⚠️ You're offline — some features may not be available
Legal
Cookie Policy
Last updated: April 2026 · SQR1 Golf
Contents
What Are Cookies Cookies We Use Your Consent Choices Third-Party Resources Stripe & Payments hCaptcha What We Don't Use Managing Cookies Changes Contact
Short version: SQR1 Golf uses only essential cookies to keep you logged in and secure. When you first visit, a banner gives you the choice to also allow optional third-party resources (Google Fonts, Leaflet maps, Chart.js). These are only loaded with your permission. We have no advertising cookies, no analytics trackers, and no third-party marketing scripts.

1. What Are Cookies

Cookies are small text files that a website stores on your device when you visit. They are widely used to make websites work correctly, remember your preferences, and in some cases track your behaviour across the web.

Not all cookies are the same. Strictly necessary cookies are essential for a website to function — without them you could not log in or submit forms securely. These are different from optional cookies used for analytics or advertising, which require your consent under UK law.

2. Cookies We Use

SQR1 Golf sets the following first-party cookies. The session and security cookies are strictly necessary and are exempt from consent requirements under the UK Privacy and Electronic Communications Regulations (PECR). The consent preference is stored in your browser's localStorage (not as a cookie) so we can remember your choice without setting an additional cookie.

Name Type Purpose Duration
sessionid Essential Keeps you logged in to your SQR1 Golf account. Without this cookie you would be signed out every time you navigate to a new page. 2 weeks (or until you sign out)
csrftoken Essential Security token that protects forms against Cross-Site Request Forgery (CSRF) attacks. Required on all form submissions including login, round recording, and account updates. 1 year (refreshed on each visit)
sqr1_cookie_consent Essential Stores your cookie consent choice (either "essential" or "all") so the consent banner does not reappear on subsequent visits. Stored in browser localStorage, not as a cookie. Until you clear your browser data

The sessionid and csrftoken cookies contain no personal data — just anonymous identifiers that reference your session on our server. We do not use cookies for analytics, advertising, A/B testing, heat mapping, or any form of cross-site tracking.

3. Your Consent Choices

When you first visit SQR1 Golf, a banner appears at the bottom of the page explaining what cookies and third-party resources we use. You are given two choices:

  • Essential Only — only the strictly necessary cookies described above are active. The site works fully. No connections are made to Google's font servers, Cloudflare's CDN, or any third-party resource.
  • Accept All — in addition to essential cookies, we load Google Fonts for typography, Leaflet.js for course maps, and Chart.js for performance visualisations. These are fetched from Google's servers and Cloudflare's CDN respectively.

Your choice is saved in your browser's localStorage under the key sqr1_cookie_consent and respected on all future visits. You can change your preference at any time by clearing your browser's localStorage or by contacting us.

Choosing "Essential Only" does not affect your ability to use any feature of SQR1 Golf. The only difference is that fonts fall back to system defaults and maps and charts use locally available alternatives where possible.

4. Third-Party Resources (Loaded With Your Consent)

If you choose "Accept All", SQR1 Golf loads the following third-party resources. These are only ever loaded after you give consent — they are never loaded automatically on your first visit or if you choose "Essential Only".

Resource Provider Purpose Domain
Google Fonts Third Party Loads the Barlow Condensed, Barlow and DM Mono typefaces used throughout the app. A connection is made to Google's font servers when fonts are fetched. fonts.googleapis.com
Leaflet.js Third Party The open-source map library used to power the Smart Course Planner. Fetched from Cloudflare's CDN. Cloudflare's CDN does not set tracking cookies. cdnjs.cloudflare.com
Chart.js Third Party The charting library used for performance visualisations and stats dashboards. Fetched from Cloudflare's CDN alongside Leaflet. cdnjs.cloudflare.com
hCaptcha Third Party Human verification widget on the registration page. hCaptcha may use browser storage and cookies as part of its bot detection process. Only active on the registration page. hcaptcha.com

Google's font service may log the IP address and browser details of requests as part of their standard server logging. This is governed by Google's Privacy Policy. Cloudflare's CDN is a content delivery network; requests to it do not result in tracking cookies being set on your device.

SQR1 Golf does not receive any data from these providers about your use of their services.

5. Stripe & Payment Processing

SQR1 Golf uses Stripe to handle all payments for point bundles and subscription plans. When you click through to a Stripe-hosted payment page, you are leaving the SQR1 Golf domain and visiting Stripe's secure checkout environment (checkout.stripe.com or payments.stripe.com).

On Stripe's pages, Stripe may set their own cookies for the following purposes:

  • Fraud prevention — Stripe uses device fingerprinting and behavioural signals to detect and prevent fraudulent transactions. This is a legitimate interest processing activity on Stripe's part.
  • Session management — to maintain your checkout session while you complete a payment.
  • Compliance and security — to meet PCI DSS requirements and financial regulations.
Cookie / Identifier Type Set By Purpose
__stripe_mid Third Party Stripe Machine identifier used for fraud detection. Persists for 1 year.
__stripe_sid Third Party Stripe Session identifier used during an active payment session. Expires after 30 minutes.
__Host-checkout-session Third Party Stripe Maintains your checkout session state while completing a payment.

These cookies are set and controlled entirely by Stripe on their own domain. SQR1 Golf has no access to them and cannot read or modify them. Stripe's use of cookies is governed by Stripe's Privacy Policy and Stripe's Cookie Settings.

Stripe is certified to PCI DSS Level 1 — the highest level of payment security certification. Their cookie and data practices are subject to audit by independent security assessors.

5a. hCaptcha

Our registration page uses hCaptcha, a human verification service operated by Intuition Machines Inc. hCaptcha helps us protect the Service from automated bot sign-ups and abuse.

hCaptcha may set cookies or use browser storage as part of its verification process. These are used solely to distinguish human users from automated bots and are not used for advertising or cross-site tracking. The hCaptcha widget is only active on the registration page — it is not loaded on any other page of SQR1 Golf.

hCaptcha's use of cookies and data is governed by their Privacy Policy and Terms of Service. SQR1 Golf does not receive any personal data from hCaptcha beyond the verification result (pass or fail).

6. What We Don't Use

To be explicit, SQR1 Golf does not use any of the following:

  • Google Analytics or any other web analytics service
  • Facebook Pixel or any social media tracking scripts
  • Advertising or retargeting cookies
  • Heat mapping or session recording tools (e.g. Hotjar, FullStory)
  • A/B testing cookies
  • Any third-party marketing or data broker scripts
  • Cookies that track you across other websites

The optional third-party resources described in Section 4 (Google Fonts, Leaflet, Chart.js) are functional resources only — they deliver fonts, maps and chart rendering. None of them are used for advertising, profiling or cross-site tracking.

hCaptcha is used on the registration page for security purposes only. It is not used for advertising or cross-site tracking. Its data processing is governed by Intuition Machines Inc's privacy policy.

7. Managing Cookies

Because SQR1 Golf only uses strictly necessary cookies, blocking them will prevent the site from working correctly. Specifically:

  • Blocking the sessionid cookie will sign you out on every page navigation
  • Blocking the csrftoken cookie will prevent you from submitting any forms, including logging in

To change your consent preference for optional third-party resources, clear the sqr1_cookie_consent key from your browser's localStorage. The consent banner will reappear on your next visit and you can make a fresh choice.

You can manage cookies through your browser settings. Most browsers allow you to block third-party cookies while allowing first-party cookies — this is the recommended setting and will not affect your use of SQR1 Golf.

For information on managing cookies in your browser:

  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
  • Microsoft Edge

8. Changes to This Policy

We may update this Cookie Policy if we introduce new features that require additional cookies or third-party resources. Any material changes would be reflected here and the date at the top of this page updated. Where changes are significant — for example, if we added analytics tracking — we would notify you before the change takes effect and reset your consent preference so you can make a fresh choice.

We recommend checking back periodically, particularly before and after any major updates to the service.

Questions About Cookies

If you have any questions about how we use cookies or your rights under PECR and UK GDPR:

Email: privacy@sqr1golf.com

You can also contact the Information Commissioner's Office (ICO) at ico.org.uk if you have concerns about our use of cookies.

We use essential cookies to keep you logged in and process payments securely. With your permission we also load Google Fonts, Leaflet maps, and Chart.js for visualisations — these may set cookies. Cookie Policy · Privacy Policy