We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Cookies

A cookie lets a website recognise your device and store some information about your preferences or interactions.

Why we use cookies

We use cookie tracking data on ScotAccount to make informed decisions on whether the site is meeting your needs, which leads to us making improvements. For example, we monitor how much traffic each part of the site gets and work to improve areas which are not being found when they should be.

We also use cookies within ScotAccount to keep track of where the user is when setting up an account and to support automatic sign in once the account is created.

Turn cookies on or off

We use 2 main types of cookie on our website. You can choose which cookies you're happy for us to use. Any data collected is anonymous.

ScotAccount

When users sign in to ScotAccount, computers will automatically be issued with ‘cookies’. Cookies are text files which identify users’ sign in to the Scottish Government’s server. Signing in to ScotAccount creates a cookie to automatically sign in the user to their ScotAccount.

The cookies that we set on ScotAccount cannot be used to identify you personally.

Find out more about how to manage cookies for all web.

Cookies in themselves do not identify individual users but store a key to automatically log the user in. Scottish Government ScotAccount session cookies are stored for 4 hrs from the point of sign in. Cookies are deleted after 4 hours

Many websites use cookies to track traffic flows, whenever users visit those websites.

Name Purpose
sid Used to store the session id.
sub_sid Used to store details of the subject session once the user has been authorised.
session Used to store details of the authorisation session.
session.sig Used to store the session cookie signature in order to detect if it has been modified.
accepted-cookies Used to store a user's cookie preferences.
__Host.antiCSRF _CSRF cookies are used for security to prevent Cross site request forgery attacks - it’s submitted with every form to ensure it’s actually our user that sent the data. There are two such cookies (perhaps more in the future) : in consent-pwya.sign-in.service.gov.scot domain and in pwya.sign-in.service.gov.scot domain.
d8cb1ed4d194a9b1366b1545fa53c2048ba62c44848208da7dd266e442adbd14 Mobile handoff cookie - it’s used to verify the user when on their mobile device which hasn’t been through full SSO sign in. Name is obfuscated, not human-friendly (we may decide to un-obfuscated it in the future).

Most modern web browsers allow users to control cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Google Analytics

We use Google Analytics to collect information about how you use ScotAccount.

We store information about:

  • the pages you visit and how long you spend on each page
  • how you got to ScotAccount
  • what you click on while you're visiting ScotAccount

We do not:

  • collect information that can be used to identify you; for example, we never receive your name or address
  • make any attempt to find out the identities of people visiting ScotAccount
  • allow the tools that we use to find out the identities of people visiting ScotAccount
  • sell, trade or give your details to third parties, unless we are required to do it by law

All information we get through cookies and analytics will be treated in confidence.

We anonymise the last 3 digits of all ScotAccount user IP addresses for Google Analytics, so that we can ensure that you are protected (you can read more about how this works here). We can only see a general overview of which regions and cities you may come from, not where individuals access from.

Find out more about security and privacy in Google Analytics.

You can opt out of Google Analytics cookies.

Google Analytics’ cookies

Name Information Expiry
_ga This is used to understand and differentiate between different users. 13 Months
_ga_<container-id> Used to persist session state. Container ID is the identifier for the Google Analytics account being used. 13 Months
_gid _gid has a different ID for each page set on, and a timestamp. This assists with plotting user journeys. 24 Hours

Further information

You can email the performance team for further information. Email: performance@gov.scot

Get help with this page

If you need help, you can contact us.

Tell us:

  • what you're trying to do
  • what the problem is

We'll reply to you by email. It may take us up to two working days to get back to you.

Note: Your feedback will help us make improvements on this site. Please do not provide any personal information