Last updated: 21 July 2025
Contents
- Introduction
- What Are Cookies?
- Why We Use Cookies
- Types of Cookies We Use
- Managing Your Cookie Preferences
- Detailed List of Cookies Used
A. WordPress
B. Cloudflare (including Turnstile)
C. Stripe
D. Sentry
E. Google Analytics & reCAPTCHA
F. Getscreen.me
G. Essential Site Cookies
H. Other Third-Party/Plugin Cookies - Legal Basis for Cookies
- Changes to This Policy
- Contact Us
1. Introduction
This Cookie Policy explains how Avefinity (“we”, “us”, “our”), operated by Avery Mainstone (trading as Avefinity), uses cookies and similar technologies on our websites and online services. This policy meets the requirements of the UK GDPR, Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), the EU GDPR, and guidance from the Information Commissioner’s Office (ICO).
2. What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They allow sites to remember your actions and preferences (such as login, language, or privacy choices) over a period of time. Other similar technologies (such as web beacons, pixels, HTML5 local storage, and scripts) are also used and, for simplicity, are referred to as “cookies” in this policy.
3. Why We Use Cookies
We use cookies to:
- Enable essential features and security of our sites and services
- Recognise your device and preferences
- Analyse site usage and performance to improve services
- Facilitate secure payments and remote support
- Protect against fraud, spam, and abuse
- Support logins and forms
- Enable certain third-party integrations
We do not use cookies for advertising or profiling.
4. Types of Cookies We Use
a. Strictly Necessary (Essential) Cookies
These are required for our sites and services to function and cannot be switched off. They are typically set only in response to actions you take (such as logging in or filling out forms). Consent is not required for these cookies.
b. Performance & Analytics Cookies
These help us count visits and sources, see how visitors move around the site, and identify performance issues. These are only set with your consent.
c. Functional Cookies
These enable our websites to remember choices you make (such as your username, language, or region). Some are set by third-party providers.
d. Security & Anti-Abuse Cookies
Used to authenticate users, protect against fraud and abuse (e.g. Cloudflare Turnstile, Stripe anti-fraud).
e. Third-Party Cookies
Some site features rely on trusted third-party providers who may set their own cookies (see section 6).
5. Managing Your Cookie Preferences
- On your first visit, our cookie banner allows you to accept, reject, or customise cookie preferences.
- You can change your choices at any time using the link in our website footer or by contacting us.
- You may also block or delete cookies via your browser settings. Note: Disabling some cookies may affect website functionality.
- For more information, visit AboutCookies.org or ICO Cookies Guidance.
6. Detailed List of Cookies Used
While we aim to provide an accurate and current list of cookies, the actual cookies set may change depending on site updates, features, and third-party services. You may request an up-to-date list at any time by contacting us.
A. WordPress Cookies
| Cookie Name | Purpose | Type | Retention | When Set |
|---|---|---|---|---|
| wordpress_[hash] | Authentication for logged-in users | Essential | Session | When logged in |
| wordpress_logged_in_[hash] | Logged-in status | Essential | Session | When logged in |
| wordpress_sec_[hash] | Security/authentication | Essential | Session | When logged in |
| wp-settings-{user_id} | User dashboard/settings | Functional | 1 year | When logged in |
| wp-settings-time-{user_id} | Timestamp of WP settings | Functional | 1 year | When logged in |
| wp-saving-post | Post autosave/editing | Functional | 1 day | When editing |
| wordpress_test_cookie | Tests if browser supports cookies | Essential | Session | All users |
| comment_author_[hash] | Remembers comment author name | Functional | 347 days | When commenting |
| comment_author_email_[hash] | Remembers comment author email | Functional | 347 days | When commenting |
| comment_author_url_[hash] | Remembers comment author website | Functional | 347 days | When commenting |
| wfwaf-authcookie-[hash] | Wordfence firewall/security (if active) | Security | 1 day | If plugin enabled |
B. Cloudflare Cookies (including Turnstile)
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| __cfduid* | Legacy security, identifies trusted web traffic | Essential | 30 days |
| __cfruid | Rate limiting, DDoS protection | Essential | Session |
| cf_clearance | Access granted after challenge or Turnstile | Essential | 30 mins – 24 hrs |
| __cf_bm | Bot management, abuse prevention | Essential | 30 mins |
| cf_chl_* | Cloudflare challenge and anti-bot | Essential | Varies |
| cf_use_ob, cf_ob_info | Always Online/obfuscation | Functional | Session |
| cf_turnstile_* | Turnstile (CAPTCHA/anti-spam) session | Essential | 30 mins |
Cloudflare never uses cookies for marketing. See Cloudflare Cookie Policy.
C. Stripe Cookies (Payments & Identity)
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| __stripe_mid | Payment fraud prevention | Essential | 1 year |
| __stripe_sid | Payment session management | Essential | 30 mins |
| m | Stripe device/fraud prevention | Essential | 2 years |
Set when making payments or using Stripe Identity. See Stripe Cookies Policy.
D. Sentry Cookies (Error/Performance Monitoring)
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| sentryReplaySession | Error tracing session | Analytics | Session |
| sentryReplayID | Error report session | Analytics | Session |
E. Google Analytics & reCAPTCHA
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| _ga | Unique visitor ID | Analytics | 2 years |
| _gid | Session analytics | Analytics | 24 hours |
| _gat | Throttling requests | Analytics | 1 minute |
| gac* | Stores campaign information | Analytics | 90 days |
| NID | Google reCAPTCHA/Maps functionality | Security | 6 months |
| _GRECAPTCHA | Google reCAPTCHA security | Security | 6 months |
Google cookies set only with your consent or if you use forms protected by reCAPTCHA. See Google Cookie Policy.
F. Getscreen.me (Remote Support)
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| gsme_sessionid | Remote support session ID | Essential | Session |
| gsme_device | Device identification | Essential | Session |
Only set if you use remote support. See Getscreen.me Privacy Policy.
G. Essential Site Cookies
| Cookie Name | Purpose | Type | Retention |
|---|---|---|---|
| PHPSESSID | User session management | Essential | Session |
| cookieConsent/privacy | Records your cookie choices | Essential | 1 year |
| [site]_csrf | CSRF (security) protection | Essential | Session |
H. Other Third-Party/Plugin Cookies (if present)
- Google Fonts: No cookies; may log IP for delivery
- WooCommerce (e-commerce):
woocommerce_cart_hash,woocommerce_items_in_cart(cart)wp_woocommerce_session_*(user session)
- Live chat/feedback tools: If enabled, may set cookies (see tool policy)
7. Legal Basis for Cookies
- Strictly necessary cookies: Used on the basis of our legitimate interests and/or to perform a contract with you (e.g. to provide secure access, process logins, or enable payments).
- Non-essential cookies: Used only with your consent (analytics, functional, some third-party integrations). You may withdraw consent at any time via our cookie controls or your browser.
8. Changes to This Policy
We may update this policy to reflect changes in the law, technology, or our practices. The latest version is always available on our website with the date above. Significant changes will be notified where appropriate.
9. Contact Us
If you have questions about our Cookie Policy or require a full up-to-date list of cookies in use, please contact:
Avery Mainstone (Avefinity)
Email: [email protected]
Correspondence address: 86–90 Paul Street, London EC2A 4NE, United Kingdom
For further details, see our full Privacy Policy