Skip to main content
Start your first project

Cookie policy

Cookie Policy

Last updated: 14 July 2026

Privacy Policy →

This Cookie Policy explains how The Site Book, operated by REDCLAN VENTURES LTD (Company No. 17142372), uses cookies and similar technologies when you visit our website at thesitebook.co.uk.

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and understand how you use the service. Some cookies are essential for the site to work; others help us improve it.

2. How we ask for consent

When you first visit The Site Book, we show a cookie consent banner. You can accept or decline non-essential cookies. Your choice is stored for 12 months. Essential cookies are always active because the site cannot function without them.

You can change your preference at any time using the always-visible Cookie preferences control. Declining expires the optional first-party analytics and advertising cookies we can access and removes optional acquisition data from local storage.

Until you accept, Google Consent Mode keeps analytics_storage, ad_storage, ad_user_data and ad_personalization denied. Accepting grants analytics and advertising measurement storage and user-data signals; ad_personalization remains denied because we do not request consent for personalised advertising. Declining leaves every signal denied. For our server-side Google Ads matching, we require both your accepted cookie_consent preference and an affirmative consent signal on the conversion request.

3. Cookies we use

Essential cookies

These cookies are required for the site to function and cannot be disabled.

CookiePurposeDuration
cookie_consentStores your cookie consent preference12 months
cookie_consent_updated_atOrders preference changes safely across browser tabs so an older acceptance cannot overwrite a later withdrawal12 months
__clerk_*Authentication session managed by ClerkSession / 7 days
__cf_bmCloudflare bot management (security)30 minutes

Analytics cookies

These cookies help us understand how visitors use the site. They are only set if you accept cookies via the consent banner.

CookiePurposeDuration
_ga, _ga_*Google Analytics — distinguishes unique visitors and tracks page views2 years
ph_*PostHog — product analytics and feature usage12 months
tsb_compare_srcFirst-party compare-page attribution for signup measurement7 days
_clck, _clsk, CLID, ANONCHK, MR, MUID, SMMicrosoft Clarity — heatmaps, session recording, and site interaction analyticsSession to 13 months

If you decline cookies, Google Analytics operates in Consent Mode v2 — a privacy-safe, cookieless mode with no personal identifiers. Microsoft Clarity is not loaded, and its heatmaps and session recordings are disabled. PostHog analytics are also disabled entirely.

Advertising cookies

If you arrive via a Google Ads campaign, conversion tracking measures whether the ad led to a lead or verified paid purchase. Advertising storage and user-data matching are only active if you accept cookies.

CookiePurposeDuration
_gcl_auGoogle Ads conversion linker90 days

Server-side conversion matching (not a cookie)

With your consent, we may create privacy-minimised Google Ads / Google Data Manager records for a submitted, qualified or won Site Control lead and for a verified paid purchase. A record may contain a Google click identifier (gclid, gbraid or wbraid) and a normalised email address transformed into a one-way SHA-256 hash before it is stored or sent. We do not send the raw email address to Google Data Manager.

These are server-side records, not browser cookies. We retain them for up to 90 days for attribution, deduplication and retry handling, or delete them sooner when a valid withdrawal or erasure request is actioned. A hash is still pseudonymous personal data: Google may match it to an account it already holds. If ad-user-data consent is not granted on the originating submission, our server-side matching does not attach click identifiers or a hashed email and does not upload that record to Google Data Manager.

Account-deletion tombstone (not a cookie)

After an account is deleted, we retain a separate privacy-minimised record so a delayed or replayed paid Stripe event cannot recreate it. The record contains the opaque user ID and a domain-separated, keyed HMAC-SHA-256 digest of the normalised email address, never the raw email. It is used only for account anti-resurrection and billing, fraud or legal audit, and expires after a maximum of 7 years.

4. Local storage

We also use browser local storage for a small number of functional preferences (e.g. consent state mirror and UI preferences). After you accept optional cookies, we also use it for limited first-party acquisition attribution. This may include campaign and referral parameters, landing page, referrer, a pseudonymous visitor identifier and a Google click identifier if one was present in the arrival URL. It lets us carry the source through a lead, signup or checkout journey and measure our own marketing.

We do not store this acquisition attribution in local storage before acceptance, and we remove these entries when you decline optional cookies. It is not itself a Google Data Manager upload: using a click identifier for Google matching also requires ad-user-data consent. You can also remove local storage by clearing your browser data.

5. Managing cookies in your browser

You can delete or block cookies through your browser settings. Note that blocking essential cookies may prevent the site from functioning correctly.

Declining optional cookies prevents your browser from granting consent on new submissions and clears optional identifiers from that browser. If you are signed in as the billing owner, we also store the current choice and its change time on your product account. Declining then permanently removes the matching keys from every unsent Google Ads record linked to your user. Accepting again permits future consented events only; it does not restore a suppressed record.

A signed-out, one-off setup-service checkout has no product account to update before provisioning, so any consented completion measurement is limited to the choice captured for that checkout. If you previously submitted a Site Control enquiry, use the form below to receive a one-time confirmation link. After confirmation, we revoke the consent stored with that enquiry and make every unsent Google Ads matching record permanently unmatchable. Data already submitted to Google cannot be recalled.

If you cannot use the email link, contact [email protected]. We will verify your request before changing any data.

6. Changes to this policy

We may update this Cookie Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision.

7. Contact

Questions about our use of cookies? Contact us at [email protected].

For more detail on how we handle personal data, see our Privacy Policy.