Cookie Policy
Cookies are small text files a website asks your browser to store. We use a small number of them — most are strictly necessary or functional, set as a direct result of something you did (logging in, clicking a referral link, going to checkout). With your consent we also load Google Analytics so we can see which pages help and which confuse.
We do not use advertising or retargeting cookies, and we do not sell data to data brokers.
Cookies we set
| Name | Purpose | Duration | Category |
|---|---|---|---|
shandy_session | Keeps you signed in to your account. | 30 days | Strictly necessary |
shandy_ref | Remembers the referral code you clicked, so we can apply the £15 credit at signup. Only set if you visit a /r/<code> link. | 30 days | Functional |
shandy_consent_v1 | Remembers whether you accepted or declined analytics cookies, so we don't pester you on every visit. | Until you clear it | Strictly necessary |
Analytics (only if you accept)
If you click Accept all on the cookie notice, we load Google Analytics 4. It sets a couple of cookies (_ga and _ga_*) so it can tell return visits from new ones and group pageviews into a session. We use this strictly to see which pages people find useful and where bookings stall — not for ads.
We use Google Consent Mode v2 with IP anonymisation and ad-data redaction turned on, so even consenting visitors don't get profiled for advertising. If you click Essential only (or close the banner), Google Analytics doesn't load and these cookies are never set.
| Name | Set by | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics | Distinguishes unique visitors. | 2 years |
_ga_* | Google Analytics | Stores session state for the GA4 property. | 2 years |
Google's privacy info is at policies.google.com/privacy.
Third-party cookies on the checkout page
When you reach the booking checkout, we load Stripe's payment elements. Stripe sets its own cookies (such as __stripe_mid and __stripe_sid) for fraud detection on the payment form. These are strictly necessary for the payment feature to work safely and are controlled by Stripe.
| Name | Set by | Purpose | Duration |
|---|---|---|---|
__stripe_mid | Stripe | Fraud prevention on the payment form. | ~1 year |
__stripe_sid | Stripe | Fraud prevention during a payment session. | ~30 minutes |
Stripe's full cookie policy is at stripe.com/cookies-policy/legal.
Do we need your consent?
Under the UK's Privacy and Electronic Communications Regulations (PECR), consent isn't required for cookies that are strictly necessary to provide a service you've actively asked for — like signing in, attributing a referral you followed, or taking payment securely. We do need your consent for analytics cookies, which is why the notice on your first visit asks before we load Google Analytics.
You can change your mind at any time by clearing the shandy_consent_v1 cookie / localStorage entry — we'll show the notice again on your next visit.
Managing or removing cookies
You can delete cookies or block them entirely in your browser settings. Doing so will sign you out, may stop your referral credit from applying, and will break the payment form. Help pages for the major browsers:
Changes
If we add new cookies or change why we use existing ones we'll update this page and the "last updated" date.