The short version
Under EU and UK law you only have to ask for consent before setting cookies that aren’t strictly necessary — the analytics, advertising, and tracking kind. We don’t use any of those. The only cookies in play keep you signed in and keep the site secure, our analytics is cookieless, and our fonts are served from our own domain. That’s why you don’t get a pop-up asking you to “accept all.”
What we actually set
- A session cookie — set only after you sign in, so the site recognizes you on the next request. It’s issued byBetter Auth, marked HttpOnly and Secure (so it can’t be read by scripts and only travels over HTTPS), and it clears when you sign out or it expires. If you never sign in, it’s never set.
- Cloudflare security cookies — Cloudflare protects and delivers the site, and may set its own strictly-necessary cookies (such as__cf_bm) to tell humans from bots. These are short-lived, hold no personal profile, and aren’t used to track you across sites.
- A Turnstile check — when you contribute a specimen,Cloudflare Turnstileruns a background challenge to confirm you’re human. It may store a short-lived token strictly to run that security check, not to profile you.
What we don’t set
No advertising cookies. No cross-site tracking cookies. No analytics cookies. No “social” pixels. We don’t sell or share your data, and there are no third-party trackers embedded anywhere on this site.
Analytics without cookies
We useCloudflare Web Analytics to see aggregate page traffic. It is cookieless by design: it sets no cookie, stores no client-side state, doesn’t fingerprint your device, and collects no personal data. If the analytics token isn’t configured for a given deployment, the beacon isn’t even loaded.
Fonts and embeds
Our display font (Inter) is self-hosted on this domain, so loading the site doesn’t send your IP address to a third-party font CDN. Specimen thumbnails and other images are served through Cloudflare. None of this sets a cookie on your browser.
Your controls
You can block or delete cookies in your browser settings at any time — if you block the session cookie you simply won’t be able to stay signed in. Signing out clears the session immediately. Because we don’t track you, there’s nothing for a “Do Not Track” or “Global Privacy Control” signal to turn off — but we honor the spirit of both regardless.
More detail is in the Privacy Policy.