(Wundercode · Cookie Policy) Effective · 26 May 2026 · v 2026.05
(03)Cookies, in detail

Cookies, in detail.

We use the smallest set of cookies that can reasonably make a website work — and we ask before setting anything optional. This page lists every single cookie we set, what it's for, how long it stays, and how to turn it off. One quick way to manage everything: click the small "Cookies" button at the bottom-left of any page on this site.

PECR · UK ePrivacy Opt-in by default No third-party trackers 1-click change-your-mind
01 · What's a cookie

The tiny lockers.

A "cookie" is a small text file your browser stores at a website's request. The website can read its own cookies on later visits. They're useful for things a website genuinely needs to remember — like "did this person agree to analytics", or "the user prefers the dark palette".

Cookies can be first-party (set by the site you're on) or third-party (set by a domain other than the one you're visiting). We don't use any third-party cookies. We don't load any third-party scripts that set them either.

Strictly speaking we also use localStorage for a couple of things — a longer-lived browser storage that does the same job as a cookie. For the purposes of this policy and the UK Privacy and Electronic Communications Regulations 2003 (PECR), we treat localStorage entries exactly like cookies: same consent rules, same disclosure rules.

02 · Three categories

How we group them.

The consent banner sorts cookies into three buckets:

  • Essential — the site can't function without these. They're set without asking, on a legitimate-interest basis under PECR Reg. 6 (4).
  • Analytics — let us see which pages are read. Opt-in.
  • Preferences — remember choices you make on the site (palette, motion). Opt-in.

You can mix and match. Essential only is a single click; Accept all is another single click; Manage opens individual toggles.

03 · Essential

Always on.

Cookies and storage entries the site cannot reasonably function without:

Name Purpose Retention Type
wc-cookie-consent Stores your consent choice (essential / analytics / preferences) and the policy version it was given against. Without it we'd have to ask you on every page-load. 12 months · localStorage Essential
cf_clearance Set by Cloudflare on completion of a security challenge — proves your browser passed the bot check. Required to keep the site available under DDoS conditions. 30 minutes Essential
__cf_bm Cloudflare bot-management token. Distinguishes humans from automated traffic in a privacy-preserving way (no fingerprinting). 30 minutes Essential

None of these are used to track you across sites or to build any kind of advertising profile.

04 · Analytics

Off until you opt in.

We use Plausible Analytics — a privacy-first, EU-hosted, cookieless-by-default tool. Yes, "cookieless" — Plausible does not set tracking cookies. The reason this section exists at all is that, under the strictest reading of PECR, the act of running an analytics script can itself require consent even without cookies. So we ask anyway.

Name Purpose Retention Type
(no cookie set) Plausible records the URL viewed, referrer, hashed IP (rotated every 24 h), country and coarse browser/OS. No personal identifiers, no cross-site profile. Aggregate stats only. No client-side storage Analytics
wc-analytics-allowed Records that you said "yes" to analytics, so we don't have to ask again. Set only if you opt in. 12 months · localStorage Analytics

Withdraw consent any time via the bottom-left "Cookies" button. The analytics script stops loading immediately and any prior aggregate counters that included your visits will, over time, age out of the rolling stats.

05 · Preferences

For the tweak panel.

The Wundercode° landing has a Tweaks panel — palette, motion, layout variant. If you set anything in there, we can keep it across visits — but only if you opt in to preference cookies.

Name Purpose Retention Type
wc-tweaks-state JSON blob of your tweak panel state: palette, motion on/off, headline variant. Stays on your device only. 12 months · localStorage Preferences
wc-exit-intent-seen Records that we already showed you the exit-intent prompt this session, so we don't pester you twice. Session only Preferences
06 · Third-party content & embeds

What we don't load.

This site has no Meta Pixel, no Google Analytics, no LinkedIn Insight Tag, no TikTok Pixel, no X tracker, no YouTube embeds with cookies, no Vimeo cookies-mode embeds. The page-background hero video is self-hosted; we don't load anything from third-party media providers that would set their own cookies.

External links we mention (Companies House, the ICO, the EU ODR portal, Cal.com once you click "Book a call") open in a new tab and become subject to their own privacy policies once you arrive. While you stay on wundercode.studio, the only domain talking to your browser is ours.

07 · Manage your choice

Three ways to change it.

  1. Bottom-left "Cookies" button — appears on every page once you've made a choice. One click reopens the banner with your current settings pre-filled.
  2. Browser settings — every major browser (Safari, Firefox, Chrome, Edge, Brave, Arc) lets you view and delete cookies and localStorage per-site. Search for "view cookies" + your browser name.
  3. Email us — at hello@wundercode.studio if a setting won't budge. A human will get back to you within 48 h.

Withdrawing consent is exactly as easy as giving it. One click.