Skip to Main Content
Auckland Transport

Cookies Cookies

AT.govt.nz puts small text files (known as ‘cookies’) onto your computer or device to improve your user experience by collecting information about how you use the site.

We don’t use cookies to identify you personally; we use cookies to:

  • Measure how you use the website so we can improve it to meet your needs.
  • Remember information, so you can complete tasks without having to re-enter data or repeat selections.

Find out more about what cookies are.


How we use cookies


Analysing website and app usage

We use Google Analytics, Google Tag Manager, Google Firebase and Hotjar to analyse how customers use our website and apps. This information helps us meet your needs and identify improvements to our digital services, content, and user experience.

Google Tag Manager is used to manage tags (snippet of JavaScript that sends information to a third party, such as Google) on our site and apps.

Tags we use are:

  • Google Analytics.
  • Google Firebase (currently only used in our AT Metro app).
  • Hotjar

Google Tag Manager does not set cookies. See Google Tag Manager Terms of Service and Google privacy policy for more information.

Google Analytics stores information about:

  • The pages you visit.
  • How long you spend on each page.
  • How you got to the site.
  • What you click on while you’re visiting the site.

Google Analytics sets the following cookies:

Universal Analytics

Name Purpose Expires
_ga Unique identifier so we can distinguish and count unique visitors to the site 2 years
_gat Used to manage the rate at which page view requests are made  10 minutes 

We use Google Firebase in our AT Mobile and AT Metro apps. Google Firebase is a collection of tools that help app owners add core features such as analytics, notifications, and crash reporting to their iOS and Android apps. The features we use are:

  • Analytics – analyse user behaviour and demographics, so that we can improve content and user experience. The type of information collected, includes:

    • The number of users and sessions.
    • Session duration.
    • Operating system.
    • Device model.
    • Geography.
    • First launch.
    • App open.
    • App update.
  • Remote config – push out minor app updates without users having to download a new version.
  • Crash reporting – monitors our app for errors.
  • Notifications – send notifications to app users.
  • Dynamic links – create universal links that work across web, iOS and Android.

Google Firebase uses cookies, anonymous identifiers for mobile devices (eg Android Advertising Identifier or Advertising Identifier for iOS) or similar technology to collect data. Find out more about how Google uses data when you use their partners' sites or apps.

You can opt out of advertisement tracking on iOS and Android in your device settings. Notifications can be turned off in the AT Metro app settings. We currently do not have an option for users to disable Firebase analytics or crash reporting. Please think about any privacy implications before downloading and/or using our mobile app. 

We don’t collect or store your personal information (eg your name or address), so this information can’t be used to identify who you are. We don’t allow Google to use or share our analytics data.

Remembering preferences and selections

Some cookies store your selections and settings so when you return to the site, we can present you with information customised to fit your needs.

Name Purpose Expires
MyFavourites - AT Remembers information during your visit so that you don't have to re-enter data or repeat selections When you close your browser
Mystops Records the recent stops that you checked in the Real Time Board 1 year
FedAuth Authentication cookie used to facilitate Single sign-on (SSO) for MyAT When you close your browser
FedAuth1 Authentication cookie used to facilitate SSO for MyAT When you close your browser

Forgery protection

We use cookies to protect you and our website from malicious activity.

Name Purpose Expires
__RequestVerificationToken Protection against cross-site request forgery (CSRF) When you close your browser

Hotjar

We use Hotjar to understand where we need to improve the website. Hotjar is not designed to track individual users.

Name Purpose Expires
_hjClosedSurveyInvites Set once a visitor interacts with a Survey invitation modal pop-up. It is used to ensure that the same invite does not reappear if it has already been shown. 365 days
_hjDonePolls Set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not reappear if it has already been filled in. 365 days
_hjMinimizedPolls Set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimized when the visitor navigates through your site. 365 days
_hjShownFeedbackMessage Set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if the visitor navigates to another page where it is set to show. 365 days
_hjid Set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 365 days
_hjRecordingLastActivity This should be found in Session storage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). Session
_hjTLDTest When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. Session
_hjUserAttributesHash User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. Session
_hjCachedUserAttributes Stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. Session
_hjLocalStorageTest Used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. Under 100ms (milliseconds)
_hjIncludedInPageviewSample Used to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit. 30 minutes
_hjIncludedInSessionSample Used to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit. 30 minutes
_hjAbsoluteSessionInProgress Used to detect the first pageview session of a user. This is a True/False flag set by the cookie. 30 minutes

Hotjar does not track or record visitors who have cookies disabled.

For more information about Hotjar cookies and for details on setting Hotjar to not to track your visit.

iPerceptions survey tool 

A survey tool that lets us create adhoc pop surveys eg was this useful.

Name Purpose Expires
IPE_S_113688 Makes sure that you only receive a single survey invitation when you visit the website When you close your browser

YouTube videos

We use YouTube to provide videos on some pages of the site. YouTube sets cookies when you visit one of these pages.

Name Purpose Expires
_use_hitbox Randomly generated number that identifies your browser When you close your browser
VISITOR_INFO1_LIVE Used by YouTube to count the views of embedded YouTube videos 8 months
HSID Security cookie used to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties 2 years
SID Security cookie used to authenticate users, prevent fraudulent use of login credentials and protect user data from unauthorised parties 2 years
PREF Used on Google sites like YouTube to store user preferences such as preferred language 8 months
SAPISID Used on Google sites like YouTube to store user preferences such as preferred language 2 years
SSID Used on Google sites like YouTube to store user preferences such as preferred language 2 years
YSC Used on Google sites (YouTube) to store user preferences such as preferred language When you close your browser
dkv Used by Google services to display targeted advertising 2 years
s_gl Used by Google services to display targeted advertising When you close your browser

Controlling cookie settings on your computer


You can manually adjust the cookie settings on your internet browser so some or all of the cookies on our website won’t be downloaded onto your computer or device. 

Some browsers also have an "incognito" mode, where cookies are deleted after you've closed all of your incognito windows and tabs.

Please be aware that by blocking some or all of the cookies on our website, parts of our website may not work correctly or at all.

To learn how to manage the cookie preferences on your internet browser, click on the 'Help' menu on your browser.

Find out more about managing cookies.