Cookies
Last updated: 10 July 2026
Short version: we use one cookie, and it's the sign-in one. No advertising cookies, no third-party trackers, no consent banner theatre — because there's nothing to consent to.
The cookies we set
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
ch_session | Keeps you signed in to your account (HttpOnly, Secure, SameSite=Lax) | Strictly necessary | 30 days |
Strictly necessary cookies don't require consent under PECR. If you never sign in, this cookie is never set.
Payments
When live card payments are enabled, the checkout step loads Stripe, which sets its own strictly-necessary cookies for fraud prevention on that page. Stripe's cookie policy: stripe.com/cookies-policy.
Analytics without cookies
Our analytics are first-party and cookieless: we count page views against an anonymous identifier that rotates every day and cannot be linked across days or to your identity. We honour the Do Not Track and Global Privacy Control browser signals by not recording anything at all.
Managing cookies
You can clear or block cookies in your browser settings; blocking ch_session simply means sign-in won't persist.