Legal
Cookies
Last updated 2026-05-16
Short version
We don't set marketing cookies. We don't set tracking cookies. We don't use third-party advertising networks. Our analytics is cookieless. There's no cookie banner because there's nothing about cookies that needs your consent under PECR.
Strictly necessary cookies
A few cookies are set by infrastructure providers we depend on, all of which fall under the "strictly necessary" category that doesn't require consent under PECR / UK GDPR:
-
__cf_bm(Cloudflare bot management): set when Cloudflare's security layer needs to distinguish automated traffic from humans. Expires after 30 minutes of inactivity. Contains no personal data. -
cf_chl_*(Cloudflare Turnstile): short-lived challenge tokens used by the inquiry form's anti-spam check. Expires after a few minutes once the challenge completes.
Analytics
We use Plausible Analytics for aggregate page-view metrics. Plausible is privacy-first and cookieless: no cookies are set, no personal data is collected, no cross-site tracking, no IP address is stored in identifiable form. Plausible is hosted in Germany (EU), so analytics data does not leave the EU/UK. We see numbers like "this page got 47 views this week" and nothing more.
What we deliberately don't do
- No Google Analytics or Meta Pixel
- No advertising or remarketing cookies
- No cross-site tracking
- No social media tracking pixels
- No A/B testing tools that store identity
Browser-level controls
If you want to block cookies anyway, including the strictly necessary ones, your browser's settings let you do that. Doing so may interfere with the inquiry form's spam protection but won't otherwise affect your reading of the site.
Questions
Email kirsteen@cotswoldcohost.co.uk if anything here isn't clear or you'd like more detail.