Last updated: June 25, 2026
COOKIES NOTICE
Cookies are small text files a website stores on your device. They let the site remember things like whether you're signed in, so you don't have to log in on every page. This notice tells you exactly which cookies Science of Rowing sets and why.
What we set
We use strictly-necessary sign-in cookies and one non-tracking functional cookiethat remembers you dismissed the announcement banner. We do not run analytics, advertising, fingerprinting, or social-media tracking cookies on this site, and none of our cookies follow you across sites or build a profile. We don't show a cookie consent banner because none of our cookies require consent: the sign-in cookies are strictly necessary to log you in, and the banner-dismissal cookie only carries out a choice you actively make (hiding a notice you closed) and stores no personal or tracking data. Both fall within the strictly-necessary and user-requested exemptions under UK GDPR and the Privacy and Electronic Communications Regulations (PECR), and the equivalent EU GDPR and ePrivacy rules. If we ever add a cookie that does need consent, we will show a compliant consent banner and block that cookie until you agree.
Cookie inventory
The complete list of cookies set by this site:
- authjs.session-token (or __Secure-authjs.session-tokenon HTTPS): your sign-in session. Set when you log in via Memberful; removed when you sign out or the session expires.
- authjs.csrf-token: protects sign-in and account actions against cross-site request forgery. Required for any login to work safely.
- authjs.callback-url: remembers the page you were on when you signed in, so we can return you there. Cleared after the login completes.
- sor-announce-dismissed: remembers that you closed the site announcement banner, so it stays hidden on your next visit. Set only when you click the banner's close button (never just by visiting), stores only the identifier of the notice you closed, no personal data, and expires after about a year.
The three sign-in cookies above are HttpOnly (not accessible to JavaScript) and SameSite=Lax (not sent on cross-site requests). The banner-dismissal cookie is SameSite=Lax too, but is readable by JavaScript because it's set in your browser, not by our server.
What we deliberately don't set
- Vercel Analytics + Speed Insights: used to measure page-load performance and traffic. Cookieless by design. Vercel uses a stateless hash that doesn't identify or track you across visits.
- Sentry: used to catch JavaScript errors so we can fix them. Session replay is deliberately disabled, so no tracking cookies are set.
- Google Analytics, Meta Pixel, advertising networks, retargeting, fingerprinting. None of these are loaded.
Cookies set by third parties when you sign in
When you click “Sign in”, you're taken to memberful.comto authenticate. Memberful sets its own cookies on its own domain to manage that login flow. Those are first-party to Memberful, not to us. Memberful's cookie practice is documented at memberful.com/privacy-policy. We do not embed Memberful tracking on this site.
If a payment is involved, Stripe handles the checkout on stripe.com and sets its own cookies there for fraud prevention. See stripe.com/privacy.
How to manage cookies
Because we only set strictly-necessary cookies, blocking them in your browser will prevent you from signing in or staying signed in. Browsing without an account works without cookies.
Browser instructions for managing or deleting cookies: Chrome · Safari · Firefox · Edge. The ICO maintains general guidance at ico.org.uk.
Changes to this notice
If we ever add a non-essential cookie (analytics, advertising, fingerprinting), we'll deploy a cookie consent banner before that cookie is set, and update this page first. Until then, this notice reflects the live inventory.
Contact
Questions: joe@scienceofrowing.com.