1. Categories
| Category | Purpose | Required? |
|---|---|---|
| Strictly necessary | Authentication session, CSRF protection, fraud detection, region routing. | Yes — service cannot function without them. |
| Functional | Remember theme, language, last-viewed match, persona switcher state. | No — turn off and you'll re-pick on each visit. |
| Analytics | Aggregate usage to understand which features get used. No third-party trackers. | No — opt-out leaves the service fully working. |
| Marketing | Measure how marketing campaigns convert to sign-ups. Off by default. | No — opt-in only. |
2. Specific cookies we set
| Name | Category | Lifetime |
|---|---|---|
authjs.session-token | Strictly necessary | 30 days, rolling |
authjs.csrf-token | Strictly necessary | Session |
authjs.callback-url | Strictly necessary | Session |
sx-consent | Strictly necessary | 12 months |
sx-prefs | Functional | 12 months |
sx-analytics | Analytics | 12 months |
3. Third parties
We avoid third-party cookies by default. Some payment flows (Stripe, Paystack, Flutterwave) and embedded video providers may set their own cookies once you reach their hosted page — those are governed by their policies.
4. Your control
- The consent banner at first visit lets you accept all, reject non-essential, or pick category by category.
- Re-open your choices any time from Settings → Security → Privacy.
- You can also block cookies in your browser settings; expect parts of the platform — sign-in, payments — to break if you do.
5. Do Not Track
We honour the deprecated DNT header for analytics. The newer Sec-GPC(Global Privacy Control) signal opts you out of any data sharing for cross-site advertising — which we don't do anyway, but the signal still applies.
6. Changes
Material additions to the table above will be flagged in the consent banner the next time we update it. Minor changes are versioned at the bottom of this page.
7. Contact
Cookie questions: privacy@sportsplex.app.