Cookie policy

A cookie is a small text file a website places on your device so that on a later visit the site can recognise you, your preferences, or the contents of your cart. Modern "cookies" also include functionally-similar mechanisms like localStorage, sessionStorage, and IndexedDB — all covered by this policy.

Cookies are necessary, analytics, or marketing by purpose. You choose which categories to allow via the cookie banner.

These cannot be refused because the site would break without them.

tg_cart_session — tracks your anonymous cart (30 days, httpOnly, SameSite=Lax).

__Secure-authjs.session-token — your signed-in session (NextAuth JWT, 30 days, httpOnly, Secure).

__Host-authjs.csrf-token — CSRF protection (session-only, httpOnly, Secure).

topgems-wishlist — localStorage, your wishlist for anonymous sessions (persisted until you clear it).

We use Plausible Analytics (plausible.io) — a privacy-focused analytics tool that does not set cookies, does not track users across sites, and stores no personal data. Every visit is counted once per day per browser via an in-memory fingerprint.

Because Plausible doesn't use cookies, there is nothing to opt out of at the browser level. We disclose its use for transparency, per ePrivacy Directive Article 5(3).

When you agree, these help us measure the effectiveness of ad campaigns (Google Ads, Meta). We do not drop them by default and we do not set any before you opt in via the banner.

If you don't opt in, our paid-ad attribution is blind to you — we have no way to connect your visit to an ad click.

Change your preferences anytime via the cookie banner at the bottom of any page (click "Manage cookies"). Your choice is stored for 12 months and applies across subdomains.

You may also block cookies globally at the browser level — all major browsers support this in their settings. Note that disabling necessary cookies will break login, checkout, and cart persistence.