This page explains what cookies and similar technologies are used on MyShiftCalendar, what each one does, who sets it, and how to control them. It sits alongside our Privacy Policy.
What a cookie is
A cookie is a small text file a website asks your browser to store. It is read on later visits. Cookies are used to remember preferences, measure traffic, and — when set by advertisers — to recognise the same browser across different sites. "Similar technologies" include local storage, session storage, and pixel tags. We treat all of them under the same rules.
Your choices
On your first visit you see a consent banner. The choices are:
- Accept all. Allow advertising cookies and any non-essential measurement.
- Reject all. Only strictly necessary cookies are used. Advertising still appears, but as non-personalised ads based on the content of the page only.
- Manage preferences. Choose vendor by vendor under the IAB Transparency and Consent Framework.
You can change your choice at any time by clicking Cookie settings in the footer of any page.
Your choice is stored in a cookie itself (the consent cookie), so we can honour it on later visits without showing the banner every time.
Categories of cookies we use
Strictly necessary
These are needed for the site to function. They do not require consent under UK PECR.
| Cookie | Set by | Purpose | Expires |
|---|---|---|---|
__cf_bm | Cloudflare | Bot management and origin protection | 30 minutes |
| Consent record | Our CMP (Google Funding Choices) | Stores your cookie preference so the banner does not reappear | 6 months |
We do not set authentication cookies. If you sign in with Google, Google sets its own authentication cookies under its own policy.
Analytics
We use two analytics tools side by side.
Cloudflare Web Analytics is cookieless. It records aggregate page views, referrers, and country without setting cookies, fingerprinting, or tracking you across sites. It does not appear in any of our cookie tables because it does not set any.
Google Analytics 4 (GA4) is cookie-based. It sets the following first-party cookies on myshiftcalendar.app:
| Cookie | Set by | Purpose | Typical expiry |
|---|---|---|---|
_ga | Google Analytics 4 (first-party) | Distinguishes unique visitors using a randomly-assigned client ID | 2 years |
_ga_<property-id> | Google Analytics 4 (first-party) | Maintains the GA4 session state for this site | 2 years |
We have IP-anonymisation enabled (anonymize_ip), so your IP address is truncated before storage. We have not enabled Google Signals, ad-personalisation, or audience sharing. GA4 data is retained by Google for 14 months and is not used to target advertising. Our legal basis is legitimate interest in understanding site usage (UK GDPR Article 6(1)(f)); you can object at any time via your browser's cookie controls or by blocking www.googletagmanager.com.
Advertising
These run only after you accept advertising cookies through the banner. Google AdSense and its certified vendors set them.
| Cookie | Set by | Purpose | Typical expiry |
|---|---|---|---|
IDE | doubleclick.net (Google) | Measure ad effectiveness; show ads on other sites | Up to 13 months |
__gads | googlesyndication.com | AdSense ad serving and frequency capping | Up to 13 months |
__gpi | googlesyndication.com | Google Publisher Tag identifier for personalised ads | Up to 13 months |
NID | google.com | Google preferences (including ads) | 6 months |
| Third-party vendor cookies | Various IAB TCF vendors | Personalised advertising, measurement, attribution | Varies by vendor |
The exact list of advertising cookies depends on which ads Google serves you. For a current canonical list of Google advertising cookies, see policies.google.com/technologies/cookies. For the IAB Europe TCF vendor list, see iabeurope.eu/transparency-consent-framework.
What happens if you reject advertising cookies
You still see ads. Google serves non-personalised ads based on the content of the page (for example, a sleep-aid ad on a page about night shifts) rather than your browsing history. No advertising cookies are set in this mode beyond what is strictly necessary for ad serving.
Browser controls
Independent of our consent banner you can:
- Block all cookies in your browser settings (this may break Google sign-in and other sites).
- Block third-party cookies only (most browsers offer this).
- Clear cookies on exit.
- Use private or incognito mode for a single-session visit.
Browser-specific instructions: Chrome, Firefox, Safari, Edge.
Do Not Track
We honour the IAB TCF consent signal. Browser-level "Do Not Track" headers are not a standardised consent mechanism under UK GDPR or PECR, and Google AdSense does not respect them, so we do not rely on them either. Use the banner for a binding choice.
Legal basis
Cookies that are not strictly necessary are set only with your consent under regulation 6 of the UK Privacy and Electronic Communications Regulations 2003 (PECR) and Article 6(1)(a) of the UK GDPR. Strictly necessary cookies are exempt from the consent requirement under regulation 6(4) of PECR.
Changes
If we add a new vendor or new cookie category, we update this page and re-show the consent banner so you can choose again. Material changes are highlighted on the homepage for 30 days.
Contact
Questions about cookies: privacy@softcl.com. Complaints to the UK Information Commissioner: ico.org.uk.