Last updated 2026-05-16
What cookies are
Cookies are small text files saved by your browser when you visit a site. We use the smallest set we can get away with — no third-party advertising or tracking cookies. The categories below cover everything we set.
Strictly necessary
These keep the site working — signing you in, remembering what’s in your cart, protecting checkout from abuse and storing your CSRF token. You can’t opt out of these without breaking basic functionality. They include the Auth.js session cookie, our cart identifier and a CSRF token.
Preferences
If you change theme or locale settings we store that choice in a cookie so the site remembers it next time. These expire after 12 months of inactivity.
Analytics
We use Google Analytics 4 to understand which pages and products people engage with. Cookies in the _ga / _ga_* family record an anonymous client ID, page views, scroll depth on a few key pages, and ecommerce events (view, add to cart, purchase). IP addresses are truncated by Google before they hit the analytics database.
Analytics cookies only load if you accept them — by default they’re denied via Google’s Consent Mode v2, and you can flip them off any time using the Cookie preferences link.
Third parties
Stripe sets cookies on the checkout page as part of its fraud-prevention (Radar). These are controlled by Stripe under its own privacy notice — see stripe.com/privacy.
Embedded videos (e.g. YouTube) set their own cookies if and when you press play. We don’t embed advertising or social-media tracking pixels.
Managing cookies
You can change your choice anytime — opens the consent panel:
You can also clear or block cookies from your browser settings at any time. Blocking the strictly-necessary ones will sign you out and empty your cart; everything else is safe to block without functional side-effects.
See our privacy policy for the wider story on how we use the data behind these cookies.