Legal

Cookie policy

What this site stores in your browser, why, and how to opt out. The short version: no analytics, no advertising, no third-party tracking — just the technical cookies needed to log into the admin area, remember your theme choice, and run the contact form's bot challenge.

Last updated: 10 May 2026.

What cookies are

Cookies are small text files a website asks your browser to store. The browser sends them back on subsequent requests so the site can recognise you between page loads. localStorage works similarly but is read by JavaScript rather than sent automatically. This page covers both.

What this site uses

Strictly necessary

These are required for the site to work and are exempt from the consent requirement under the UK Privacy and Electronic Communications Regulations (PECR).

  • PHP session cookie (typically PHPSESSID) — set when you sign into the admin area at /admin. It links your browser to a server-side session so subsequent admin requests are authenticated. HttpOnly, Secure, SameSite=Lax. Lifetime: until the browser session ends or you log out.
  • CSRF token cookie — paired with the hidden CSRF token on admin forms and the public contact form to prevent cross-site request forgery. HttpOnly, Secure, SameSite=Lax. Lifetime: same as the session cookie.

Functional preference

Set only when you change a preference. Not required for the site to work, but the alternative is asking you to pick the same theme on every page load.

  • Theme preference — remembers whether you chose the light, dark, or VT100 (terminal) theme. Stored as a first-party cookie when you change theme via the toggle. Secure, SameSite=Lax. Lifetime: 1 year.

Bot-challenge (third-party, contact form only)

If the contact form has Cloudflare Turnstile enabled, Cloudflare sets a small number of cookies for the duration of the challenge in order to distinguish humans from automated submission scripts. These cookies are issued by Cloudflare, governed by their own policy, and only loaded when you visit /contact with Turnstile active. Turnstile is privacy-preserving by design (no third-party tracking IDs); see Cloudflare's cookie policy for the full list.

What this site does not do

  • No analytics (no Google Analytics, Plausible, Matomo, Fathom, or equivalents).
  • No advertising or remarketing pixels.
  • No social-network embed tracking.
  • No cross-site identifiers, fingerprinting, or behavioural profiling.

That's why you do not see a cookie consent banner — under PECR and the UK GDPR, only strictly necessary cookies are placed without prior consent, and the theme preference is set only when you actively change theme.

Server logs

The web server records standard request-line information (timestamp, IP address, method, path, status code, user-agent, referrer) so I can investigate errors, abuse, and brute-force attempts against the admin area. This is not a cookie, but it is a form of data collection — see the privacy policy for retention details.

Managing cookies

You can clear or block cookies from this site at any time from your browser's settings:

Blocking the strictly-necessary cookies will prevent admin login from working but does not affect any public page on the site.

Contact

Questions about this policy can be sent to privacy@peterbassill.com or via the contact form.

See also: Privacy policy · Security policy.