ARCHER
Cookie Settings — ARCHER
Effective date: 14 May 2026 Last updated: 14 May 2026
This page is two things in one: the customer-facing cookie disclosure that lives at
archerskin.com/pages/cookie-settings(§§1–8 below), and the cookie register that the archer-website operator must maintain alongside the live cookie set (§9 — Schedule A). Schedule A must be updated by archer-website any time a tag, pixel, SDK, or first-party cookie is added, removed, or changed.
1. What this page covers
This page tells you how The Lumia Group Inc ("Lumia") uses cookies and similar technologies on archerskin.com (the "Site"), what your choices are, and how to exercise them. It supplements our Privacy Policy — read both together.
2. What cookies and similar technologies are
A cookie is a small text file that a website stores in your browser. Cookies remember information about your visit (for example, what's in your cart, whether you're logged in, what language you prefer).
We also use similar technologies that work like cookies but are technically different:
- Pixels (also called "tags" or "tracking pixels") — tiny invisible images that load from a third-party server and tell that server you visited a page.
- Software Development Kits (SDKs) — code from third-party providers embedded in our Site, mobile app, or services.
- Local storage and session storage — built into your browser; works like a cookie but stores larger amounts of data locally.
- Server-side conversion APIs (e.g. Meta Conversions API, Google Enhanced Conversions) — replace some of what cookies used to do by sending data from our servers directly to advertising platforms.
In this Cookie Settings page, we use "cookie" to mean all of the above unless we say otherwise.
3. The four categories we use
Every cookie on the Site fits into one of four categories. The first is required for the Site to work. The other three are optional and you can turn them on or off.
3.1 Strictly Necessary (required — cannot be turned off)
These cookies make the Site work. Without them, you cannot log in, fill a cart, check out, or be remembered between pages. We treat these as essential infrastructure.
Examples include: session ID, cart contents, login state, checkout-step progress, fraud-prevention tokens, the cookie-consent state itself, and the security-related cookies that Shopify Payments and Stripe set during checkout.
You cannot opt out of strictly necessary cookies through this page. If you disable them in your browser, much of the Site will not function.
3.2 Performance / Analytics (optional)
These cookies measure how the Site is used in aggregate — which pages people visit, how long they stay, where they click, where errors occur. We use this information to fix problems and improve the Site.
Examples: Google Analytics 4. We have configured Google Analytics to anonymise IP addresses and to not allow Google to use the data for its own advertising purposes.
You can opt out of performance / analytics cookies via the preferences page (§7), via your browser's Global Privacy Control signal (see §6), or via browser controls (see §8).
3.3 Advertising / Targeting (optional — treated as "sale or share" under CCPA / CPRA)
These cookies let advertising platforms recognise you when you visit other websites and apps, and let us measure how effective our ads are. Some advertising platforms also use this data to build look-alike audiences of people similar to our customers.
Examples: Meta Pixel + Meta Conversions API; Google Ads conversion + remarketing tags; TikTok Pixel + TikTok Events API.
Important — opt-out treatment. Under the California Consumer Privacy Act and similar state privacy laws (Colorado, Connecticut, Virginia, Texas, and others), the use of advertising cookies on the Site is treated as a "sale" or "share" of personal information. You have the right to opt out at any time through the methods in §§4–6 below. Opting out does not block the ads themselves — they just won't be targeted based on your Site activity.
3.4 Functional / Personalisation (optional)
These cookies remember choices you make on the Site (language, region, accessibility preferences, dismissed banners) and personalise content based on your activity (e.g. recently viewed products).
You can opt out of functional / personalisation cookies via the preferences page.
4. How to manage cookies on the Site — quick start
You have four ways to control cookies, ranked from easiest to most thorough:
| Method | What it covers | Where |
|---|---|---|
| Cookie preferences page | All four categories, this browser / device | Manage preferences — see §7 |
| "Do Not Sell or Share My Personal Information" link | Advertising / Targeting category (treated as "sale" or "share"), this browser / device | Site footer — see §5 |
| Global Privacy Control signal | All "sale" or "share" categories, every site that honours GPC, this browser / device | Browser setting or extension — see §6 |
| Browser-level cookie controls | All cookies, every site, this browser | Browser settings — see §8 |
To extend an opt-out across all your devices and accounts, email concierge@archerskin.com with the subject "Do Not Sell or Share" — see Privacy Policy §10.4.
5. "Do Not Sell or Share My Personal Information" — the footer link
A persistent link labelled "Do Not Sell or Share My Personal Information" appears in the footer of every page on the Site. Clicking the link takes you to the preferences page (§7) with the "Advertising / Targeting" toggle pre-set to OFF. To confirm the opt-out, save the preferences. We then suppress advertising cookies for this browser / device until you change the setting.
We provide this link as required by the California Consumer Privacy Act (Cal Civ Code §1798.135(a)) and equivalent state-law provisions.
6. Global Privacy Control (GPC) — automatic opt-out
Global Privacy Control is a browser-based or extension-based signal that automatically tells every website you visit "do not sell or share my personal information." If your browser sends a GPC signal, Lumia treats that as an automatic opt-out of the "Advertising / Targeting" category for that browser / device.
GPC is supported by:
- Firefox — built-in (Settings → Privacy & Security → Send websites a "Do Not Track" signal → Always, plus install a GPC-aware extension if desired). The latest versions of Firefox now also include a dedicated GPC switch.
- DuckDuckGo Privacy Browser — built-in (enabled by default).
- Brave — built-in (enabled by default).
- Privacy Badger — extension for Chrome, Firefox, Edge, Opera.
- Disconnect — extension.
- OptMeowt — extension.
You can verify whether your browser sends GPC at globalprivacycontrol.org.
We comply with GPC as required by Cal Civ Code §1798.135(b), Colorado UOOM (4 CCR 904-3, Rule 5.06), and similar state rules.
7. The preferences page — how to use it
The cookie preferences page is available at archerskin.com/pages/cookie-settings#preferences and is linked from every page footer.
The page presents four toggles:
| Toggle | Default | Notes |
|---|---|---|
| Strictly Necessary | ON, locked | Cannot be turned off — required for the Site to work |
| Performance / Analytics | ON | Toggle to OFF to opt out of Google Analytics |
| Advertising / Targeting | ON | Toggle to OFF to opt out of Meta Pixel, Google Ads tags, TikTok Pixel, and any other advertising-category cookies in §9 |
| Functional / Personalisation | ON | Toggle to OFF to disable personalisation features |
Click Save preferences to apply. Your choices are stored in a strictly-necessary cookie and persist until you clear browser cookies or change them again. To change your preferences any time, return to this page.
When you save a preference change, we update the cookie-consent state on this browser / device and the Site stops setting cookies in any disabled category until you re-enable.
8. Browser-level cookie controls
You can also block or delete cookies through your browser. Browser controls apply to every site, not just ours.
- Apple Safari — Settings → Safari → Privacy & Security
- Google Chrome — Settings → Privacy and security → Cookies and other site data
- Microsoft Edge — Settings → Cookies and site permissions → Manage and delete cookies and site data
- Mozilla Firefox — Settings → Privacy & Security → Cookies and Site Data
- Mobile Safari (iOS) — Settings → Safari → Privacy & Security
- Chrome (Android) — Settings → Site settings → Cookies
Blocking strictly necessary cookies at the browser level will prevent the Site from working properly.
9. Schedule A — Cookie Register (live as of the date above)
For archer-website (operator): This register must be kept in sync with the actual cookies, pixels, SDKs, and tags loaded by the Shopify storefront. Update on every change.
9.1 Strictly Necessary
| Cookie name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_shopify_y |
Shopify | Visitor identification for fraud prevention and analytics | First-party | 1 year |
_shopify_s |
Shopify | Session identification | First-party | 30 minutes |
cart, cart_currency, cart_sig, cart_ts, cart_ver |
Shopify | Cart state, cart contents, currency, integrity | First-party | 2 weeks |
secure_customer_sig, _secure_session_id |
Shopify | Authenticated-session identification | First-party | 1 year / session |
_orig_referrer, _landing_page |
Shopify | Where the session started, for fraud and analytics | First-party | 2 weeks |
_shopify_tm, _shopify_tw |
Shopify | Trackable internal events | First-party | 30 min |
| Stripe / Shopify Payments session cookies | Stripe / Shopify | Tokenised checkout, fraud detection (3DS, anti-bot) | First-party | Session / checkout duration |
consent_state (or equivalent name from the consent app) |
Lumia | Records your cookie-consent choices | First-party | 1 year |
csrf_token |
Shopify / Lumia | Cross-site-request-forgery protection | First-party | Session |
9.2 Performance / Analytics
| Cookie / tag | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_ga, _ga_<container> |
Google Analytics 4 | Visitor identification, session identification, analytics measurement | First-party (set by Lumia's GA container) | Up to 2 years (we set the GA4 retention to 26 months) |
| Google Analytics IP-anonymisation flag | Google Analytics | Truncates last octet of IPv4 / last 80 bits of IPv6 before storage | Configuration | — |
9.3 Advertising / Targeting (treated as "sale or share" under CCPA / CPRA)
| Cookie / tag | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_fbp, _fbc, fr |
Meta (Facebook / Instagram) — Meta Pixel | Ad measurement, conversion attribution, audience building | Third-party | 90 days (fbp), session (fr), 7 days (fbc) |
| Meta Conversions API events | Meta — server-side | Conversion measurement supplementing Meta Pixel | Server-to-server | Event-based |
_gcl_au, _gcl_aw, _gcl_gb |
Google Ads | Conversion attribution, remarketing | Third-party | 90 days |
| Google Enhanced Conversions | Google — server-side | Conversion measurement with hashed PII | Server-to-server | Event-based |
_ttp |
TikTok | Visitor identification for TikTok Pixel | Third-party | 13 months |
| TikTok Events API | TikTok — server-side | Conversion measurement supplementing TikTok Pixel | Server-to-server | Event-based |
9.4 Functional / Personalisation
| Cookie | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
currency |
Shopify | Remembers your selected currency | First-party | 1 year |
keep_alive |
Shopify | Country / region targeting | First-party | 2 weeks |
recently_viewed_products |
Lumia (Shopify storage) | Personalises the "recently viewed" widget on PDP | First-party | 30 days |
| Klaviyo identification cookie | Klaviyo (when you subscribe to email or SMS) | Identifies you to Klaviyo for personalised marketing | Third-party | 2 years |
10. Children
The Site is not directed to children under 13 and we do not knowingly use cookies to collect personal information from children under 13 — see Privacy Policy §7 (COPPA notice).
11. Changes
We may update this Cookie Settings page from time to time as cookies, tags, pixels, SDKs, or our consent mechanism change. The "Effective date" and "Last updated" dates at the top reflect the most recent revision. The Cookie Register in §9 is updated on every change to the live cookie set.
12. Contact
To exercise any privacy right described in Privacy Policy §10, or for questions about cookies on the Site, email concierge@archerskin.com.
13. Statutory authorities referenced
For transparency, the following U.S. statutory and regulatory authorities are referenced expressly or implicitly above:
- Cal Civ Code §1798.135 — required "Do Not Sell or Share My Personal Information" link; honouring opt-out preference signals (GPC)
- 4 CCR 904-3, Rule 5.06 — Colorado Universal Opt-Out Mechanism rule
- 15 USC §6501 et seq. — Children's Online Privacy Protection Act
- See Privacy Policy §18 for the full list of state privacy laws referenced.
End of Cookie Settings.