Cookie Policy
Last updated: 25 May 2026 (v1.1)
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to the site operator. Similar technologies include localStorage and service workers, which we also use as described below. For brevity, we refer to all of these collectively as "cookies" in this policy.
2. Why You Don't See a Cookie Banner
The UK Privacy and Electronic Communications Regulations (PECR), as amended by the Data (Use and Access) Act 2025 with effect from 5 February 2026, set out five circumstances in which a service can store or access information on your device without your consent:
- Strictly necessary — essential to provide the service you have requested (for example, keeping you logged in, or caching show data for offline access when signal is poor).
- Statistical purposes — collecting aggregated, non-identifying information about how the service is used in order to improve it (analytics), where the data is used only by us, is not shared with any third party for their own purposes, and you have a simple way to object.
- Appearance and functionality — remembering a preference you have expressed (for example, dismissing an onboarding step, or saving event reminders for a show you plan to visit).
- Communication — for transmitting a communication over a network.
- Emergency assistance — for identifying location in an emergency.
We have designed the Service so that everything we store on your device falls within one of these exceptions. We do not use advertising cookies, third-party tracking cookies, cross-site behavioural profiling, third-party analytics providers, or any storage that would require your prior consent under PECR.
Section 3 below sets out the technologies we use and the exception each one relies on. For statistical purposes and appearance/functionality storage, you have a right to object — see section 4.
3. Cookies and Storage We Use
3.1 Strictly necessary
These are essential to provide the Service. You cannot use the login flow, the offline-tolerant show guides, or content uploads without them.
| Name / Type | Purpose | Duration |
|---|---|---|
| Authentication cookies | Maintain your login session if you have an organiser, vendor, or commercial partner account | Session / refresh token expiry |
| Content delivery and security cookies | Set by our content delivery and security provider to route requests, prevent abuse, and protect against bots | Session to 1 year |
| CAPTCHA verification cookies | Issued during sign-up or login by our CAPTCHA provider to verify you are not an automated bot | Short-lived |
| Service worker cache | Cache show guide data (maps, pins, schedules) for offline access when mobile signal is poor | Until cache is cleared |
| localStorage — show bundles | Store cached show data locally so guides load instantly on return visits or with no signal | Until cleared by user |
| localStorage — theme preference | Remember your light/dark mode preference | Until cleared by user |
3.2 Statistical purposes (analytics)
We use a small amount of browser storage to count how many people visit our pages, which sections they look at, and which parts of the platform are most useful. The information is aggregated and anonymous — we do not use it to identify you personally, and we do not share it with any third party for their own purposes. Our analytics are first-party and self-hosted; we do not use any third-party analytics provider.
| Name / Type | Purpose | Duration |
|---|---|---|
| localStorage — visitor_id | A random identifier that lets us count unique visitors without using a cookie or any identifying information. Cleared if you clear your browser data. | Until cleared by user |
| sessionStorage — session_id | A random identifier that helps us understand how a single visit flows across different pages. | Cleared when you close the browser |
| Aggregated event records (server-side) | Page-view counts, navigation patterns, and feature-use counts, recorded against the visitor_id above. Stored first-party; never shared with third parties for their own purposes. | Raw events: 18 months. Aggregated rollups: retained indefinitely (no personal data after aggregation). |
We rely on the "statistical purposes" exception in PECR Regulation 6(4)(c) as amended by the Data (Use and Access) Act 2025. You have a right to object — see section 4.
3.3 Appearance and functionality
These remember a preference you have expressed (for example, schedule reminders for a show, or where you were up to in the organiser onboarding wizard).
| Name / Type | Purpose | Duration |
|---|---|---|
| localStorage — event reminders | Store your selected schedule reminders so you receive notifications for events you've chosen | Until show date passes |
| localStorage — onboarding state | Remember your progress in the organiser onboarding wizard so you can pick up where you left off | Until dismissed or cleared |
You have a right to object — see section 4.
3.4 Consent-based
Push notification subscriptions, where you choose to opt in to receive push notifications from a show you are visiting, are stored on the basis of your explicit consent (browser-level permission prompt). You can withdraw consent at any time through your browser's notification settings.
4. Your Right to Object to Analytics and Functional Storage
For storage relying on the statistical purposes exception (section 3.2) or the appearance and functionality exception (section 3.3), you have a right to object. You can exercise this right at any time by emailing us at [email protected], telling us which device or browser you used to visit (so we can identify the right records to suppress).
We will:
- Confirm receipt of your objection within 5 working days.
- Complete your objection within 30 calendar days, in line with the response window under UK GDPR Article 12.
- Where you provide enough information to identify the relevant visitor identifier, flag it as "do not aggregate" on our servers and remove your data from any future rollups.
- Where you cannot identify a specific device, add your email to our suppression list so any future opt-in attempts from that email are rejected, and provide you with browser-specific instructions for clearing local storage yourself.
You can also clear local storage manually at any time through your browser settings. We have published a short guide with instructions for each major browser at /cookies/clear-local-storage.
Note on an in-product preference centre. We have chosen to provide a single, simple email-based objection mechanism rather than a separate in-product preferences panel. Under the UK's PECR (as amended) the test is whether an objection mechanism is "simple" — not whether it is in-product. One email, no account required, no forms to fill in, is simple. We may add an in-product preference centre in a future iteration of the Service; the email mechanism will remain available regardless.
5. Third-Party Services
We rely on a small number of third-party infrastructure providers to run the Service. These providers may set their own cookies/storage in accordance with their own policies; we have configured these integrations to minimise data exposure where reasonably possible. The functions for which we use third-party providers, and the exception each relies on, are:
- Application hosting and database — strictly necessary.
- Content delivery network and security (including bot/abuse protection and CAPTCHA verification) — strictly necessary.
- Image hosting and processing — strictly necessary; storage is set only when serving images.
- Payment processing, where activated at checkout — strictly necessary; storage is set only during a checkout flow.
- Mapping, where used to render show site maps — provided by Google (Google Maps). This is the only third-party integration that loads content from a third-party domain onto a ShowDayGuide page. Google's own privacy policy applies to any data Google collects when their maps are loaded. We load maps only when needed for a feature you have requested.
We do not use Google Analytics or any third-party analytics provider. Our analytics are first-party and self-hosted (see section 3.2).
You should review Google's policies if you have specific questions about cookies set by Google Maps when it loads. For our other infrastructure providers, the cookies they set are functional and minimal; we are happy to provide additional detail on request to [email protected].
6. Do Not Track Signals
We do not engage in cross-site behavioural tracking, so "Do Not Track" (DNT) browser signals do not change what we collect on our own Service. Third-party services we integrate with handle DNT signals according to their own policies.
7. Managing Cookies
Most web browsers allow you to control cookies through their settings. You can typically find these in the "Options" or "Preferences" menu of your browser. You can also delete cookies and clear local storage through your browser settings.
Please note that disabling strictly necessary cookies or clearing local storage may affect the functionality of the Service — particularly offline access to show guides, your login session, and the ability to complete sign-up or login (which require CAPTCHA verification).
8. Changes to This Policy
We may update this Cookie Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page.
9. Contact
ShowDayGuide is a trading name of ShowDayGuide Ltd, a private limited company registered in England and Wales (company number 17222819), whose registered office is at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.
For privacy and cookie-related questions, or to object to statistical-purposes or appearance-and-functionality storage as described in section 4, contact [email protected].
For general questions about the Service, contact [email protected].