Cookie policy
Last updated: 12 July 2026
This website sets no cookies. None. No analytics cookies, no advertising cookies, no fingerprinting, no localStorage tracking, no third-party embeds. That's why there's no cookie banner: EU law (the ePrivacy Directive and GDPR) requires consent before non-essential cookies are set, and we simply don't set any.
What actually happens when you browse
- Pages are served statically from our host (AWS Amplify). Standard web server logs may record your IP address briefly for security and capacity purposes.
- The preferences and account pages talk to our API using a signed link token carried in the URL: not stored in a cookie, not readable by anyone else, and expiring after 30 days.
- If you switch between light and dark mode, that single choice is saved in your browser's localStorage. It never leaves your device and identifies nothing about you.
The store is a separate space
When you subscribe, checkout happens on our store, which runs on Shopify. Shopify sets its own strictly-necessary cookies there (cart, session, fraud prevention) and shows its own cookie notice governed by its policy. That's outside this website, and we've configured no additional marketing pixels or trackers in it.
If this ever changes
If we ever introduce cookies that need consent (for example, analytics), we'll add a proper consent banner first (opt-in, not pre-ticked) and update this page. Questions? Email hello@nightlybundle.com.