DR7  /  Cookies

Cookie policy.

How this site uses cookies and similar technologies. Audited inventory, PECR position, and how to control cookies.

Last updated: Effective date:

1. What cookies are

A cookie is a small text file that a website asks your browser to store on your device and send back on subsequent requests. Cookies are widely used to make websites work, to remember preferences, and to collect information about how a site is used. The same broad rules apply to other "similar technologies" that achieve comparable outcomes — including HTML5 localStorage and sessionStorage, pixel tags or web beacons, and device or browser fingerprinting techniques. In this policy, references to "cookies" should be read as covering those similar technologies as well.

2. Our approach under PECR and UK GDPR

The Privacy and Electronic Communications Regulations 2003 ("PECR") govern the storage of, and access to, information on a user's terminal equipment. Where reading or writing information from your device is "strictly necessary" to provide a service that you have requested — for example essential session integrity — that activity does not require your consent. For everything else, including most analytics and any advertising or cross-site-tracking activity, PECR requires your prior, freely-given, specific, informed, and unambiguous consent, given by a clear affirmative action.

We aim to set only strictly-necessary cookies, and to use only aggregated, privacy-respecting analytics that, where deployed, meet the Information Commissioner's Office (ICO) "low-risk analytics" threshold for proceeding without consent. Non-essential cookies are not set unless and until consent is obtained, and where consent is the basis for any processing it can be withdrawn at any time without detriment to the underlying service.

3. Cookies we set

The table below lists every cookie and storage key our automated audit observed on this site. The audit visits each public route in a fresh, default headless browser context with no extra interaction, then reads document.cookie, localStorage, sessionStorage, and the browser's cookie jar. The audit log is reproduced inline in the pull request that publishes this page and lives in the repository at artifacts/cookie-audit.json.

Audit result: no cookies and no first-party or third-party storage keys were observed during the most recent automated audit of this site (see artifacts/cookie-audit.json). The site sets no first-party cookies, and no third-party cookies are set on this site.

If we add cookies in future — for example a consent-state cookie when we deploy a consent management interface — we will re-run the audit, update this table, and reflect the change in the "Last updated" date above.

4. Analytics

We do not currently deploy a third-party analytics service on this site. The site is self-hosted and the production Content Security Policy permits scripts only from the same origin, which means no third-party analytics, advertising, or tag-management script can run on the site. Where we deploy analytics in future, it will be an aggregated, privacy-respecting service whose configuration we will document here, and where consent is required by PECR or UK GDPR we will obtain it before any non-essential cookie is set.

5. How to control cookies

You can control and delete cookies through your browser. The exact path varies between browsers but the controls are usually found in the privacy or security section of the browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Safari (macOS): Safari → Settings → Privacy. (iOS) Settings → Safari → Privacy & Security.
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.

Blocking strictly-necessary cookies may prevent parts of any website (not only this one) from working. Browsers also offer a private / incognito mode that discards cookies and storage at the end of the browsing session.

6. Do Not Track and Global Privacy Control

Some browsers transmit a "Do Not Track" (DNT) header, and an increasing number transmit a "Global Privacy Control" (GPC) signal — an opt-out signal that is, in some jurisdictions, treated as a legally binding indication of objection to the sale or sharing of personal data. Because this site does not engage in cross-site tracking, behavioural advertising, or the sale or sharing of personal data, neither DNT nor GPC currently change site behaviour. If we deploy any processing in future for which DNT or GPC is relevant, we will honour those signals.

7. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Where the change is material — for example the introduction of a new category of cookie — we will flag it on the homepage so that you have a fair opportunity to read it before the change takes effect.

8. Contact

For any question about this policy, including to request the most recent cookie audit log, contact info@dr7.co.uk.