Cookie Policy
Last updated May 8, 2026
We use cookies and similar storage to keep you signed in, attribute referrals, and understand how the site is used. This page lists every cookie we set, what it does, and how to opt out. We don't use third-party advertising cookies and we don't allow other sites to track you across the web through ours.
Cookies we set
| Name | Purpose | Category | Lifetime | Set by |
|---|---|---|---|---|
| better-auth.session_token | Keeps you signed in after a successful magic-link click. | Essential | 30 days | ricecrackerclub.com (Better-Auth) |
| ref_code | Remembers which referral link sent you here so we can credit your friend's account if you subscribe. | Functional | 30 days | ricecrackerclub.com |
| utm_source | Marketing attribution — which campaign brought you here. | Marketing | 30 days | ricecrackerclub.com |
| gpc_signal | Records that your browser sent a Global Privacy Control opt-out signal so we keep honoring it client-side. | Functional | 1 year | ricecrackerclub.com |
| ph_* | PostHog product analytics — anonymous device identifier, page views, feature-flag exposures, and (when enabled) session replay. | Analytics | Up to 1 year (varies) | PostHog |
Browser storage
| Key | Purpose | Lifetime |
|---|---|---|
| sessionStorage: oneninetyseven_quiz_session | Holds your quiz session ID so refreshing the page doesn't lose your answers. | Cleared when you close the tab |
How to opt out
- Analytics & session replay. Toggle off at Account → Privacy. PostHog will stop capturing anything for your browser session and any prior data tied to your user ID is deleted.
- Global Privacy Control. Browsers like Brave, DuckDuckGo, and Firefox (with a setting) send
Sec-GPC: 1. We honor it automatically — no clicking required. We'll skip the attribution cookies and pre-disable analytics on every visit. - Block at the browser level. Most browsers let you delete or block individual cookies in their settings. The site will still work; you may have to sign in more often.
- Marketing email. Off in Privacy Center or via the unsubscribe link in any marketing email.
Why we don't show a banner
U.S. privacy law (CCPA/CPRA and the newer state laws) requires us to respect opt-outs and to tell you what we collect — but it doesn't require nagging every visitor with a click-through banner. We think a simple Privacy Center, a clear cookie list, and automatic Global Privacy Control honoring is more respectful of your time. If you disagree, write to [email protected] — we'll listen.
Questions
See our full Privacy Policy, or email [email protected].