Last updated: 6 May 2026
Cookie Policy
This policy itemises the cookies and similar browser-storage technologies that TicketWave HQ Ltd (company no. 17143167) sets when you visit ticketwavehq.com, the embedded booking widget, the 2026{city}.com discovery sites, and leedsunistudents.com. For a wider account of how we process personal data, see our Privacy Policy.
1. What we mean by “cookies”
In this policy “cookies” covers small text files placed on your device when you visit a site, plus other client-side storage technologies that PECR and the UK ICO treat the same way: localStorage, sessionStorage, and IndexedDB. Items marked as “cookie” below may be implemented as one of these technologies; the rules are identical.
2. Strictly-necessary cookies
These cookies are required for the Platform to function. They are set without prior consent because PECR Regulation 6(4) does not require it for storage that is “strictly necessary for the provision of an information society service explicitly requested by the user”. They cover authentication, session continuity, security, and the storage of the consent record itself.
3. Functional cookies
These remember choices you make to improve your experience — light/dark theme, locale, dismissed banners. They are set on first interaction with the relevant control; you can clear them at any time from your browser’s storage panel.
4. Marketing & attribution cookies
When you arrive via an affiliate, partner, or marketplace referral link, we set short-lived attribution cookies so that any subsequent purchase is correctly credited. These are not essential to your use of the Platform — you can decline them and continue browsing and buying normally. Where we operate a consent banner (currently the 2026{city}.com discovery sites), these cookies are gated behind your consent decision. We are extending consent gating to the remaining surfaces; until then attribution cookies on those surfaces operate without prior consent and you may opt out by clearing them from your browser’s storage panel.
5. Analytics cookies
The 2026{city}.com discovery sites use Google Analytics 4 with EU Consent Mode v2, default-denied. GA4 cookies are only set after you accept the cookie banner; if you decline, no GA4 storage occurs and only anonymous, aggregated “consent denied” signals are sent (no identifiers, no persistent storage). The ticketwavehq.com platform itself does not load Google Analytics. We use Sentry to capture diagnostic information about errors. Sentry session-replay (which captures DOM state at the moment of error) is consent-gated and default-off — it only attaches to your session after you accept via the platform’s cookie banner, and even then runs with text masked, inputs masked, and media blocked. You can change your decision at any time via the “Manage preferences” link in the footer.
6. Third-party cookies
When you make a payment, our payment processor Stripe sets cookies in the Stripe Checkout / Stripe Elements iframes for fraud detection, 3-D Secure flow handling, and PCI-DSS compliance. These are governed by Stripe’s Privacy Policy. If a tenant organiser has configured optional analytics or advertising pixels on their box-office surface (Google Analytics 4, Meta Pixel, TikTok Pixel), those load only on that organiser’s pages and only after consent where required.
7. Cookie inventory
The full set of cookies and similar storage we may set across all our surfaces:
| Name | Category | Lifetime | Purpose |
|---|---|---|---|
| authjs.session-token (__Secure- prefixed in prod) | Essential | Session | Auth.js session token for ticketwavehq.com sign-in |
| tw_listing_session | Essential | 30 days | Listing-owner session after magic-link claim |
| tw_portal_sponsor / tw_portal_creator / tw_portal_partner | Essential | 30 days | Role-scoped portal sessions |
| analytics_consent (localStorage) | Essential | 12 months | Records your cookie-banner decision (city sites) |
| tw-theme (localStorage) | Functional | Persistent | Light/dark theme preference |
| tw-locale (localStorage) | Functional | Persistent | Language preference |
| tw-geo-country | Functional | 30 days | Country code derived at the edge for currency / locale defaults |
| tw-lang-banner-dismissed, tw-geo-banner-dismissed, tw-onboarding-dismissed, tw-checklist-dismissed, tw-pwa-dismissed, tw-exit-intent-dismissed | Functional | 30–365 days | Records your dismissal of in-app banners and tours |
| tw_aff | Marketing | 30 days | Affiliate referral attribution |
| tw_ref | Marketing | 30 days | Legacy affiliate referral attribution |
| tw_partner | Marketing | 30 days | Partner / sales-agent attribution |
| tw_ref_mkt, tw_mkt | Marketing | 30 days | Marketplace acquisition attribution (anonymous) |
| tw_seen_<id> | Marketing | 24 hours | Sponsored-placement frequency cap (“don’t show me the same advert twice in a day”) |
| _ga, _ga_<id> | Analytics | 2 years / 13 months | Google Analytics 4 (city sites only, consent-gated, default denied) |
| __stripe_mid, __stripe_sid | Third-party / Essential for payment | 1 year / 30 minutes | Set by Stripe Elements during checkout for fraud detection |
| Sentry error tracking | Strictly necessary (legitimate interest) | Session | Error/exception capture on ticketwavehq.com. No DOM recording. |
| tw_dash_consent (localStorage) | Strictly necessary (consent record) | 12 months | Stores your “Accept” or “Decline” choice for the diagnostics banner. Without it we’d re-prompt you on every page load. |
| Sentry session replay | Diagnostic / consent-gated | Per error event (no persistent cookie) | Records DOM at the moment of error. Default OFF; only attaches after you accept. Text + inputs masked, media blocked. |
We aim to keep this list synchronised with what the Platform actually sets. If you spot a cookie on our domain that isn’t listed, please tell us at privacy@ticketwavehq.com and we will investigate within five working days.
8. How to manage cookies
On surfaces where we operate a cookie banner, you can change your decision at any time by clearing site data for the domain — the next visit will re-prompt you. Across every surface you can also use your browser’s built-in controls to view, delete, or block cookies and storage. The relevant settings live under “Privacy & Security” / “Cookies and site data” in Chrome, Firefox, Safari, and Edge.
Blocking strictly-necessary cookies will prevent you from signing in or completing a purchase. Blocking everything else only affects how attribution and analytics work; the core experience remains intact.
9. Contact
Questions about this policy or the cookies we set: privacy@ticketwavehq.com. For wider questions about how we handle personal data, see our Privacy Policy.