What we set, why.

Cookies are small text files saved by your browser when you visit a site. We use the smallest set we can get away with — no third-party advertising or tracking cookies. The categories below cover everything we set.

These keep the site working — signing you in, remembering what’s in your cart, protecting checkout from abuse and storing your CSRF token. You can’t opt out of these without breaking basic functionality. They include the Auth.js session cookie, our cart identifier and a CSRF token.

If you change theme or locale settings we store that choice in a cookie so the site remembers it next time. These expire after 12 months of inactivity.

We don’t currently run third-party analytics. If that changes we’ll update this page and, where required, ask for consent through a cookie banner before any non-essential cookies are set.

Stripe sets cookies on the checkout page as part of its fraud-prevention (Radar). These are controlled by Stripe under its own privacy notice — see stripe.com/privacy.

Embedded videos (e.g. YouTube) set their own cookies if and when you press play. We don’t embed advertising or social-media tracking pixels.

You can change your choice anytime — opens the consent panel:

You can also clear or block cookies from your browser settings at any time. Blocking the strictly-necessary ones will sign you out and empty your cart; everything else is safe to block without functional side-effects.

See our privacy policy for the wider story on how we use the data behind these cookies.