This Cookie Policy explains how craigtodd.com ("Company", "we", "us", or "our") uses cookies and similar technologies when you visit https://craigtodd.com (the "Website"). It outlines what cookies are, which ones we use, and how you can control them.
This policy should be read together with our Privacy Policy, which contains further detail on how we handle your personal data.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are commonly used to make websites work, remember user preferences, and provide essential functionality such as keeping you logged in or maintaining your shopping cart.
There are two types of cookies in general:
- First-party cookies — set directly by craigtodd.com
- Third-party cookies — set by services embedded on a website (for example, payment processors or content delivery networks)
We use only the cookies listed below. All of them are classified as strictly necessary for the operation of the Website or the security of your session.
Cookies We Set
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Session cookies | Maintain your login session and shopping cart | Session | Strictly necessary |
| CSRF token cookie | Protect against cross-site request forgery | Session | Strictly necessary |
| ctm_ref | Affiliate referral session identifier (holds an opaque ID only; the actual referral data is stored on our server) | 90 days | Strictly necessary (functionality) |
| Trusted-device cookie | Allow you to skip two-factor verification on devices you mark as trusted | Configurable (default 30 days) | Strictly necessary |
| wp-settings | Remember your dashboard / admin UI preferences (only set for logged-in users) | 1 year | Strictly necessary |
| wp-lang | Remember your language preference | 1 year | Strictly necessary |
| cf-bm | Cloudflare bot-management cookie used to distinguish humans from automated traffic | 30 minutes | Strictly necessary (security) |
| cf-clearance | Cloudflare challenge-clearance cookie (only set after passing a security challenge) | Up to 30 days | Strictly necessary (security) |
We do not set advertising cookies, retargeting cookies, profiling cookies, or any cookies whose sole purpose is to track your behaviour across other websites.
Cookies We Do Not Set
For the avoidance of doubt, we do not use any of the following:
- Plausible Analytics or any other third-party analytics service
- Google Analytics, Google Tag Manager, or Google Ads cookies
- Facebook Pixel or any Meta tracking pixels
- YouTube cookies (our videos are self-hosted via an EU-based content delivery network and do not set tracking cookies)
- TikTok, Pinterest, or X (Twitter) tracking pixels
- Hotjar, Microsoft Clarity, FullStory, or similar session-recording tools
- Cross-site advertising or behavioural retargeting cookies
- A/B-testing cookies
Analytics
We use our own **self-hosted page-view tracking** to understand which pages are popular and how visitors find us. It runs on our own server, does **not use cookies**, does **not transmit any data to third parties**, and stores only an anonymised daily-rolling visitor identifier that cannot be linked back to you across days. Aggregated and anonymous.
Why We Don't Show a Consent Banner
Under the ePrivacy Directive (Recital 66) and the UK Privacy and Electronic Communications Regulations, cookies that are strictly necessary for the operation of the website or for a service explicitly requested by the user do not require prior consent. Because all cookies we set fall into that category, we do not display a cookie-consent banner.
If we ever introduce non-essential cookies in the future, we will update this policy and present a consent mechanism before any such cookie is set.
Managing Cookies in Your Browser
You can block or delete cookies through your browser settings at any time. For help, visit the support page for your browser:
- Chrome
- Firefox
- Safari
- Microsoft Edge
- Opera
Please note: Disabling strictly-necessary cookies will prevent you from logging in, completing purchases, or having affiliate referrals correctly credited.
Other Tracking Technologies
We may, on occasion, use:
- Web beacons / tracking pixels in transactional emails — these tell us whether a transactional email (for example, a purchase receipt, a password-reset link, or a webinar reminder) was opened, so we can detect deliverability problems. They do not capture any personal data beyond your IP address and the fact of opening. You can disable image-loading in your email client to prevent this.
We do not use Flash Local Shared Objects, fingerprinting, ultrasonic tracking, or any covert identification techniques.
Targeted Advertising
We do not run targeted-advertising campaigns and do not share data with advertising networks. You should not see retargeting ads for craigtodd.com on other websites.
Updates to This Policy
We may update this Cookie Policy from time to time for legal, technical, or operational reasons. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be summarised at the top of the policy when applicable.
Contact
If you have any questions about this Cookie Policy or our use of tracking technologies, contact:
Email: privacy@craigtodd.com
Website: https://craigtodd.com
Last updated: 18 May 2026