Cookies are an item of concern mostly for those in the EU, due to regional regulations around Internet privacy. Here, a summary of cookies in Backlight, applicable to all versions of Backlight.
If you're not sure what a "cookie" is, see the HTTP Cookie entry on Wikipedia.
As example, the site settings and language values are loaded once per session and associated with the user, who is otherwise anonymous. This improves performance. When language drop-downs are used, this association enables the server to return pages in the same language as chosen in prior page views. Without this, the user would need to choose the language for every single page load. For shopping carts and client response, the cart contents and feedback associated to the browser are kept on the server, so that they are not lost from one page view to the next.
None of this information is identifiable to the user, and none of it is kept in the browser. Instead, all that the browser cookie stores is a unique identifier (you can see this by browsing to a Backlight 2 site and viewing the cookies in the inspector; there is one, PHPSESSID). The identifier and associated data isn't tracked to identifiable information, isn't saved beyond the lifetime of the session, is not shared outside of the system to TTG, or to any other party, and is not used to track you from one site to another.
Another use case for cookies is to identify logins. Without knowing that a page view came from the same browser that was logged in to client managed albums or the Backlight admin, there is no way to maintain a login session.
Backlight offers integrations with some third-party services. These services are opt-in, meaning that none are enabled by default. Such services may create additional cookies external to Backlight's responsibility.
For example, if you enable Google Analytics, reCaptcha or Fotomoto features; if you use Google Maps, or PayPal; if you install WordPress and WordPress plugins, third-party widgets, etc., it is likely that these services or software packages are creating additional cookies in your visitors' browsers. In many cases, these cookies are necessary for the service to do its job, and the service would not function without them. This is how the Internet works, and cookies should generally not be cause for alarm.
Whatever cookies are created and data handled by such services, that's entirely between you (the site owner) and that specific service, and is entirely separate from Backlight and The Turning Gate. If, for example, you take issue with Google's cookies, then you should NOT enable Google Analytics, NOT use Google Maps in your galleries, and NOT enable Google's reCaptcha for your contact forms.