Cookie Policy
Last updated: March 30, 2026
1. What Are Cookies
Cookies are small text files placed on your device (computer, tablet, or mobile phone) by your web browser when you visit a website. They are widely used to make websites work efficiently, provide analytics, remember your preferences, and deliver a personalized experience.
This Cookie Policy explains what cookies and similar technologies we use, why we use them, and how you can control them. This policy should be read alongside our Privacy Policy and Terms of Service.
2. How We Use Cookies and Similar Technologies
We use HTTP cookies set by our domain and by third-party services for the following purposes:
- Strictly Necessary: To enable core features of the Service, such as user authentication, session management, payment processing, fraud prevention, and security. These cookies cannot be disabled.
- Analytics (requires consent): To understand how visitors interact with our website and Service, helping us improve user experience. These cookies are only loaded after you provide explicit consent through our cookie banner.
In addition, we use browser-based storage mechanisms (Local Storage and Session Storage) for application functionality. These are not cookies in the traditional HTTP sense — they are client-side storage used for authentication tokens, user preferences, and consent records. They are not transmitted to third-party servers.
3. Cookies We Use
The following table lists the HTTP cookies set on our website:
| Category | Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|---|
| Strictly Necessary | __stripe_mid | Stripe | Fraud detection and payment security. Required for PCI-DSS compliant payment processing. | 1 year |
| Strictly Necessary | __stripe_sid | Stripe | Session-level fraud detection for secure payment processing. | Session |
| Analytics | _ga, _ga_* | Google Analytics | Distinguishes unique users and tracks page views. Only set after consent. | 2 years |
| Analytics | _gid | Google Analytics | Session-level user distinction for analytics. Only set after consent. | 24 hours |
4. Browser Storage (Non-Cookie Technologies)
We use Local Storage and Session Storage for application functionality. These are not HTTP cookies — they are not automatically sent to servers with each request and are not accessible by third parties.
| Key | Storage Type | Purpose |
|---|---|---|
| dc_cookie_consent | Local Storage | Records your cookie consent choice and timestamp for compliance. |
| dc_preferences | Local Storage | Stores user interface preferences (theme, language, layout). |
| Authentication tokens | Local Storage | Maintains your authenticated session. Managed by Supabase Auth. |
5. Non-Essential Cookies Are Blocked by Default
In compliance with the ePrivacy Directive (EU/EEA) and UK PECR, we do not load any non-essential cookies (including analytics) until you provide explicit consent through our cookie consent banner. No Google Analytics scripts or tracking pixels are initialised before consent is given.
Strictly necessary cookies (Stripe fraud prevention) are loaded without prior consent, as they are required for the Service to function and for the security of payment transactions. This is permitted under Art. 5(3) of the ePrivacy Directive.
6. Third-Party Cookies
Some cookies are placed by third-party services integrated into our website. We do not control the content or behaviour of these cookies. The following third parties may set cookies through our site:
- Stripe (Stripe Privacy Policy) — Strictly necessary cookies for payment processing, fraud prevention, and PCI-DSS compliance.
- Google Analytics (Google Privacy Policy) — Analytics cookies loaded only after your explicit consent.
- Google OAuth — Authentication cookies set only when you choose to sign in with Google.
7. Your Cookie Choices
7.1 Cookie Consent Banner
When you first visit our website, you will be presented with a cookie consent banner. You can choose to:
- Accept All: Enable all cookies, including analytics.
- Essentials Only: Allow only strictly necessary cookies required for the Service to function.
- Reject All: Decline all non-essential cookies.
Your consent choice is recorded with a timestamp in your browser's Local Storage for compliance record-keeping. You can change your preferences at any time by clearing your browser's cookies and Local Storage, which will cause the consent banner to appear again on your next visit.
7.2 Browser Settings
Most web browsers allow you to manage cookies through their settings. You can:
- Block all cookies or only third-party cookies.
- Delete existing cookies.
- Set preferences for specific websites.
Please note that blocking strictly necessary cookies may impair the functionality of the Service, including payment processing.
Browser-specific cookie management guides:
7.3 Opt-Out of Analytics
To opt out of Google Analytics tracking, you can install the Google Analytics Opt-out Browser Add-on.
8. Legal Basis for Cookies (EEA/UK)
Under the ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC) and the UK Privacy and Electronic Communications Regulations (PECR):
- Strictly Necessary Cookies: Do not require consent as they are essential for the Service to function. This includes Stripe cookies for payment security. Legal basis: Art. 5(3) ePrivacy Directive (exemption for cookies strictly necessary to provide the service).
- Analytics Cookies: Require your explicit, informed, and freely given consent before being placed on your device. Legal basis: Consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive).
We do not load any non-essential cookies or tracking scripts until you provide affirmative consent through our cookie banner.
9. Consent Record
When you interact with our cookie consent banner, we store the following information locally on your device:
- Your consent choice (accept all, essentials only, or reject all).
- The date and time of your consent decision.
This record is stored solely in your browser's Local Storage to ensure we respect your preferences on subsequent visits. We do not transmit this consent record to our servers or share it with third parties.
10. Do Not Track
Some browsers offer a "Do Not Track" (DNT) setting. There is currently no universally accepted standard for how companies should respond to DNT signals. We treat DNT signals as equivalent to declining non-essential cookies — if your browser sends a DNT signal, we will not load analytics cookies unless you explicitly consent through our cookie banner.
11. Changes to This Cookie Policy
We may update this Cookie Policy to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Where required by law, request renewed consent for non-essential cookies.
- Notify you via a prominent notice on the Service where appropriate.
12. Contact Us
If you have questions about our use of cookies or wish to exercise your data rights, please contact us:
ColdCoach
Email: privacy@coldcoach.com