Legal
Cookie notice
We keep this short because we set very few cookies. Last updated 27 May 2026.
1. The short version
The TuinApp marketing site (tuinapp.co.uk and tuinapp.com) sets only strictly necessary cookies. We do not run Google Analytics, Hotjar, Meta Pixel, LinkedIn Insight Tag, or any other analytics or advertising trackers. We do not fingerprint your browser. We do not sell or share cookie data with advertisers.
Because we set only strictly necessary cookies, the Privacy and Electronic Communications Regulations 2003 (PECR) and ICO guidance do not require us to ask for your consent before setting them. We still want to be transparent about what they do, so the table below lists every cookie we set.
2. Cookies we set
| Name | Purpose | Set by | Duration | Category |
|---|---|---|---|---|
__cf_bm | Bot-management. Distinguishes humans from automated requests so Cloudflare can apply DDoS and abuse protection. | Cloudflare (first-party, on our domain) | 30 minutes | Strictly necessary |
cf_clearance | Records that you have passed a Cloudflare challenge, so you are not re-challenged on every page view. | Cloudflare (first-party) | 30 days (or until you clear it) | Strictly necessary |
Both cookies are set by our DDoS protection layer (Cloudflare). They are flagged HttpOnly, Secure and use SameSite=Lax. They do not contain personal data; only an opaque token used by Cloudflare to recognise the same browser.
3. Cookies we do NOT set
- No Google Analytics, Google Tag Manager, or other web-analytics cookies.
- No advertising or retargeting cookies (no Meta Pixel, no LinkedIn Insight Tag, no Google Ads remarketing).
- No social-media share/like trackers.
- No A/B testing or session-replay tools (no Hotjar, no Mouseflow, no FullStory).
- No customer-data-platform pixels (no Segment, no RudderStack).
- No third-party fonts or scripts that set cookies. (Font Awesome is loaded with our own CSS; no Google Fonts call-out.)
If we add any non-necessary cookies in the future, we will show a consent banner that lets you accept, reject, or fine-tune per category before any non-necessary cookie is set, in line with PECR and ICO guidance.
4. Local storage and session storage
The Site does not use the browser's localStorage or sessionStorage for any persistent identifier. Form-submission flow uses one short-lived hidden field for spam protection (a CSRF-style token) which is removed once the page is reloaded.
5. How to control cookies on your device
Every modern browser lets you view, block, and delete cookies. If you block all cookies on our Site, the Cloudflare bot-protection layer may issue you a one-off challenge per visit, and our spam protection may take a little longer to verify form submissions, but the Site will otherwise work.
- Chrome: Manage cookies in Chrome
- Safari: Manage cookies in Safari
- Firefox: Manage cookies in Firefox
- Edge: Manage cookies in Edge
You can also use the EFF's Privacy Badger or DuckDuckGo's tracker blocker. We have nothing to hide; check us and let us know if you find anything.
6. Changes to this notice
We will update this page whenever we add or remove a cookie. The "Last updated" date at the top shows the most recent change.
7. Questions
For anything cookie or tracking related, email [email protected].
Last updated: 27 May 2026.