supports privacy-respecting configurations (anonymised IP addresses, short retention, no advertising integration). Analytics cookies are only set with your consent.

Marketing cookies: We do not currently use marketing cookies. If that changes in the future, we will update this Policy and seek your consent before setting any such cookies. We never use cookies to sell your data to advertisers.

The tables below summarise the cookies used by AMLRegister. This list is accurate as of the Effective date of this Policy; we endeavour to keep it up to date but minor variations are possible as we improve the Service.

wt_session — strictly necessary — 30 days — authenticates signed-in sessions where required by the service. Contains an opaque random token that is mapped to your session on the server. Only set after successful login.

csrf_token — strictly necessary — session — used to prevent cross-site request forgery. Set when a form is rendered and validated on submission.

rate_limit_id — strictly necessary — 1 minute — a short-lived identifier used alongside your IP address for abuse prevention.

pref_chain — preference — 12 months — remembers the last chain filter you selected in research views.

pref_theme — preference — 12 months — remembers your dark/light theme choice (where applicable).

_wt_analytics — analytics — 13 months — used by our internal analytics pipeline (IP anonymised, no cross-site tracking, no advertising identifiers). Set only with consent.

When you first visit AMLRegister, a cookie banner asks for your consent to non-essential cookies. You can accept all, reject non-essential cookies, or customise your choices. Your choice is stored for up to twelve (12) months, after which we will ask again.

You can change or withdraw your consent at any time by clicking the "Cookie settings" link in the footer of any page of the Service, or by clearing cookies from your browser which will cause the banner to reappear on your next visit.

Most web browsers let you control cookies through their settings: blocking all cookies, blocking only third-party cookies, or deleting cookies on exit. Please note that blocking strictly necessary cookies will prevent core features of the Service from working. Consult your browser's help documentation for instructions specific to the browser you use.

Some browsers offer a "Do Not Track" signal. The legal status of such signals is unsettled and there is currently no industry consensus on interpretation. Where we detect a valid signal under a recognised standard, we will treat it as a refusal of analytics and marketing cookies.

The Service may embed content from third parties, such as map tiles or video players. Where we do so, those third parties may set their own cookies, over which we have limited control. We keep the number of third-party embeds to a minimum.

Where analytics is provided by a third party, that third party will process cookie-derived data on our behalf under a written data processing agreement, with strict instructions to use the data only for the purposes we specify. We do not permit analytics providers to use the data for their own marketing or profiling purposes.

If you have questions about cookies set by a particular third party embedded on our site, please consult that third party's privacy policy or contact us at dpo@amlregister.com for more information.

In addition to cookies, we may use related technologies: local storage and session storage APIs in the browser (for preference caching and offline behaviour); web beacons or pixel tags (occasionally used in transactional emails to confirm delivery — these are controlled through your email preferences); and server-side session identifiers (for login sessions, linked to cookies on the client side).

All such technologies are subject to the same rules as cookies under this Policy: strictly necessary uses do not require consent, other uses are opt-in, and data is retained only for the periods stated above.

The Service is not directed to children under the age of 16. We do not knowingly set any cookies on devices used by children or use cookies to profile children in any way. If you believe a child has interacted with our Service, please contact us so we can investigate.

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, new features, or updates in law. We will update the Effective date at the top of this Policy and, if changes are material, re-request your consent through the cookie banner. We encourage you to review this Policy periodically to stay informed.

If you disagree with a revised Cookie Policy, you should stop using the Service and clear all cookies from your browser. Previous versions are available on request from dpo@amlregister.com.

Some cookies process personal data. This Cookie Policy should be read together with our Privacy Policy, which explains in detail what personal data we collect, the legal bases for processing, your rights, and how to exercise them. Where there is any inconsistency between the two, the Privacy Policy governs the treatment of personal data.

We do not combine cookie data with other personal data we hold about you to build advertising profiles. Analytics data is used only in aggregated form to understand site usage and improve the product.

Our cookie practices are governed principally by the UK Privacy and Electronic Communications Regulations 2003 (PECR), as amended, and the EU ePrivacy Directive (2002/58/EC) as implemented in the relevant Member State where the visitor is located. These rules work alongside the UK GDPR and EU GDPR where personal data is involved.

Under PECR, consent is required before a cookie or similar technology may be stored on, or accessed from, a user's device, with narrow exceptions for cookies that are strictly necessary to deliver a service explicitly requested by the user. We rely on the strictly-necessary exception only for the cookies categorised as such in this Policy. For all other cookies, we obtain clear, affirmative consent.

Where we operate in jurisdictions with their own rules — for example, California's CCPA/CPRA, Brazil's LGPD, or the Canadian anti-spam legislation — we adapt the consent banner and preference centre to comply. In practice this means our banner is conservative in all jurisdictions, offering the same choices globally.

We operate a Consent Management Platform (CMP) that records, stores, and honours your cookie preferences across visits. When you first arrive on the Service, the CMP displays a banner offering four clear options: accept all, accept only strictly necessary, customise, and decline all non-essential. Your choice is recorded with a timestamp, the version of the banner presented, and the legal basis relied on.

Consent records are retained for a minimum of twelve (12) months to demonstrate compliance with applicable law, and may be retained longer where required. You can access your consent record by contacting our Data Protection Office. Refreshing or clearing your cookies may reset local preferences, but our server-side record of your prior consents is preserved for audit purposes.

The preference centre — accessible from the "Cookie settings" link in the footer of every page — lets you revisit and modify your choices at any time. Changes take effect immediately: cookies you have declined are not set, and cookies previously set under a now-revoked consent are deleted on your next page load. Non-essential third-party scripts are gated by consent, so declining marketing cookies prevents third-party tags from loading at all rather than merely setting the cookies.

Consent is never inferred from browsing behaviour alone. Simply continuing to use the Service does not constitute consent. This conservative approach reflects the requirements of the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive, and aligns with guidance from the UK Information Commissioner's Office and the European Data Protection Board.

Where you are acting on behalf of an organisation (for example, using the Service at work), your organisation's own IT policies may constrain the cookies that are permitted. In that case, we honour the stricter of your individual choice and your organisation's policy.

Cookies are device- and browser-specific. Preferences set on your laptop do not propagate to your phone, and preferences set in Chrome do not propagate to Safari. Each device-browser combination maintains its own cookie jar, and our preference centre interacts only with the current session's jar.

For logged-in users on paid tiers, we additionally store a server-side preference record keyed by account. Cross-device defaults for logged-in users follow the server-side record, so preferences you set in one environment apply when you sign in elsewhere. Non-logged-in users cannot have cross-device preference synchronisation.

If you clear cookies from your browser, the CMP will re-ask for consent on your next visit. This is a feature, not a bug — clearing cookies is commonly used as a "factory reset" for privacy, and the correct response is to treat the user as a fresh visitor.

Private browsing modes (Incognito, Private Window) typically do not persist cookies. In those modes, you will be asked for consent on each visit, and preferences will not carry across sessions. Our systems do not attempt to circumvent this behaviour.

If you have any questions about our use of cookies, please contact us at dpo@amlregister.com or write to Okanewatch Data Protection Office, Okanewatch LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. We aim to respond to all cookie-related enquiries within five (5) business days.

For clarity, this Cookie Policy applies to the Service at https://amlregister.com and its subdomains. Cookies set by entirely unrelated websites — even ones that we link to — are outside the scope of this Policy and are governed by those websites' own cookie and privacy policies. We do our best to keep our external links to sites with similarly respectful privacy practices, but the choice of destination is ultimately yours.

This Policy is written to be readable. We deliberately avoid jargon and cross-references that require law-school training to interpret. If anything in this Policy is nevertheless unclear, please ask us — plain-English questions get plain-English answers, and where we identify recurring points of confusion we update the Policy text accordingly at the next review.