Cookies & browser storage

TL;DR

We don't set tracking cookies on this website. No advertising pixels, no fingerprinting, no third-party analytics that read your device. That's why you don't see a consent banner — under UK law a banner is only required when a site uses non-essential cookies. We don't.

Below is the full disclosure of every piece of state this site stores in your browser, what it's for, and how to clear it.

What we store

Theme preference (localStorage)

When you toggle between light, dark, and system theme using the button in the top-right of every page, we save your choice in localStorage under the key theme. This is read on every page load so the UI doesn't flash the wrong colour scheme before hydration.

Field	Value
Storage	localStorage (never sent to the server)
Key	theme
Value	one of light, dark, system
Lifetime	until you clear it
Lawful basis (UK PECR)	strictly necessary — required for the UI to respect your preference

Strictly-necessary state is exempt from consent under the UK Privacy and Electronic Communications Regulations.

Authentication session (planned, not yet live)

Once the client portal launches in a future release, signing in will set a session cookie used to keep you logged in:

Field	Value
Storage	HTTP cookie (HttpOnly, Secure, SameSite=Lax)
Name	sb-…-auth-token (Supabase Auth default)
Purpose	Identify your authenticated session
Lifetime	Up to one week, refreshed on activity
Lawful basis	strictly necessary — without it, sign-in does not work

This cookie also falls under "strictly necessary" and won't require a consent banner. We'll update this section the day it goes live.

What we don't store

• No tracking cookies — none. Not even first-party.
• No advertising cookies — we don't run ads, don't retarget, and don't integrate with any ad network.
• No third-party analytics cookies — we use Cloudflare Web Analytics, which is intentionally cookieless.
• No social-media tracking pixels — there are no Facebook / LinkedIn / X pixels on any page.
• No "Do Not Track" override — we behave the same regardless of the DNT header because we never tracked you in the first place.
• No fingerprinting — no canvas, audio, font, or device enumeration to identify you across sessions.

Third-party services and their cookies

The site loads scripts from three external origins. None of them set cookies through this site:

Service	What we use it for	Cookies set on our domain?
Cloudflare Web Analytics	Anonymous page-view counts	No
Cloudflare Turnstile (on the contact form)	Spam-bot detection	No
Sentry (when configured)	Error reporting	No

Cloudflare's beacon script does store small amounts of in-memory data in its own scope while computing the Turnstile challenge; it clears on page close and never persists to disk.

How to clear what we do store

Theme preference:

1. Open browser DevTools (F12 / ⌥⌘I).
2. Application tab → Local Storage → the entry for this site.
3. Delete the theme key. The page reverts to the system theme on next load.

Or simply use your browser's "Clear browsing data" option and tick "Cookies and other site data". This clears every piece of state listed here in one operation.

If this changes

We'll update this page whenever we add or remove anything that uses client-side storage. The Last updated date at the top reflects the most recent revision.

If we ever introduce a non-essential cookie (we don't plan to), a consent banner will appear at the same time and you'll be asked to accept before that cookie is set.

Get in touch

hello@fixedpricesoftware.co.uk for anything cookie-related, and see the Privacy policy for the broader data-handling picture.