Cookie Policy
Last updated: 28 February 2026
1. What are cookies and similar technologies?
Cookies are small text files placed on your device by a website. We also use browser localStorage and sessionStorage — these are not cookies in the technical sense, but serve similar purposes. This policy covers all three.
2. What we use and why
2.1 Strictly necessary
These are required for the Service to function. No consent is required.
| Technology | Name | Expiry | Purpose |
|---|---|---|---|
| HttpOnly Cookie | _flickd_rt | 30 days (or logout) | Keeps you signed in. Contains your refresh token. Set with HttpOnly, Secure, SameSite=Lax — not readable by JavaScript. |
| localStorage | flickd_has_session | Until logout or storage clear | Stores "1" to indicate a session may exist, avoiding an unnecessary network request on first page load. Contains no personal data. |
2.2 Functional
These remember your preferences.
| Technology | Name | Expiry | Purpose |
|---|---|---|---|
| localStorage | flickd_lang | Until user clears storage | Stores your chosen language code (e.g. "de-DE"). Used to skip language detection on subsequent visits. |
2.3 Session state (tab-lifetime only)
| Technology | Name | Expiry | Purpose |
|---|---|---|---|
| sessionStorage | flickd-webrtc-session | Current browser tab lifetime | Stores session details (session ID, player name, game state) to allow reconnection if your tab is accidentally refreshed mid-game. Cleared automatically when the tab is closed. |
Legal basis: Art. 6(1)(b) GDPR — necessary to participate in a multiplayer game session. This data is stored only for the lifetime of the browser tab and is never written to our servers.
2.4 Analytics and monitoring (consent required)
We use third-party analytics and frontend monitoring tools. Neither is active until you accept via the cookie consent banner.
| Technology | Name pattern | Expiry | Purpose |
|---|---|---|---|
| Cookie / localStorage | ph_* | 1 year | Anonymous analytics session tracking. A random device/session ID is assigned with no link to your identity. No personal profile is created. |
| HTTP beacon (no client storage) | n/a | Session only | Frontend error and performance monitoring. Collects JavaScript errors, page load metrics, and browser metadata. Your IP address is transmitted to our monitoring provider as part of the HTTP request. No cookie or localStorage key is set. |
For legal basis, EU hosting, and DPA details, see our Privacy Policy §4.
Your consent choice is stored in _fkd_c9f7 in localStorage ('1' = accepted, '0' = declined). You can change your preference at any time using the button below:
3. Cookies we do NOT set
- No advertising or tracking cookies.
- No third-party social media pixels.
- No fingerprinting scripts.
4. How to control cookies
Browser settings
| Browser | Cookie settings location |
|---|---|
| Chrome | Settings → Privacy and security → Cookies and other site data |
| Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Safari | Settings → Privacy → Manage Website Data |
| Edge | Settings → Cookies and site permissions |
Opt out of PostHog analytics
Use the “Change cookie preferences” button above (in Section 2.4), or click “Decline” when the cookie consent banner appears. The banner can be re-shown at any time by clicking that button. This does not affect any Service functionality.
5. Third-party cookies
We do not directly set third-party cookies. However:
- PostHog may set cookies from the PostHog domain under its SDK. Data is stored in the EU only. A Data Processing Agreement (DPA) is in place. See PostHog's Privacy Policy.
- Cloudflare may set short-lived
__cf_bmcookies for bot protection. These are strictly necessary for security. See Cloudflare's Cookie Policy.
6. Full storage inventory
| Technology | Key / Name | Set by | Readable by JS | Expiry | Contains personal data? |
|---|---|---|---|---|---|
| Cookie (HttpOnly) | _flickd_rt | Server (auth-service) | No | 30 days / logout | Yes — refresh token (opaque credential) |
| localStorage | flickd_has_session | Client JS | Yes | Until logout / clear | No |
| localStorage | flickd_lang | Client JS | Yes | Until clear | No |
| localStorage | _fkd_c9f7 | Client JS | Yes | Until clear | No — consent flag only |
| sessionStorage | flickd-webrtc-session | Client JS | Yes | Tab lifetime | Yes — playerName (user-chosen username); never written to server |
| Cookie / localStorage | ph_* | Analytics SDK | Yes | ~1 year | No — anonymous random device ID only, not linked to any identity |
| HTTP beacon (no storage) | n/a | Monitoring SDK | N/A | Session only | Yes — IP address transmitted to monitoring provider; not stored client-side |
| Cookie | __cf_bm | Cloudflare | No | 30 minutes | No |
7. Contact
For questions about our use of cookies:
[email protected]
Guled Said Osman
Popitzweg 8, 13627 Berlin, Germany