Cookie policy
What cookies we use, why, how long they last, and how to control them — with the full list of every cookie this site sets.
This page lists every cookie this site sets, what it does, and how to opt out. Our privacy policy covers personal data more broadly.
What is a cookie?
A cookie is a small text file (a few hundred bytes) that a website stores on your device when you visit. Cookies let sites remember small pieces of state — whether you're signed in, what's in your wishlist, what events you're comparing — and can collect anonymous analytics about how the site is used. They're sent back to the server on each request so the site can give you a continuous experience.
Cookies are categorised by:
- Source: first-party (set by us) or third-party (set by another domain like Stripe)
- Purpose: strictly necessary, functional, or analytics
- Duration: session (deleted when you close the browser) or persistent (stored for a defined time)
Strictly necessary
These are required for the site to function. You can't opt out of them; without them the booking flow and self-service portal won't work.
| Cookie | Purpose | Duration | Source |
|---|---|---|---|
better-auth.session_token | Keeps admins signed in to the dashboard | 7 days | First-party |
customer_token | Keeps customers signed in to the booking-management portal after a magic-link login | 90 days | First-party |
cookie_consent | Remembers whether you've accepted or declined non-essential cookies | 1 year | First-party |
| Stripe session cookies | Set during the Stripe Checkout flow for fraud detection and to keep your payment session alive | Session — typically minutes | Third-party (Stripe) |
Functional
These remember things you've chosen to make the experience work better. They are technically optional but disabling them noticeably degrades the site.
| Cookie | Purpose | Duration | Source |
|---|---|---|---|
wl_anon | Anonymous wishlist before you sign in (up to 50 events). Merged into your account on first magic-link login. | 90 days | First-party |
compare_ids | Events you've added to comparison (up to 3) | 30 days | First-party |
recent_views | Last 12 events you've viewed, used to power "recently viewed" and basic recommendations on the homepage | 90 days | First-party |
customer_email | Pre-fills the email field on the booking form when you return — saves you typing | 1 year | First-party |
recent_searches (localStorage) | Last 5 searches you've made, shown as suggestions in the search bar. Stored in browser localStorage rather than cookies; never sent to us. | 30 days | First-party (browser-only) |
Analytics (only with your consent)
Set only after you click "Accept all" on the cookie banner. We use these to understand aggregate site usage — page views, conversion funnels, where customers drop off — never to track you across other sites or build advertising profiles.
| Cookie | Purpose | Duration | Source |
|---|---|---|---|
| Vercel Analytics | Aggregate page views and Core Web Vitals. Anonymised — no IP retention, no cross-site tracking. | Up to 1 year | Third-party (Vercel) |
| Plausible (if configured) | Aggregate page views and conversions. Plausible is privacy-first: no cookies, no personal data, no cross-site tracking. Listed here for completeness; only active if your installation enables it. | None — cookieless | Third-party (Plausible) |
How to control cookies
On this site
The first time you visit, a banner asks whether you accept analytics cookies. You can:
- Accept all: all cookies in this policy are set
- Decline: only strictly-necessary and functional cookies are set; no analytics
To change your choice later, clear the cookie_consent cookie in your browser and reload — the banner will reappear.
In your browser
Every modern browser lets you view, block or delete cookies. Specifics vary by browser; here are the docs:
Note: blocking all cookies will break the booking flow and self-service portal. Blocking just analytics cookies is fully supported and is what the "Decline" button on our banner does.
Browser-level "Do Not Track" / Global Privacy Control
If your browser sends a Global Privacy Control header, we treat it as a "Decline" signal automatically — no analytics cookies are set, regardless of what you click on the banner.
Third-party cookies on Stripe Checkout
When you reach the Stripe Checkout page to pay, Stripe sets its own cookies for fraud detection and session management. We don't control these. See Stripe's cookie policy for the full list and opt-out options.
Changes to this policy
We'll update this page if we add or remove cookies. The latest version is always here with a last-updated date.
Last updated: February 2026.