Skip to main content

Cookie Policy

PECR & UK GDPR Compliant

1. What Are Cookies?

Cookies are small text files stored on your device to improve user experience and site performance.

2. How We Use Cookies

We group cookies into three categories. You can accept, reject, or customise each category (other than Strictly necessary) via our cookie banner.

  • Strictly necessary – required for the site to work (e.g. login sessions, CSRF protection, your consent choice itself). Cannot be turned off.
  • Analytics – help us understand how the platform is used so we can improve it. Set only with your consent.
  • Marketing & advertising – help us measure the effectiveness of our ads on Facebook and Instagram and show relevant ads to people who have visited TrustDiner. Set only with your consent.

3. Cookies We Set

The table below lists the main cookies and similar identifiers we use. Browsers and third parties may set additional short-lived technical cookies that aren't listed individually.

3.1 Strictly necessary

  • Session cookies (1st-party) – authenticate you while you are signed in. Cleared when you sign out or after inactivity.
  • CookieConsent (1st-party) – remembers your consent choices so we don't ask again on every page load. Retained for up to 180 days.

3.2 Analytics (consent required)

  • Mixpanel (1st-party identifiers) – product analytics, used to understand which features people use and where they get stuck. Retained for up to 12 months.
  • Google Analytics (_ga, _ga_*) – aggregated traffic and behaviour analytics. Retained for up to 13 months.

3.3 Marketing & advertising (consent required)

  • Meta Pixel _fbp (1st-party) – set by Meta's pixel script to associate browser-level events with our advertising on Facebook and Instagram. Retained for up to 90 days.
  • Meta third-party cookies (fr and similar, from facebook.com) – may be set when our pixel exchanges data with Meta. Controlled by Meta; see their cookie policy below.

Automatic Advanced Matching (AAM) has been enabled since the Meta Pixel was first deployed on TrustDiner on 13 May 2026. This disclosure was added to the policy on 14 May 2026. When you have granted Marketing & advertising consent, your browser hashes (SHA-256) a limited set of identifiers — email address, first name, last name, and (if entered on the page) city / postal code — before sending them to Meta alongside the standard pixel events. The hashing is one-way and irreversible. AAM helps Meta match your activity to a known Facebook or Instagram account so that advertising attribution is more accurate. Full detail is in section 9.1 of our Privacy Policy. Rejecting Marketing & advertising cookies switches AAM off along with the rest of the pixel.

4. Managing Your Consent

You can accept, reject, or customise non-essential cookies via our cookie banner. To change your choice later, re-open the banner from the footer link, or clear the CookieConsent cookie in your browser.

Rejecting Marketing & advertising stops the Meta Pixel from loading and from sending any events about your visit to Meta.

5. Third-Party Services

  • Mixpanel – product analytics. See their privacy policy.
  • Google Analytics (Google Ireland Ltd) – aggregated traffic analytics. See Google's privacy policy.
  • Meta Platforms Ireland Ltd (Meta Pixel) – ad measurement and retargeting on Facebook and Instagram. See Meta's privacy policy and cookie policy.
  • SendGrid – marketing email performance.

Each third party has its own privacy policy and complies with UK GDPR. Where any of these providers process data outside the UK/EEA, transfers rely on the UK extension to the EU–US Data Privacy Framework and/or Standard Contractual Clauses.

6. Updates

We may update this Cookie Policy as our services evolve. The latest version will always appear on this page. Last updated: 14 May 2026 (AAM disclosure added).