Cookie notice.

We group cookies into two categories: essential (always on) and analytics (consent only).

Essential — always on

• f1_cookie_v1 — records your cookie-banner choice (accepted or rejected). localStorage, 12 months.
• f1_session — keeps you signed in across fare1.co.uk, book.fare1.co.uk, and auth.fare1.co.uk. Scope .fare1.co.uk, HttpOnly, Secure, SameSite=Lax, lifetime up to 30 days with sliding refresh on activity.
• fare1_web_session — legacy session cookie retained through 2026-08-20 for backward compatibility with older booking sessions. Same purpose as f1_session. Will be removed after the grace window.
• __Host-authjs.csrf-token — cross-site request forgery (CSRF) protection for the sign-in form on auth.fare1.co.uk. HttpOnly, Secure, host-locked. Session length.
• __Secure-authjs.callback-url — temporary cookie set during a sign-in attempt so we can return you to the page that asked for sign-in. HttpOnly, Secure. Cleared when the sign-in completes.

Analytics — only with consent

• f1_vid — anonymous visitor identifier for traffic analytics. Scope .fare1.co.uk, lifetime 24 months.
• f1_sid — session identifier (30-minute idle window). Scope .fare1.co.uk, lifetime 30 minutes idle / session.

You can book a ride at book.fare1.co.uk without creating an account or signing in. In that case we do not set f1_session or any other tracking cookie. We store your name, phone, and email against your booking server-side only, send a 6-digit verification code to your email at checkout, and email you a 30-day "Track your booking" magic link so you can reopen the booking on any device without an account.

The following third parties may set cookies via embeds:

• Google Maps — address autocomplete and review fetching. Google's cookie notice: policies.google.com/technologies/cookies.
• Stripe — payment processing (book.fare1.co.uk only). stripe.com/cookies-policy/legal.

A banner appears the first time you visit. Two clear choices: accept (sets the analytics cookies above) or reject (keeps only essentials). Your choice is remembered in f1_cookie_v1 and respected across visits.

Reject does not break the site. We use minimal in-memory tracking on essentials-only visitors (per the UK GDPR exemption for strictly-necessary same-origin storage) — this lets us count page loads without identifying you across sessions.

To change your cookie choice, clear f1_cookie_v1 from your browser's localStorage for fare1.co.uk and reload — the banner returns. Browser extensions like Cookie AutoDelete can do this in one click.

To block cookies entirely, your browser settings have controls per-site. Note this may break sign-in and booking flow.

Some browsers send a Do Not Track signal. There is no UK or EU standard requiring us to honour it. We follow your cookie-banner choice — reject means no analytics regardless of DNT.

Privacy queries: privacy@fare1.co.uk. Full data handling at /privacy.