Cookie Policy

Last updated: 20 June 2026

Brooksby Medical keeps cookies to an absolute minimum. This page explains exactly what we use, why, and how we record your consent.

Our position on cookies

We keep cookies to a minimum. Essential cookies are always on, because the site can't work without them. We also use a small number of analytics and marketing cookies, but only if you opt in through our cookie banner — nothing non-essential is set before you consent, and you can withdraw your consent at any time. We never sell your browsing activity to third parties.

What we use

Essential cookies (always on)

These are required for the site to work. Without them, you can't log in, your cart doesn't persist, and security features like two-factor authentication stop working.

• brooksby_id — your login session (set by Cognito after you log in). httpOnly, secure, sameSite=lax. Expires when your session ends.
• brooksby_refresh — securely refreshes your login without requiring you to log in again. Same security properties. 30-day lifetime.
• brooksby-cookie-consent-v1 — records your cookie banner decision (see below) so we don't re-show the banner on every page.
• brooksby-session — anonymous session identifier, used to correlate cookie-consent records. No personal data.

Analytics cookies (opt-in only)

If you opt in to non-essential cookies, we use Google Analytics 4 to understand how the site is used (for example, which pages are visited) so we can improve it. These cookies are set only after you opt in and are not used to identify you personally.

• Google Analytics 4 (_ga, _ga_*) — anonymous usage analytics, set by Google only after you opt in.

Marketing cookies (opt-in only)

If you opt in to non-essential cookies, we use the following to measure and improve our advertising and to collect independent reviews. These are set only after you opt in, and Google Ads runs under Google Consent Mode so no advertising cookies are set beforehand.

• Meta Pixel (_fbp) — measures the effectiveness of our Facebook and Instagram advertising. Set by Meta only after you opt in.
• Google Ads — measures advertising conversions. Runs under Google Consent Mode; advertising cookies are set only after you opt in.
• Trustpilot — loads our review widget so you can read and leave reviews. Set by Trustpilot only after you opt in.

How we record your consent

When you click "Accept essential" (or adjust your preferences) on the cookie banner, we record:

• Your decision ("essential only" or "all")
• The cookie categories you accepted
• The exact policy version you were agreeing to (the date at the top of our privacy policy)
• The timestamp (ISO 8601, UTC)
• The page you were on when you accepted
• Your browser's user agent string
• The first two octets of your IP address (e.g. "82.45.x.x") — enough for a rough country signal, not enough to identify you

This record is stored in our AWS DynamoDB brooksby-staging-consent-log table in the UK (London region, eu-west-2), encrypted at rest. We keep consent records for the duration required by GDPR Article 7(1), typically the lifetime of your account plus 6 years.

A copy is also stored in your browser's localStorage so the banner knows not to re-show until our privacy policy materially changes.

Changing your mind

You can withdraw consent at any time by clearing your browser's cookies for this site (Settings → Privacy → Clear site data). We'll show the banner again on your next visit.

To request deletion of all consent records we hold for you, email enquiries@brooksbymedical.com — we'll respond within one calendar month as per GDPR.

Related policies

• Privacy Policy — what data we collect beyond cookies and why
• Terms of Service — the contract between you and Brooksby Medical
• Complaints Procedure — if you think we're handling your data badly