Legal
Cookie Policy
Effective 4 March 2026
This Cookie Policy explains how Draft.red (“we”, “us”, “our”) uses cookies and similar technologies on draft.red (the “Site”). It should be read alongside our Privacy Policy.
We operate under the Privacy and Electronic Communications Regulations 2003 (“PECR”), as amended, and the UK General Data Protection Regulation (“UK GDPR”). Our cookie use is also informed by the ICO’s Guidance on Cookies and Similar Technologies and the exemptions introduced by the Data (Use and Access) Act 2025.
1. What is a cookie?
A cookie is a small text file that a website places on your device when you visit. Cookies serve a range of functions: they can remember your login state, store your preferences, or (in the case of third-party analytics and advertising cookies) track your behaviour across multiple sites. Cookies may be “session cookies” (deleted when you close your browser) or “persistent cookies” (retained for a defined period or until deleted manually).
2. What cookies we use
Draft.red uses only strictly necessary cookies. We do not use analytics cookies, advertising cookies, tracking pixels, or any other cookies that are not essential to the operation of the Service.
| Cookie | Type | Duration | Purpose |
|---|---|---|---|
| Session cookie | First-party, persistent | 30 days or session end | Maintains your authenticated login state. Without this cookie the Service cannot identify you as a logged-in user, and the authenticated parts of the site will be inaccessible. |
| CSRF token | First-party, session | Session | A security token that prevents cross-site request forgery attacks. It is included with form submissions to verify that requests originate from the Site and not from a malicious third party. |
| Load balancer affinity cookie | First-party, session | Session | Routes your requests to the correct server instance during your session. Present only where infrastructure load balancing is in use. |
3. Strictly necessary cookies and the law
Under PECR Regulation 6(4), cookies that are strictly necessary to provide a service explicitly requested by the user are exempt from the consent requirement. The ICO defines “strictly necessary” narrowly: a cookie is strictly necessary only if the website or service cannot function without it.
The session authentication cookie and CSRF token satisfy this test. You cannot access the authenticated portions of draft.red without the session cookie, and the CSRF token is a technical security requirement for form submissions. These cookies are not used for marketing, tracking, or profiling.
Because we use only strictly necessary cookies, we are not legally required to display a cookie consent banner under PECR. We are, however, required to inform you clearly about their existence and function, which this policy does.
4. What we do not do
We want to be explicit about what is absent from our cookie use:
- ·We do not use Google Analytics, Hotjar, Mixpanel, or any other third-party analytics service
- ·We do not use Facebook Pixel, Google Ads conversion tracking, or any advertising cookies
- ·We do not set social media tracking cookies from Twitter, LinkedIn, or any other platform
- ·We do not use cross-site tracking technologies that follow you across other websites
- ·We do not build advertising or behavioural profiles
- ·We do not sell data derived from cookie usage
5. Third-party cookies
Our payment processor (Stripe or equivalent) may set cookies when you access the payment or checkout flow. These are set by the payment processor in their capacity as a separate data controller and are subject to their own privacy and cookie policies. We have no control over these cookies.
No other third-party scripts or embeds that set cookies are loaded on the Site.
6. How to manage cookies
You can control and delete cookies through your browser settings. The major browsers provide guidance at the following links:
Please note: deleting or blocking the session authentication cookie will sign you out of the Service. Blocking strictly necessary cookies will prevent the authenticated parts of the Site from functioning. The Service cannot be used without these cookies.
7. Changes to this policy
We will update this policy if our cookie usage changes. Any changes will be posted here with an updated effective date. If we introduce non-strictly-necessary cookies in the future, we will obtain any required consent before setting them.
Questions? Contact us at privacy@draft.red.