Legal · Cookies
Cookie policy
Last updated ·
Working draft.
This document is a clear-language draft and will be reviewed by a UK solicitor before live payments are accepted. The substance reflects our intent and current operating practice.
Short version
We set three small, strictly-necessary cookies. We do not run analytics, advertising, or third-party tracking. There is no cookie banner choice you can make that turns the shop off — these cookies are only what's needed to make sign-in and the basket work.
The cookies we set
nuxt-session
Stores an encrypted reference to your sign-in state. Set when you log in, removed when you log out. Lasts up to seven days. Server-only (HttpOnly), not accessible to JavaScript.
lig_cart_key
A random key that lets us find the basket attached to your session. Set the first time you add something to your basket. Lasts 60 days. The basket itself is stored on our server, not in the cookie.
ncc_c / ncc_e
Records that you have seen the cookie banner and your choice on it. Set when you click any of the banner buttons. Lasts a year, so we don't pester you on every visit.
Cookies we do not set
- No Google Analytics, GA4, Meta Pixel, or any advertising tracker
- No third-party social media share scripts
- No cross-site session cookies
Managing cookies
Use the Manage link in the footer to revisit the banner choice. Browser settings can also clear or block cookies — but blocking the strictly-necessary ones above will break sign-in and the basket.
Stripe and Resend
Stripe sets its own cookies on the embedded payment form for fraud detection during checkout. These are session-scoped and only present while you're paying. Resend (used for transactional email) does not set any cookies on the site.