Last updated: April 2026 · Applies to mechasite.com and the Mecha Site platform
This page lists every cookie, browser-storage key, and third-party software development kit (SDK) that the Mecha Site platform reads or writes in your browser. We classify each one into four categories — Essential, Functional, Statistical, and Marketing — so you can decide what to allow.
The category controls in the preferences modal apply your decision immediately and synchronise across every open tab. We honour the strictest applicable regime for your location: UK visitors are governed by the Privacy and Electronic Communications Regulations (PECR) as amended by the UK Data (Use and Access) Act 2025; EEA visitors are governed by the ePrivacy Directive and EU GDPR.
Strictly necessary for the platform to operate. These cookies cannot be switched off — without them you cannot sign in, your preferences cannot be saved, and the service will not function.
Lawful basis: necessary for the performance of the contract (UK GDPR Art. 6(1)(b)) and PECR Reg. 6(4)(a) "strictly necessary" exemption.
__ms_accessCookieShort-lived sign-in token. Required to keep you signed in.
__ms_refreshCookieSign-in session token. Required to keep you signed in across visits.
__ms_consentCookieRecords your cookie preferences. Required so we can honour your choices on future visits.
__ms_sidCookieAnonymous session identifier used to keep your cookie preferences consistent if you later create an account.
Remember preferences and admin workflow state so the platform behaves the way you set it. None of these track you across other websites or build a profile of you.
Lawful basis: necessary for the service you have actively requested. In the UK, the Data (Use and Access) Act 2025 exempts appearance and workflow-state storage from prior consent — you may opt out at any time below.
mecha-themeLocal storageDUAA exempt · opt-out onlyRemembers your preferred colour theme (light / dark / system).
mechasite-get-startedLocal storageDUAA exempt · opt-out onlyRemembers your progress through a multi-step form so partial answers survive page reloads.
launch-banner-${siteId}Local storageDUAA exempt · opt-out onlyRemembers that you have dismissed an in-product banner so it does not reappear.
Aggregate analytics and error monitoring that help us identify issues and improve the product. We do not sell this data and do not use it for advertising.
Lawful basis: legitimate interest (UK GDPR Art. 6(1)(f)) for aggregate statistics under DUAA. EEA visitors must opt in (ePrivacy Directive Art. 5(3)).
Sentry.initThird-party SDKError tracking and performance monitoring. Helps us identify and fix technical issues quickly.
Statsig.initialize (public)Third-party SDKFeature flags and aggregate analytics on public pages. Uses an anonymous browser identifier only — does not track individuals.
User-identifiable tracking — session replay recordings and personalised feature experiments. Always opt-in: nothing in this category runs unless you explicitly allow it.
Lawful basis: consent (UK GDPR Art. 6(1)(a) + PECR Reg. 6). Required under all regimes — never DUAA-exempt.
Sentry.addIntegration(Replay)Third-party SDKSession replay captures a privacy-masked recording of your session to help diagnose complex UI bugs. All text is masked and media blocked by default.
Statsig.initialize (authenticated)Third-party SDKPersonalised feature flags and experiments for authenticated users. Uses your profile identifier to target feature rollouts by cohort.
When we add a new cookie, change a purpose, or onboard a new sub-processor, this page is regenerated automatically from the platform’s canonical cookie inventory. Material changes trigger a re-acceptance prompt the next time you visit, and we record the policy revision against your consent decision so we can demonstrate exactly what you agreed to and when.
Questions about a specific cookie or your consent record? Email privacy@mechasite.com.