1. What is a cookie
A cookie is a small text file that a website asks your browser to store. The browser sends the file back on every subsequent request to the same site, so the server knows it is talking to the same visitor. Cookies have legitimate uses - keeping you logged in, remembering items in a shopping cart, preserving language preferences - and illegitimate ones, such as following you across the web to build an advertising profile. We use cookies only for the former.
2. The cookies we set
We set exactly one cookie on blphome.org. It is a session cookie named blp_session, with no value other than a randomly-generated identifier. It is set only when you reach the donation page and is required for the donation form to function - it ties the browser session to the in-progress transaction so that, if the page is refreshed mid-checkout, your selections are preserved. The cookie expires when you close the browser tab. It is marked Secure and HttpOnly. It contains no personal data and is never read by any third party.
If you never visit the donation page, blphome.org sets no cookies at all. You can verify this with your browser's developer tools.
3. Plausible Analytics - cookieless by design
We use Plausible Analytics to count how many people visit which pages on the site. Plausible was built specifically to avoid the privacy harms of conventional analytics: it does not set cookies, does not collect personal data, and does not fingerprint visitors. Page-view counts are aggregated server-side without ever creating a per-visitor identifier. Plausible's data-collection script is hosted on plausible.io and weighs less than one kilobyte; it runs on every page of our site. You can review Plausible's open-source code on GitHub and its data-handling practices at plausible.io/data-policy.
Because Plausible does not use cookies and does not collect personal data, it does not by itself require consent under the GDPR ePrivacy Directive. Even so, we show a short consent banner on your first visit. It explains, in one line, that we use Plausible for analytics and Cardknox/Sola for payments, and it links to this policy and to our Privacy Policy. The banner offers three choices - accept all, essential only, or dismiss - and remembers your choice in your browser's local storage so you are not asked again. It sets no cookie of its own. You can reopen it any time by clearing that stored choice in your browser settings.
4. Cardknox/Sola - payment processing on the donation page
On the donation page, we embed Cardknox/Sola's hosted card-entry fields. Cardknox/Sola sets a small number of its own cookies on the donation page itself for fraud-detection purposes (notably a long-lived device identifier that helps its risk engine recognize the browser). These cookies are set by Cardknox/Sola, not by us, and are governed by Cardknox's privacy notice at cardknox.com/privacy-policy. They are necessary for the secure operation of the payment flow under the strong customer authentication requirements of PSD2 and equivalent regimes; we would not be able to process card payments without them.
Cardknox/Sola's cookies appear only on the donation page and are not set on any other page of the site. They are explicitly excluded from the prior-consent requirement of the ePrivacy Directive because they are strictly necessary to provide the service you have explicitly requested - namely, making a donation.
5. What we do not do
We do not use Google Analytics, Facebook Pixel, Hotjar, Mixpanel, Segment, Amplitude, or any similar analytics or product-analytics platform. We do not embed advertising trackers from Google, Meta, TikTok, X, LinkedIn, or any ad network. We do not engage in retargeting or behavioral advertising. We do not participate in cookie-based affiliate networks. We do not load fonts from third-party CDNs that fingerprint visitors (all our fonts are either system fonts or self-hosted). We do not use chat widgets that set cookies. We do not embed YouTube videos in their default tracking mode; the few videos we do embed use the nocookie variant.
6. Managing cookies
If you wish to block the single session cookie we set on the donation page, you can do so in your browser's privacy settings. The donation form will then not function correctly - refreshing the page mid-checkout would lose your in-progress selections - but the rest of the site will work normally. If you wish to block Cardknox/Sola's payment-processing cookies, you may do so in the same way, but it will not be possible to complete a donation by card; we can still process gifts by ACH, wire transfer, or check arranged through donations@blphome.org.
7. Questions
Cookie questions are addressed to privacy@blphome.org. We will answer within five business days.
