Cookie Policy

Cookies are small text files placed on your device by websites you visit. Some are essential for the site to function; others help us understand how visitors use the site. Under the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR, we ask for your consent before setting any non-essential cookies.

These cookies are required for the site to work properly and cannot be switched off. They do not track you across websites.

• cordon_access — admin login session token (httpOnly, secure, expires after 24 hours). Only set when an admin signs into /admin.
• cordon_refresh — admin refresh token (httpOnly, secure, expires after 7 days). Same purpose.
• cordon_cookie_consent — remembers your cookie choice so we don’t ask again on every page (stored in localStorage, 12 months).
• cordon_token — client-side copy of your admin access token (localStorage; same lifetime as the access cookie). Admin area only.

If you accept analytics cookies, we use PostHog to understand which pages and features visitors use. We have disabled session recording — PostHog only captures aggregate page views and click events. PostHog is based in the United States and is a data processor on our behalf.

• ph_* / __ph_opt_in_out_* — PostHog distinct ID, session ID, and opt-in status. Set only after you accept analytics.

We do not currently set any marketing or advertising cookies.

You can update your choice at any time:

• Click the Cookie Preferences button (also in the footer of every page).
• Or clear cookies and site data in your browser, which will trigger the banner again on your next visit.

Most browsers let you block or delete cookies via their settings. Note that blocking strictly-necessary cookies will break the admin area; blocking analytics is fine and is the default for new visitors.

For more on how we handle personal data, see our Privacy Policy. Questions? Email dean@cordonapps.co.uk.