> cat /policy/cookies.txt_
The short version: we barely use any. No tracking, no analytics, no advertising — just one session cookie when you use the contact form.
Hedgehog Security Ltd ("we", "us", "our") operates the website hedgehogsecurity.co.uk (the "Site"). This policy explains what cookies and similar technologies the Site uses, why we use them, and your rights in relation to them.
We believe in practising what we preach. As a cyber security company, we keep our own digital footprint minimal. We do not use analytics cookies, advertising cookies, social media tracking pixels, or any third-party tracking of any kind.
Under the UK Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies do not require user consent. Since we only use one strictly necessary cookie — and only when you actively submit our contact form — we do not display a cookie consent banner. This is not an oversight; it is by design.
We use exactly one cookie. It is set only when you interact with our contact form, and it is deleted when you close your browser.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| PHPSESSID | A session identifier used to protect the contact form against Cross-Site Request Forgery (CSRF) attacks. This cookie is set when you open the contact form and is required for the form to function securely. It contains a randomly generated ID and does not store any personal data. | Strictly necessary | Session (deleted when you close your browser) |
Security flags applied to this cookie:
For the avoidance of doubt, the following types of cookies and tracking technologies are not used on this Site:
| Technology | Status |
|---|---|
| Google Analytics / Tag Manager | Not used. We do not track page views, sessions, or user behaviour. |
| Advertising / remarketing cookies | Not used. We do not run ads or retarget visitors. |
| Social media tracking pixels | Not used. No Facebook Pixel, LinkedIn Insight Tag, or similar. |
| Third-party analytics (Hotjar, Mixpanel, etc.) | Not used. We do not record sessions, heatmaps, or user interactions. |
| Fingerprinting or device identification | Not used. We do not generate browser fingerprints. |
| Preference / personalisation cookies | Not used. Your theme preference (light/dark/terminal) is stored in your browser's localStorage, which is not a cookie and is never sent to our server. |
The Site loads a small number of resources from third-party content delivery networks (CDNs) to provide fonts, icons, and the CSS framework. These are industry-standard, widely-used services.
| Resource | Provider | Cookies Set? |
|---|---|---|
| Bootstrap 5 (CSS & JS) | jsDelivr CDN | No |
| Font Awesome 6 (icons) | Cloudflare CDN | No |
| Google Fonts (Orbitron, Rajdhani, Share Tech Mono) | Google Fonts API | No* |
* Google Fonts does not set cookies, but does log CSS and font file requests including IP addresses. Google states this data is not used for tracking or combined with other Google services. See Google Fonts Privacy FAQ for details.
We do not have control over cookies that your browser may receive directly from these CDN providers. However, at the time of writing, none of these services set cookies via their CDN endpoints. If this changes, we will update this policy and evaluate self-hosting as an alternative.
We use your browser's localStorage to remember your chosen theme (light, dark, or terminal mode). This is not a cookie — it is stored entirely within your browser, is never transmitted to our servers, and persists until you clear your browser data.
| Key | Value | Purpose |
|---|---|---|
| hh-theme | light | dark | terminal |
Remembers your selected visual theme so it persists across page loads. Entirely client-side; never sent to our server. |
You can clear this at any time via your browser's developer tools (Application → Local Storage → hedgehogsecurity.co.uk) or by clearing your browser data. The site will simply default to dark mode.
You have full control over cookies in your browser. Most browsers allow you to refuse or delete cookies through their settings. However, if you block the PHPSESSID cookie, the contact form will not function correctly as the CSRF protection will fail.
Common browser cookie management pages:
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to request information about any personal data we hold about you. Since the PHPSESSID cookie contains only a random session identifier and is deleted when your browser closes, no personal data is stored or retained via cookies on this Site.
We will update this policy if our use of cookies changes. Any significant changes will be noted below with the date of the update. We encourage you to review this page periodically.
Initial cookie policy published. One strictly necessary cookie (PHPSESSID) documented. No analytics, advertising, or tracking cookies in use.
If you have any questions about our use of cookies or this policy, get in touch.