Cookie Policy

Last updated: 2026-04-22

We use a small set of cookies and similar browser storage. No advertising cookies.

Strictly necessary

• auth_session, session authentication, HttpOnly + Secure + SameSite=Lax, 30 days max. Set only after you sign in.
• fc_admin_session, signed admin-impersonation cookie (admins only), 1 hour max.
• x-vertical-id, tracks which vertical you're using; 365 days, not used for advertising.
• CSRF headers, requests are validated by Origin/Referer; no CSRF cookie is set.

Functional (with consent)

• Google reCAPTCHA (on registration + auth), sets _GRECAPTCHA and related cookies from google.com to protect against automated sign-ups. Loaded only after you accept functional cookies on our banner.
• Stripe (on checkout), sets Stripe's own cookies for fraud detection and session continuity on the Stripe-hosted checkout page. See stripe.com/cookie-settings.

Local storage

• gdpr_banner_accepted, remembers your consent choice so we don't keep asking.
• Session-scoped UI preferences (sidebar expanded/collapsed, theme).

No analytics, no ads

We don't use Google Analytics, Plausible, PostHog, Mixpanel, or any advertising tracker. We rely on server-side request logs for aggregate usage metrics and billing reconciliation.

Your choice

The cookie banner lets you accept or reject functional cookies. Strictly-necessary cookies are always set when you sign in, without them the platform can't authenticate you. You can clear cookies any time in your browser.

Contact

Email: privacy@fightclub.pro.