Cookies Policy
This Cookies Policy explains how Café Mountain Coffee Ltd ("we", "us", and "our") uses cookies and similar tracking technologies on our e-commerce platform, https://cafemountain.net (the "Website").
In compliance with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR), this policy provides full transparency regarding what cookies are, why we use them, and how you can manage your preferences.
What Are Cookies?
Cookies are small text files that are downloaded and stored on your computer, smartphone, or other internet-enabled device when you visit a website. Cookies allow websites to recognize your device, maintain your active session, remember your preferences, and keep items in your shopping basket as you click between different pages.
Cookies can be "Session Cookies" (which expire automatically the moment you close your web browser) or "Persistent Cookies" (which remain on your device for a pre-determined period or until you manually delete them).
How We Use Cookies
Unlike informational blog sites, a fully functioning online coffee store requires certain cookies to operate securely and smoothly. We use cookies to:
Verify your identity when you log in to your customer account.
Track the contents of your shopping cart as you browse our blends and gift packs.
Detect and prevent fraudulent transactions, protecting both you and our platform.
Analyze how visitors interact with our store so we can optimize performance.
Categories of Cookies on Our Site
We divide the cookies used on our website into three core categories:
A. Strictly Necessary Cookies (Always Active)
This is example text. Click here to edit it.
Platform Session (mw_session or laravel_session): As a core function of our e-commerce platform, this session cookie assigns a secure, encrypted unique identifier to your browser session. Without it, the website would forget who you are every time you load a new page, making it impossible to add items to your cart or complete a checkout. (Type: Session)
XSRF Security Token (XSRF-TOKEN): A vital application security cookie used to protect our forms and checkout endpoints against Cross-Site Request Forgery (CSRF) attacks. (Type: Session)
Stripe Anti-Fraud Framework (__stripe_mid, __stripe_sid): When you approach our checkout page, our integrated payment gateway (Stripe) deploys these elements via its API keys. Stripe uses these tokens to analyze anonymized device telemetry solely for the purpose of detecting, identifying, and preventing fraudulent credit/debit card transactions. Under UK law, these are exempt from mandatory user opt-in consent because they are strictly necessary to provide a secure online payment service. (Type: Persistent — up to 1 year)
B. Functional Cookies (Optional)
These cookies allow our website to remember choices you make (such as your preferred currency or localized cookie preference consent state) to provide a more personalized browsing experience.
- Cookie Consent State: Stores a variable remembering whether you clicked "Accept" or "Reject" on our cookie banner, ensuring you aren't repeatedly prompted on every single visit. (Type: Persistent — typically 1 year)
C. Analytical & Performance Cookies (Optional)
These cookies help us understand how people use our website (e.g., tracking which coffee origin pages are visited most frequently or if pages are loading slowly). They collect aggregated, anonymous data that does not identify individual visitors.
- Analytical Identifiers (e.g., Google Analytics): Used to compile anonymous statistics regarding overall site performance and traffic sources. These will only fire if you explicitly click "Accept" or choose to opt-in via our cookie banner. (Type: Persistent)
Direct Audit of Specific Cookies Used
| Cookie Provider / Source | Name | Purpose | Expiration | Category |
| Microweber / Site Core | mw_session / laravel_session | Maintains user login, checkout states, and items in the shopping cart. | End of Session | Strictly Necessary |
| Microweber / Site Core | XSRF-TOKEN | Security identifier used to protect forms against cross-site scripting/forgery. | End of Session | Strictly Necessary |
| Stripe (Payment API) | __stripe_mid | Fraud prevention token tracking device patterns to block malicious card activity. | 1 Year | Strictly Necessary |
| Stripe (Payment API) | __stripe_sid | Short-term fraud detection identifier relating to your active transaction layout | 30 Minutes | Strictly Necessary |
| Café Mountain Store | mw_cookie_consent | Remembers your preferred settings selected on our cookie consent banner. | 1 Year | Functional |
How to Control and Manage Cookies
You have the absolute right under UK law to choose whether to accept or reject non-essential cookies.
Our Cookie Consent Banner: When you first visit our store, a privacy banner will appear asking for your consent. You can choose to accept all cookies, reject all non-essential cookies, or fine-tune your settings. Non-essential tracking cookies will remain blocked until you actively give your consent.
Your Browser Settings: You can configure or completely block cookies directly inside your web browser's settings panels (e.g., Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge).
Important Technical Note: If you use your browser settings to completely block all cookies (including essential cookies), you will still be able to browse the static informational pages of our site, but the Microweber shopping cart, account login, and Stripe checkout systems will cease to function properly.
Contact Us
If you have any questions regarding how we deploy cookies or safeguard your technical session security, please contact us at:
Email: sales@cafemountain.net
Postal Address: PO Box 7801, Hungerford, RG17 1DY, United Kingdom