Contents

Cookie Policy

Last updated: May 2026

1. What Are Cookies

Cookies are small text files that are stored on your device when you visit a website. They help websites remember your preferences and improve your browsing experience.

Grimoria uses cookies for essential functionality (such as keeping you logged in and remembering your language preference) and, with your consent, for analytics and affiliate marketing.

2. How We Use Cookies

Below is a complete list of cookies used by Grimoria:

grimoria-session — Authentication session token (Strictly Necessary, session duration, Grimoria)
grimoria_tokens — JWT authentication tokens (Strictly Necessary, 7 days, Grimoria)
NEXT_LOCALE — Language preference (Strictly Necessary, 1 year, Grimoria)
grimoria-theme-mode — Dark/light theme preference (Strictly Necessary, 1 year, Grimoria)
grimoria-theme-variant — Theme variant selection (Strictly Necessary, 1 year, Grimoria)
grimoria-cookie-consent — Your cookie consent preferences (Strictly Necessary, 1 year, Grimoria)

3. Cookie Categories

We organize cookies into three categories:

Strictly Necessary: Required for Grimoria to function. These cookies enable core features like authentication, language settings, and theme preferences. They cannot be disabled.
Analytics: Help us understand how visitors use Grimoria. We use Umami, a privacy-friendly, self-hosted, cookieless analytics tool. Although Umami does not set cookies, we gate its activation behind your explicit consent as a privacy-first gesture.
Marketing & Affiliates: Used for affiliate link attribution to card marketplaces (TCGPlayer, CardMarket, CardTrader, Amazon). When you consent to this category, third-party affiliate services may set cookies to track purchase referrals.

4. Analytics (Umami)

Grimoria uses Umami for website analytics. Umami is:

Self-hosted on our own servers in Germany (Hetzner)
Cookieless — Umami does not set any cookies on your device
Anonymous — No personal information is collected. IP addresses are never stored.
GDPR-compliant by design — No cross-site tracking, no fingerprinting

Even though Umami does not require consent (it is cookieless and collects no personal data), we respect your choice and only activate analytics tracking when you explicitly consent via the cookie banner.

You can also opt out of analytics in your profile settings (Settings → Security → Data & Privacy).

5. Affiliate & Marketing Cookies

Grimoria participates (or plans to participate) in the following affiliate programs:

TCGPlayer — Card marketplace (US)
CardMarket — Card marketplace (EU)
CardTrader — Card marketplace (EU)
Amazon Associates — General marketplace

When you consent to marketing cookies, clicking an affiliate link may result in third-party cookies being set by these services. These cookies are used to attribute purchases to Grimoria for commission purposes.

Grimoria does not display advertisements. We only use affiliate links to card marketplaces.

6. Managing Your Cookie Preferences

You can manage your cookie preferences at any time through:

Cookie banner: Shown when you first visit Grimoria (or when our cookie policy is updated)
"Manage Cookies" link: Available in the footer of every page
Browser settings: Most browsers allow you to block or delete cookies. Note that blocking strictly necessary cookies may prevent Grimoria from functioning properly.
Analytics opt-out: Authenticated users can also opt out of analytics tracking in Settings → Security → Data & Privacy.

Changing your preferences takes effect immediately. If you reject analytics or marketing cookies, those tracking technologies will be disabled on your next page load.

7. Third-Party Cookies

When you consent to marketing cookies, the following third parties may set cookies on your device:

TCGPlayer: Purchase attribution cookies. See TCGPlayer's privacy policy for details.
CardMarket: Purchase attribution cookies. See CardMarket's privacy policy for details.
CardTrader: Purchase attribution cookies. See CardTrader's privacy policy for details.
Amazon: Associate cookies. See Amazon's privacy policy for details.

Grimoria does not control third-party cookies. We recommend reviewing the privacy policies of these services.

9. Native Mobile Application

Cookies are a web-browser concept and do not apply to the Grimoria native mobile app (Android and iOS). The native app handles equivalent functionality through platform-specific mechanisms:

Authentication: Auth tokens are stored in the OS Keychain (iOS) / Keystore (Android), not in cookies. Optional biometric protection (Face ID / Touch ID / fingerprint) controls access.
Preferences (theme, language): Stored in the app's local storage (IndexedDB and native preferences), not in cookies.
Card cache & offline data: Stored in the app's IndexedDB and local file storage. Cleared when you uninstall the app.
Analytics: The mobile app uses Firebase Analytics (anonymous, no cookies). Can be disabled in Settings → Privacy.
Push notifications: Delivered via Firebase Cloud Messaging (FCM); the device token is not a cookie.
No cross-site tracking is possible in a native app — there is no shared browser context.

For full details on what data the mobile app collects, see Section 10 of our Privacy Policy.

10. Changes to This Policy

We may update this Cookie Policy to reflect changes in our cookie usage or legal requirements. When we make changes, we will update the "Last Updated" date and increment the consent version, which will re-prompt all users to review and update their cookie preferences.

11. Contact

For questions about this Cookie Policy or our use of cookies:

Email: privacy@grimoria.app

1. What Are Cookies

Cookies are small text files that are stored on your device when you visit a website. They help websites remember your preferences and improve your browsing experience.

Grimoria uses cookies for essential functionality (such as keeping you logged in and remembering your language preference) and, with your consent, for analytics and affiliate marketing.

2. How We Use Cookies

Below is a complete list of cookies used by Grimoria:

grimoria-session — Authentication session token (Strictly Necessary, session duration, Grimoria)
grimoria_tokens — JWT authentication tokens (Strictly Necessary, 7 days, Grimoria)
NEXT_LOCALE — Language preference (Strictly Necessary, 1 year, Grimoria)
grimoria-theme-mode — Dark/light theme preference (Strictly Necessary, 1 year, Grimoria)
grimoria-theme-variant — Theme variant selection (Strictly Necessary, 1 year, Grimoria)
grimoria-cookie-consent — Your cookie consent preferences (Strictly Necessary, 1 year, Grimoria)

3. Cookie Categories

We organize cookies into three categories:

Strictly Necessary: Required for Grimoria to function. These cookies enable core features like authentication, language settings, and theme preferences. They cannot be disabled.
Analytics: Help us understand how visitors use Grimoria. We use Umami, a privacy-friendly, self-hosted, cookieless analytics tool. Although Umami does not set cookies, we gate its activation behind your explicit consent as a privacy-first gesture.
Marketing & Affiliates: Used for affiliate link attribution to card marketplaces (TCGPlayer, CardMarket, CardTrader, Amazon). When you consent to this category, third-party affiliate services may set cookies to track purchase referrals.

4. Analytics (Umami)

Grimoria uses Umami for website analytics. Umami is:

Self-hosted on our own servers in Germany (Hetzner)
Cookieless — Umami does not set any cookies on your device
Anonymous — No personal information is collected. IP addresses are never stored.
GDPR-compliant by design — No cross-site tracking, no fingerprinting

You can also opt out of analytics in your profile settings (Settings → Security → Data & Privacy).

5. Affiliate & Marketing Cookies

Grimoria participates (or plans to participate) in the following affiliate programs:

TCGPlayer — Card marketplace (US)
CardMarket — Card marketplace (EU)
CardTrader — Card marketplace (EU)
Amazon Associates — General marketplace

Grimoria does not display advertisements. We only use affiliate links to card marketplaces.

6. Managing Your Cookie Preferences

You can manage your cookie preferences at any time through:

Cookie banner: Shown when you first visit Grimoria (or when our cookie policy is updated)
"Manage Cookies" link: Available in the footer of every page
Browser settings: Most browsers allow you to block or delete cookies. Note that blocking strictly necessary cookies may prevent Grimoria from functioning properly.
Analytics opt-out: Authenticated users can also opt out of analytics tracking in Settings → Security → Data & Privacy.

Changing your preferences takes effect immediately. If you reject analytics or marketing cookies, those tracking technologies will be disabled on your next page load.

7. Third-Party Cookies

When you consent to marketing cookies, the following third parties may set cookies on your device:

TCGPlayer: Purchase attribution cookies. See TCGPlayer's privacy policy for details.
CardMarket: Purchase attribution cookies. See CardMarket's privacy policy for details.
CardTrader: Purchase attribution cookies. See CardTrader's privacy policy for details.
Amazon: Associate cookies. See Amazon's privacy policy for details.

Grimoria does not control third-party cookies. We recommend reviewing the privacy policies of these services.

9. Native Mobile Application

Cookies are a web-browser concept and do not apply to the Grimoria native mobile app (Android and iOS). The native app handles equivalent functionality through platform-specific mechanisms:

Authentication: Auth tokens are stored in the OS Keychain (iOS) / Keystore (Android), not in cookies. Optional biometric protection (Face ID / Touch ID / fingerprint) controls access.
Preferences (theme, language): Stored in the app's local storage (IndexedDB and native preferences), not in cookies.
Card cache & offline data: Stored in the app's IndexedDB and local file storage. Cleared when you uninstall the app.
Analytics: The mobile app uses Firebase Analytics (anonymous, no cookies). Can be disabled in Settings → Privacy.
Push notifications: Delivered via Firebase Cloud Messaging (FCM); the device token is not a cookie.
No cross-site tracking is possible in a native app — there is no shared browser context.

For full details on what data the mobile app collects, see Section 10 of our Privacy Policy.

1. What Are Cookies

2. How We Use Cookies

3. Cookie Categories

4. Analytics (Umami)

5. Affiliate & Marketing Cookies

6. Managing Your Cookie Preferences

7. Third-Party Cookies

8. How We Obtain and Store Consent

9. Native Mobile Application

10. Changes to This Policy

11. Contact

1. What Are Cookies

2. How We Use Cookies

3. Cookie Categories

4. Analytics (Umami)

5. Affiliate & Marketing Cookies

6. Managing Your Cookie Preferences

7. Third-Party Cookies

8. How We Obtain and Store Consent

9. Native Mobile Application

10. Changes to This Policy

11. Contact