Cookies Policy
Last updated: 8 May 2026
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the site's owners.
2. Categories we use
We group cookies into three categories. You can accept or reject the optional categories via the cookie banner shown on your first visit, or by clicking "Cookie preferences" at any time — in the footer on desktop, or inside the Account tab on mobile.
2.1 Necessary cookies (always on)
Required for the site to function. Cannot be disabled.
| Cookie | Purpose | Retention |
|---|---|---|
| Session cookie | Keeps you signed in | Until you sign out |
| Cart cookie | Remembers your basket between pages | 7 days |
| CSRF token | Protects against form forgery | Session |
2.2 Analytics cookies (optional)
We use Google Analytics 4 (via Google Tag Manager) to understand how visitors use the site. The data is aggregated and anonymised.
| Cookie | Provider | Purpose | Retention |
|---|---|---|---|
| _ga | Distinguishes unique users | 2 years | |
| _ga_* | Stores session state | 2 years | |
| _gid | Distinguishes users | 24 hours |
2.3 Marketing cookies (optional)
We use Meta (Facebook & Instagram) Pixel and TikTok Pixel to measure the effectiveness of advertising campaigns and show you relevant ads on those platforms.
| Cookie | Provider | Purpose | Retention |
|---|---|---|---|
| _fbp | Meta | Browser identifier for Meta Pixel | 3 months |
| _fbc | Meta | Click identifier from Meta ads | 3 months |
| _ttp | TikTok | Browser identifier for TikTok Pixel | 13 months |
3. Server-to-server tracking
In addition to browser cookies, we send purchase and account-creation events from our server to Meta, TikTok, and Google. This is called server-side conversion tracking and is the modern standard for accurate measurement. The same consent rules apply: if you have declined a category, no server-side events are sent to that platform either. Personal identifiers (email, phone) are SHA-256 hashed before transmission so the platforms cannot read your raw email or phone number.
Advanced matching — for users who have accepted marketing cookies, our Meta and TikTok pixels may also include a SHA-256 hashed (one-way encrypted) version of the email or phone number you have entered on the site, alongside the cookie data above. This improves the platforms' ability to match website visits to ad clicks. Hashes are not reversible to the original email or phone. No identifiers are sent if you have declined marketing cookies.
4. Your choices
- You can accept or reject optional cookies via the cookie banner on your first visit.
- You can change your preferences at any time via the "Cookie preferences" link — in our footer on desktop, or inside the Account tab on mobile.
- You can also block or delete cookies via your browser settings; this may affect the site's functionality.
5. Contact
For questions about this Cookies Policy, contact us at info@jeffshalal.co.uk or see our Privacy Policy.