Cookie policy
Cookie Policy
Last updated: 14 July 2026
This Cookie Policy explains how The Site Book, operated by REDCLAN VENTURES LTD (Company No. 17142372), uses cookies and similar technologies when you visit our website at thesitebook.co.uk.
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and understand how you use the service. Some cookies are essential for the site to work; others help us improve it.
2. How we ask for consent
When you first visit The Site Book, we show a cookie consent banner. You can accept or decline non-essential cookies. Your choice is stored for 12 months. Essential cookies are always active because the site cannot function without them.
You can change your preference at any time using the always-visible Cookie preferences control. Declining expires the optional first-party analytics and advertising cookies we can access and removes optional acquisition data from local storage.
Until you accept, Google Consent Mode keeps analytics_storage, ad_storage, ad_user_data and ad_personalization denied. Accepting grants analytics and advertising measurement storage and user-data signals; ad_personalization remains denied because we do not request consent for personalised advertising. Declining leaves every signal denied. For our server-side Google Ads matching, we require both your accepted cookie_consent preference and an affirmative consent signal on the conversion request.
3. Cookies we use
Essential cookies
These cookies are required for the site to function and cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
| cookie_consent | Stores your cookie consent preference | 12 months |
| cookie_consent_updated_at | Orders preference changes safely across browser tabs so an older acceptance cannot overwrite a later withdrawal | 12 months |
| __clerk_* | Authentication session managed by Clerk | Session / 7 days |
| __cf_bm | Cloudflare bot management (security) | 30 minutes |
Analytics cookies
These cookies help us understand how visitors use the site. They are only set if you accept cookies via the consent banner.
| Cookie | Purpose | Duration |
|---|---|---|
| _ga, _ga_* | Google Analytics — distinguishes unique visitors and tracks page views | 2 years |
| ph_* | PostHog — product analytics and feature usage | 12 months |
| tsb_compare_src | First-party compare-page attribution for signup measurement | 7 days |
| _clck, _clsk, CLID, ANONCHK, MR, MUID, SM | Microsoft Clarity — heatmaps, session recording, and site interaction analytics | Session to 13 months |
If you decline cookies, Google Analytics operates in Consent Mode v2 — a privacy-safe, cookieless mode with no personal identifiers. Microsoft Clarity is not loaded, and its heatmaps and session recordings are disabled. PostHog analytics are also disabled entirely.
Advertising cookies
If you arrive via a Google Ads campaign, conversion tracking measures whether the ad led to a lead or verified paid purchase. Advertising storage and user-data matching are only active if you accept cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| _gcl_au | Google Ads conversion linker | 90 days |
Server-side conversion matching (not a cookie)
With your consent, we may create privacy-minimised Google Ads / Google Data Manager records for a submitted, qualified or won Site Control lead and for a verified paid purchase. A record may contain a Google click identifier (gclid, gbraid or wbraid) and a normalised email address transformed into a one-way SHA-256 hash before it is stored or sent. We do not send the raw email address to Google Data Manager.
These are server-side records, not browser cookies. We retain them for up to 90 days for attribution, deduplication and retry handling, or delete them sooner when a valid withdrawal or erasure request is actioned. A hash is still pseudonymous personal data: Google may match it to an account it already holds. If ad-user-data consent is not granted on the originating submission, our server-side matching does not attach click identifiers or a hashed email and does not upload that record to Google Data Manager.
Account-deletion tombstone (not a cookie)
After an account is deleted, we retain a separate privacy-minimised record so a delayed or replayed paid Stripe event cannot recreate it. The record contains the opaque user ID and a domain-separated, keyed HMAC-SHA-256 digest of the normalised email address, never the raw email. It is used only for account anti-resurrection and billing, fraud or legal audit, and expires after a maximum of 7 years.
4. Local storage
We also use browser local storage for a small number of functional preferences (e.g. consent state mirror and UI preferences). After you accept optional cookies, we also use it for limited first-party acquisition attribution. This may include campaign and referral parameters, landing page, referrer, a pseudonymous visitor identifier and a Google click identifier if one was present in the arrival URL. It lets us carry the source through a lead, signup or checkout journey and measure our own marketing.
We do not store this acquisition attribution in local storage before acceptance, and we remove these entries when you decline optional cookies. It is not itself a Google Data Manager upload: using a click identifier for Google matching also requires ad-user-data consent. You can also remove local storage by clearing your browser data.
5. Managing cookies in your browser
You can delete or block cookies through your browser settings. Note that blocking essential cookies may prevent the site from functioning correctly.
Declining optional cookies prevents your browser from granting consent on new submissions and clears optional identifiers from that browser. If you are signed in as the billing owner, we also store the current choice and its change time on your product account. Declining then permanently removes the matching keys from every unsent Google Ads record linked to your user. Accepting again permits future consented events only; it does not restore a suppressed record.
A signed-out, one-off setup-service checkout has no product account to update before provisioning, so any consented completion measurement is limited to the choice captured for that checkout. If you previously submitted a Site Control enquiry, use the form below to receive a one-time confirmation link. After confirmation, we revoke the consent stored with that enquiry and make every unsent Google Ads matching record permanently unmatchable. Data already submitted to Google cannot be recalled.
6. Changes to this policy
We may update this Cookie Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision.
7. Contact
Questions about our use of cookies? Contact us at [email protected].
For more detail on how we handle personal data, see our Privacy Policy.