Cookie policy
Last updated 2026-05-30. We try to keep this short.
The summary
MakingWaves uses only strictly-necessary cookies - the ones needed to keep you signed in and keep the service secure. No advertising cookies, no third-party trackers, no analytics tags. Under UK GDPR + PECR, strictly-necessary cookies don't require a consent banner, so we don't show one.
What we set
| Cookie | What it does | Lifetime |
|---|---|---|
.AspNetCore.Identity.Application |
Keeps you signed in to the dashboard. Encrypted, HTTP-only, secure flag. | 14 days (sliding) |
.AspNetCore.Antiforgery.* |
Cross-site request forgery protection on forms (sign-up, account settings, checkout). | Session |
.AspNetCore.Cookies |
Sign-in session for OAuth flows (connecting Mixcloud / YouTube). | Session |
ARRAffinity / ARRAffinitySameSite |
Routes you to the same backend server during a session - reduces latency. Set by Azure Application Request Routing, not by us directly. | Session |
Third-party cookies set during checkout
When you click Subscribe on the pricing page, you're redirected to Stripe Checkout on Stripe's domain. Stripe sets its own cookies to handle the payment - their cookie policy lives at stripe.com/cookie-settings. We don't see or control them.
When you click Connect Mixcloud / YouTube from Account Settings, the same applies for those platforms' OAuth flows - each sets cookies on their own domain to handle the consent.
What we don't do
- No Google Analytics, no Facebook Pixel, no Hotjar, no ad-network trackers.
- No cross-site tracking - if you visit makingwaves.live and then go to another site, nothing on our end follows you.
- No marketing emails without explicit opt-in. The only emails you'll receive are transactional (sign-up confirmation, trial ending, receipts).
Your browser controls
You can clear or block cookies for makingwaves.live in your browser settings at any time. Blocking the strictly-necessary cookies above will sign you out / break form submission - you won't be able to use the dashboard. That's an inherent constraint of the web platform, not a MakingWaves choice.
Mobile + desktop apps
The MakingWaves Now Playing and Collab desktop apps store an auth token locally (DPAPI on Windows, Keychain on macOS) instead of cookies. Branded listener apps for stations use the platform's standard storage (iOS Keychain, Android Keystore). Neither uses third-party SDKs that track usage off-device.
See also: Privacy policy for the full picture of what data we hold and why.