Legal

# Cookie Policy

Last updated: June 2, 2026

## 1\. Introduction

This Cookie Policy explains how Crypto Chief ("**we**", "**us**" or "**our**") uses cookies and similar storage technologies when you visit <https://crypto-chief.com/> (the "**Website**"), the merchant dashboards at [app-processing.crypto-chief.com](https://app-processing.crypto-chief.com/) and [app-rpc.crypto-chief.com](https://app-rpc.crypto-chief.com/), the sign-in service at [auth.crypto-chief.com](https://auth.crypto-chief.com/), and any of our APIs (together, the "**Platform**").

This Cookie Policy should be read together with our [Privacy Policy](/privacy/), which describes how we process Personal Information more broadly.

Consent for non-essential cookies on the Website is managed through a Consent Management Platform provided by **Cybot A/S (Cookiebot)**. Non-essential cookies (analytics, third-party widgets) are **blocked by default** until you give consent. You can review and change your choices at any time using the [Manage your consent](#) link, which re-opens the Cookiebot banner.

## 2\. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. The Platform uses cookies and similar browser storage mechanisms — including HTML5 `localStorage` and `sessionStorage` — to keep the Website and dashboards functional, remember your preferences and protect against abuse.

A cookie can be a **session cookie** (cleared when you close the browser) or a **persistent cookie** (retained for a defined period). We use both, as described below.

## 3\. Types of Cookies and Storage We Use

### 3.1 Strictly Necessary

Required for the Platform to operate. These cannot be disabled without breaking sign-in or core functionality.

- Authentication and session cookies set by `auth.crypto-chief.com` when you sign in (including OAuth callbacks from Google Sign-In). Examples: `koa.sess`, `access_token`.
- Cross-site request forgery (CSRF) tokens used to protect form submissions and API calls from the dashboard.
- Cookies set by our DDoS-protection and security provider (Cloudflare) — for example, `cf_clearance` — to verify your browser and mitigate automated attacks.

### 3.2 Functional

Remember choices you make to improve your dashboard experience. Stored in `localStorage`/`sessionStorage` rather than as classic cookies, but functionally the same.

- `last_project_id` — the last project you viewed, so we open it automatically on your next visit.
- `menuGroupsState` — collapsed/expanded state of the sidebar groups.
- `starting_credit_banner_dismissed:<project>` — whether you've dismissed the postpaid onboarding banner for a project during the current browser session.
- Theme, language and region preferences when applicable.

### 3.3 Performance and Analytics

On the marketing Website ([crypto-chief.com](https://crypto-chief.com/)) we use **Google Analytics 4** to understand aggregate traffic patterns — page views, traffic sources, country-level geography and session duration. Google Analytics 4 sets the following cookies on your device:

- `_ga` — distinguishes unique visitors. Stored for 2 years.
- `_ga_G-XKVRYF3G0K` — session state for our specific GA4 property. Stored for 2 years.

GA4 truncates the last octet of the IP address before storage so visitors are not identified by IP. We use the aggregate reports only — we do not enable Google Signals, advertising features or remarketing audiences. Google Analytics is **not** loaded on the merchant dashboards (`app-processing.crypto-chief.com`, `app-rpc.crypto-chief.com`) or on the sign-in service.

You can opt out of Google Analytics across all sites by installing the [Google Analytics opt-out browser add-on](https://tools.google.com/dlpage/gaoptout), or you can block the `_ga*` cookies through your browser settings (see Section 5). See also [How Google uses information from sites that use its services](https://policies.google.com/technologies/partner-sites).

We do **not** deploy any other third-party advertising or behavioural tracking technologies (Facebook Pixel, TikTok Pixel, LinkedIn Insight, Hotjar, FullStory or similar). If we introduce one in the future we will update this Cookie Policy and, where required by applicable law, present a consent banner before any non-essential cookies are set.

### 3.4 Third-Party Cookies

Some cookies originate from third-party services we embed for limited, well-defined purposes:

- **Cloudflare** — DDoS protection, bot mitigation and TLS termination for the Website and APIs.
- **Google Analytics** — aggregate Website analytics, see Section 3.3 above.
- **Dodo Payments** — when you top up your API Credit balance with a card or bank, the payment widget is hosted by Dodo and may set its own cookies on its own domain for fraud prevention and session continuity. We do not control those cookies; see Dodo's policy.
- **Google** — when you sign in with Google, Google sets its own cookies on its own domain (`accounts.google.com`) during the OAuth flow. We do not control those cookies.
- **GitHub** — when you sign in with GitHub (including as a second-factor option), GitHub sets its own cookies on its own domain (`github.com`) during the OAuth flow. We do not control those cookies.

## 4\. Why We Use Cookies

- To keep you signed in to the dashboard;
- To protect the Platform from automated abuse, denial-of-service attacks and credential-stuffing;
- To remember your project selection and UI preferences;
- To process payments securely via our payment sub-processors;
- To operate Google Sign-In if you choose that authentication option.

## 5\. Managing Cookies

Most browsers let you control cookies through their settings:

- Block all cookies, or block third-party cookies specifically;
- Delete existing cookies and clear browser storage;
- Enable a notification before a site stores cookies;
- Use a private/incognito session, which discards most cookies on close.

Browser-specific instructions: [Chrome](https://support.google.com/chrome/answer/95647), [Firefox](https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer), [Safari](https://support.apple.com/en-us/HT201265), [Edge](https://support.microsoft.com/en-us/microsoft-edge), [Opera](https://help.opera.com/en/latest/web-preferences/).

For non-essential cookies on the marketing Website you can also revoke or change your previous Cookiebot consent at any time: [Manage your consent](#).

**Note:** disabling strictly necessary cookies will prevent you from signing in to the dashboard. Disabling functional storage will reset your preferences on every visit but will not block core functionality. Revoking Google Sign-In access at [myaccount.google.com/permissions](https://myaccount.google.com/permissions) is independent of cookie deletion.

## 6\. Do Not Track

Some browsers transmit a "Do Not Track" (DNT) signal. There is no industry consensus on how DNT should be honoured. Because we do not currently use cross-site behavioural tracking, our cookie practice is the same regardless of whether DNT is set.

## 7\. Changes to This Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, the services we rely on, or applicable law. The revised version will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

## 8\. Contact

For questions about this Cookie Policy, contact us at [admin@crypto-chief.com](mailto:admin@crypto-chief.com).

## 9\. Current Cookie Declaration

The list below is generated automatically by Cookiebot's scanner and reflects every cookie and similar technology actually observed on the marketing Website. It is refreshed on a regular schedule. If you notice a discrepancy with the categories described above, the live declaration takes precedence — please contact us so we can investigate.