Skip to main content
Legal

Cookie policy.

DeliverShot runs on essential cookies only. No advertising cookies, no cross-site tracking, no analytics cookies. This page lists everything that is actually set, and why.

Last updated · 13 July 2026

01

What this policy covers

This policy explains the cookies and similar technologies used on the DeliverShot website, on photographer galleries, and in the photographer dashboard. It sits alongside our Privacy Policy, which explains everything else we do with personal data.

A cookie is a small text file a website stores on your device. We also use your browser’s local storage, which does the same job for a couple of things but never leaves your device — those are listed in section 5.

Under the Privacy and Electronic Communications Regulations (PECR), consent is not required for cookies that are strictly necessary to provide a service you have asked for. We only set cookies in that category, so you will not see a consent wall — just a notice telling you they exist.

02

Cookies we set

Guest gallery session

session_<studio>_<event> — set when a guest opens their event gallery, so they stay signed in to it and can find their photos, place an order, and manage their data without signing in again on every page. HttpOnly, Secure, SameSite=Lax. Expires after 30 days, or sooner if the event closes first. One cookie per event gallery you open.

Photographer and studio sign-in

sb-… — set by our authentication provider when a photographer or a studio team member signs in, and used to keep them signed in. HttpOnly, Secure. Managed by the authentication provider and refreshed as the session is used.

Referral attribution

pea_ref — set only if you arrive by following a photographer’s referral link. It holds nothing but the referral code, so that we can credit the referring photographer if you later create a studio and pay for a subscription. HttpOnly, Secure. Expires after 30 days. It is a first-party cookie, it carries no profile of you, and it is never used for advertising or cross-site tracking.

03

Cookies set by our providers

Stripe — checkout and fraud prevention

When you reach the checkout page to buy prints or downloads, our payment provider Stripe loads its own payment form and sets cookies (including __stripe_mid and __stripe_sid). Stripe uses these to detect fraudulent payments and to keep the payment session working. They are set only on pages where the payment form is shown, and we cannot process a card payment without them. Stripe describes them in its own cookie policy.

Cloudflare — bot protection

Public forms — for example the contact form on a photographer’s portfolio page — are protected against bots and spam by Cloudflare Turnstile. Cloudflare may set a strictly necessary security cookie on the pages where that check runs. It exists to tell a person from a bot, and is not used to profile you or to track you between websites.

04

What we don't use

  • No advertising cookies. We don’t run ads and we don’t sell ad space.
  • No cross-site tracking. Nothing we set follows you to another website.
  • No analytics cookies. Our product analytics tool is self-hosted by us and works without cookies at all. It records aggregate page views and a small set of product events (for example, “checkout completed”) so that we can see which features are used. It sets no cookie, uses no browser storage, and does not follow you across other websites. There is more detail in section 09 of our Privacy Policy.
  • No data sold or shared with data brokers. Ever.
05

Local storage

Two things are kept in your browser’s local storage rather than in a cookie. They stay on your device and are not sent to us with every request:

  • cookie-notice-dismissed-v1 — remembers that you have dismissed the cookie notice, so it doesn’t reappear on every page.
  • cart_<studio>_<event> — the contents of your basket for an event, so your selections survive a page refresh before you check out. It is cleared once the order completes.

You can clear both at any time through your browser’s “clear site data” controls.

06

Managing cookies

Every major browser lets you see the cookies a site has set, delete them, and block new ones — usually under Settings → Privacy. You can also use a content blocker.

Be aware of what blocking costs you here: because every cookie we set is essential, blocking them will break the thing they exist for. Blocking the gallery session cookie means you cannot stay signed in to a gallery. Blocking Stripe’s cookies means you cannot complete a payment. Blocking the referral cookie costs you nothing at all — the only effect is that the photographer who referred you will not be credited.

You can also opt out of our cookie-free analytics at the network level by turning on your browser’s Do Not Track setting or by using a content blocker. Doing so has no effect on the service.

07

Changes and contact

If we add a cookie, this page is updated before it ships, and the “last updated” date at the top changes with it.

Questions about this policy, or about anything else we do with your data, go to privacy@delivershot.com. Other ways to reach us are on our contact page.