Short version: we use the minimum cookies required to make the site work, no tracking cookies, no advertising cookies. No banner needed because we don't set non-essential cookies.
Cookies we set
| Cookie | Purpose | Lifetime |
|---|---|---|
| sid | Logged-in customer session | 30 days |
| cart | Shopping cart contents (signed token) | Session |
| cf_clearance | Cloudflare bot protection | 30 days |
| _csrf | Cross-site request forgery protection | Session |
All of the above are first-party, strictly necessary cookies. None are used for advertising or cross-site tracking. They are exempt from prior-consent requirements under EU ePrivacy and Australian Privacy Principles.
Cookies we don't set
- No Google Analytics, Google Tag Manager, or any cross-site analytics with persistent identifiers
- No Facebook Pixel, LinkedIn Insight, TikTok Pixel
- No advertising or remarketing cookies
- No fingerprinting or device-tracking signals beyond standard server logs
Analytics
We use a privacy-respecting aggregate analytics tool that does not set cookies and does not record visitor identifiers. It counts page views per URL and logs the referring domain — no individual visitor is identified or tracked across sessions.
Browser controls
All major browsers let you block or delete cookies via settings. Blocking sid or cart means logged-in features and cart functionality won't work — that is the trade-off, since these cookies are the feature.
Updates
If we ever introduce non-essential cookies (e.g. an A/B testing tool that needs them), we will add a consent banner and update this page before doing so.
Last updated: 2026-04-25.