What is a cookie?
A cookie is a small text file that a website saves on your device when you visit it. Cookies let the site remember things between page loads: whether you're signed in, what's in your basket, your CSRF token for form submissions, and so on. They cannot run programs or carry viruses.
The cookies we set ourselves
These are strictly necessary for the site to work. UK PECR exempts them from consent requirements.
| Cookie | Purpose | Lifetime |
|---|---|---|
laravel_session |
Keeps your session active across page loads. Remembers your basket, your signed-in state, and flash messages between requests. | 120 minutes (rolling) |
XSRF-TOKEN |
Used by the site to protect against cross-site request forgery (CSRF) on every form submission. Without this cookie, forms would be rejected. | 120 minutes |
remember_web_* |
Set if you tick "remember me" when signing in via the magic-link flow. Keeps you signed in between browser sessions. | 5 years (until you sign out) |
Third-party cookies you may encounter
These are not set by us. They're set by third-party services we embed on specific pages. Your browser receives them only when you visit one of those pages.
| Service | Where it loads | What it sets |
|---|---|---|
| Google Maps | /contact, /tal-minyan, /venue-hire | Cookies like NID, 1P_JAR, CONSENT on the google.com domain, used by Google to remember map preferences and detect abuse. Governed by Google's privacy policy. |
| Stripe | On Stripe's own domain (checkout.stripe.com) when you complete a payment | Stripe sets cookies on its own domain to detect fraud and remember payment preferences. None are set on our domain. See Stripe's cookie policy. |
What we do not use
We don't set or allow any of the following cookie types on this site:
- Analytics cookies (no Google Analytics, no Plausible, no Matomo, no Mixpanel)
- Advertising cookies (no Google Ads, no Meta Pixel, no LinkedIn Insight)
- Session-recording cookies (no Hotjar, no Mouseflow, no FullStory)
- Social-sharing tracking cookies (no AddThis, no ShareThis)
Managing cookies in your browser
You can view, delete, and block cookies through your browser settings. Bear in mind that blocking the essential cookies above will prevent you from signing in, donating, or buying tickets. The site needs them to function.
- Chrome: Settings » Privacy and security » Cookies and other site data
- Safari: Preferences » Privacy » Manage Website Data
- Firefox: Settings » Privacy & Security » Cookies and Site Data
- Edge: Settings » Cookies and site permissions » Cookies and site data
For more on cookie controls, see allaboutcookies.org.
Do we show a cookie banner?
Yes. On your first visit you'll see a small banner at the bottom of the page that explains we use essential cookies plus Google Maps on certain pages. Clicking "Got it" dismisses the banner and stores your acknowledgment in your browser's local storage so we don't show it again on subsequent visits.
The notice is informational, not gating: nothing on the site is blocked by accepting or ignoring it. We can take this approach because we don't set analytics, marketing, or advertising cookies. If we ever add those categories in future, we'll switch to a granular consent banner with "Accept" and "Essential only" options, and we'll re-prompt you so your current choice gets reviewed.
If you want to reset the banner so it appears again, clear your browser's site data for this domain, or clear the tal_cookie_consent_v1 key in your browser's local storage.
Changes to this policy
We'll update this page when our cookie use changes. The "Last updated" stamp at the top of the page reflects the most recent material change.