Last updated: 29 June 2026
The current site uses essential session security and local preferences only. It does not use advertising, behavioural analytics, or cross-site tracking.
1. Current position
The current build is designed to operate without advertising cookies, analytics cookies, cross-site tracking pixels, social-media embeds, or behavioural profiling. It uses only limited technical storage needed for form security, the privacy-choice interface, and small local preferences used to remember how the public record registry is displayed.
2. Essential PHP session
When a visitor uses a form, the server may set a PHP session identifier. The session supports anti-forgery protection, validation, security, and safe submission handling. It does not contain the form message itself and is not used for advertising. The session is configured with secure attributes where supported, including HttpOnly and SameSite restrictions.
3. Local preferences
The registry can remember whether a visitor selected grid or list view. The privacy interface also stores an essential-only choice so the notice is not repeatedly shown. These preferences are stored locally in the browser under Waffles-specific keys. They are not transmitted for advertising, do not identify the visitor by themselves, and can be removed through browser storage settings or reopened through the “Cookie settings” control in the footer.
4. Technology not currently used
- no Google Analytics or comparable audience analytics;
- no advertising networks or retargeting pixels;
- no embedded Facebook, Instagram, TikTok, X, or YouTube players;
- no fingerprinting or cross-site identity matching;
- no heatmaps, session recording, or behavioural replay;
- no marketing automation cookies;
- no payment or shopping-cart cookies.
5. Your controls
The “Cookie settings” control in the footer reopens the privacy panel at any time. Browsers also allow users to inspect, block, and delete cookies and local storage. Blocking the essential session may prevent contact and record-submission forms from working correctly. Deleting local preferences restores the default view and causes the privacy notice to appear again.
6. Future changes and consent
If analytics, embedded media, advertising, or another non-essential device-access technology is added, it must not be activated until the privacy and cookie information has been updated and a legally appropriate consent mechanism has been implemented where required. Consent should be voluntary, specific, informed, revocable, and as easy to refuse as to accept.
The current settings panel intentionally contains no optional toggles because no optional technology is installed. A decorative choice between “accept” and “reject” would be misleading when both outcomes are technically identical.
7. Security and storage boundaries
The essential PHP session is protected with HttpOnly and SameSite attributes and uses Secure when the site is served over HTTPS. Local preferences are scoped to this website and are not designed to follow visitors across unrelated sites.
Browser storage is not a secure vault. The site therefore does not store form messages, uploaded evidence, passwords, payment details, or sensitive record submissions in local storage.
8. Retention and deletion
The session cookie normally lasts until the browser session ends, subject to browser behaviour and server configuration. Local view and privacy preferences remain until the user deletes site data, clears browser storage, uses private browsing, or the storage key is changed by a future release.
Deleting local storage does not delete server-side submissions or correspondence. Those are handled under the Privacy Policy and applicable retention rules.
9. Contact
Questions about browser storage can be sent to info@wafflesworldrecords.com.