Cookie Policy
Mystical Realms Effective Date: March 8, 2026 Last Updated: June 2025
Website: https://mystical-realms.com Contact: privacy@mystical-realms.com Operator: Joshua McLain
1. What Are Cookies and Similar Technologies
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work, to keep you signed in, and to remember your preferences. Cookies are stored by your web browser and can be viewed and deleted through your browser settings.
Local Storage (also called "Web Storage") is a similar browser technology that allows websites to store small amounts of data on your device. Unlike cookies, local storage data is not sent to the server with every request — it remains in your browser until explicitly removed.
Under privacy regulations such as the EU ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR), rules governing cookies also apply to similar technologies including local storage.
2. Cookies and Storage Technologies We Use
Mystical Realms uses strictly necessary cookies, functional local storage, and optional analytics technologies. We do not use any advertising, social media, or behavioral targeting cookies.
2.1 Cookies
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
sb-* (e.g., sb-access-token, sb-refresh-token) | Supabase (first-party, set via our authentication provider) | Authentication — stores your JSON Web Token (JWT) access token and refresh token to keep you signed in | Strictly necessary | Access token: 1 hour; Refresh token: rotated on use |
2.2 Local Storage
| Key | Purpose | Category | Duration |
|---|---|---|---|
auth-storage | Persists authentication state (user ID, email, display name, deck skin preference, timezone) across page loads so you don't lose context when navigating | Functional / Strictly necessary | Until you sign out or clear browser data |
tarot-store | Remembers your selected deck skin (visual card style) preference | Functional / Strictly necessary | Until you clear browser data |
cookie-consent | Records your cookie and analytics consent preferences, including a timestamp, the policy version you acknowledged, and whether you opted in or out of analytics | Functional / Strictly necessary | 6 months (you will be re-prompted after expiry or when the policy version changes) |
2.3 Analytics Technologies (PostHog — Opt-In Only)
If you opt in to analytics, the following technologies may be used by PostHog:
| Technology | Purpose | Category | Duration |
|---|---|---|---|
| PostHog session data | Product analytics — tracks feature usage events (e.g., which features are used, page views) to help us understand how the Service is used and improve it | Analytics (opt-in only) | Session-based; retained in PostHog for the duration of our data retention policy |
ph_* cookies / local storage | PostHog may set cookies or use local storage to identify returning sessions | Analytics (opt-in only) | Varies; typically up to 1 year |
Important: When you reject analytics or have not yet made a choice, PostHog operates in cookieless mode — it does not set any cookies, does not write to local storage, and does not capture any events. Analytics data is only collected after you explicitly opt in.
3. Cookie Categories
3.1 Strictly Necessary Cookies
These cookies and storage items are essential for the Service to function. They enable core features such as authentication, session management, and remembering your preferences. Without them, the Service cannot operate as intended.
Strictly necessary cookies are exempt from the consent requirement under Article 5(3) of the EU ePrivacy Directive and Regulation 6 of the UK PECR, because they are used solely to provide a service you have explicitly requested (signing in, using the application).
While consent is not legally required for these cookies, we believe in transparency and inform you about them through our cookie notice and this policy.
You cannot selectively disable strictly necessary cookies through our Service. However, you can block all cookies via your browser settings (see Section 5).
3.2 Analytics Cookies (PostHog — Opt-In Only)
We use PostHog, a product analytics platform, to understand how users interact with the Service so we can improve it. Analytics cookies and event capture are only activated if you explicitly opt in via our cookie consent banner or the analytics toggle in your account Settings page.
What PostHog collects when you opt in:
- Feature usage events (e.g., "tarot reading started," "natal chart generated," "journal entry created")
- Page views and general navigation patterns
- Browser type, operating system, and screen size (for compatibility improvements)
- A pseudonymous user identifier (your Supabase user ID — not your email or name)
What PostHog does NOT collect:
- Your email address, display name, or password
- Birth dates, times, or locations
- Geographic coordinates
- Tarot card names, readings, journal text, or any personal content
- IP addresses for geolocation (PostHog is configured to anonymize IP addresses)
If you do not opt in, or if you opt out at any time:
- PostHog operates in cookieless mode — no cookies are set, no local storage is written, and no events are captured
- The PostHog SDK loads but remains completely inert
- Your experience with the Service is entirely unaffected
You can change your analytics preference at any time from the Settings page within your account, or by clearing your cookie-consent local storage item to re-trigger the consent banner.
3.3 Advertising / Marketing Cookies
We do not use advertising, marketing, or behavioral targeting cookies, and have no plans to do so.
4. Third-Party Cookies
The cookies set on your device fall into two categories:
-
Supabase authentication cookies (
sb-*): While Supabase is a third-party service provider, these cookies are set as first-party cookies under our domain and are used exclusively for authenticating your session with our Service. -
PostHog analytics cookies (
ph_*): Only set if you opt in to analytics. PostHog is a third-party product analytics provider. When active, PostHog may set first-party cookies or use local storage under our domain to identify returning sessions. PostHog does not share your data with any other third parties for advertising or marketing purposes.
No other third-party cookies are set. Specifically:
- No advertising network cookies
- No social media plugin cookies
- No tracking pixels or web beacons
- No cross-site behavioral tracking
5. Managing Cookies and Local Storage
5.1 Browser Settings
You can control and delete cookies through your browser settings. Most browsers allow you to:
- View all cookies stored by a website
- Delete individual cookies or all cookies
- Block cookies from specific sites or all sites
- Set your browser to notify you when a cookie is being set
Here are links to cookie management instructions for common browsers:
- Chrome: Manage cookies in Chrome
- Firefox: Manage cookies in Firefox
- Safari: Manage cookies in Safari
- Edge: Manage cookies in Edge
5.2 Impact of Disabling Cookies
If you disable or block the Supabase authentication cookies (sb-*), you will not be able to sign in to the Service. The Service requires these cookies to authenticate your identity and maintain your session.
If you clear local storage, your authentication state and visual preferences will be reset, but you can sign in again to restore them.
5.3 Cookie Consent Preferences
When you first visit the Service, a cookie consent banner is displayed with two options:
- Accept All: Enables strictly necessary cookies AND analytics (PostHog)
- Essential Only: Enables only strictly necessary cookies; analytics remain disabled
You can change your analytics preference at any time:
- Settings page: Navigate to Settings > Analytics Preferences and toggle analytics on or off
- Reset consent: Clear the
cookie-consentitem from your browser's local storage, or clear all site data. The consent banner will reappear on your next visit.
When you opt out, PostHog immediately stops capturing events and enters cookieless mode.
6. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals. Because our analytics are strictly opt-in and we do not engage in cross-site behavioral advertising, the Service operates the same way regardless of whether a DNT signal is received. If you have not opted in to analytics, no tracking occurs. For more information, see Section 14 of our Privacy Policy.
7. Changes to This Cookie Policy
We may update this Cookie Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this document
- Increment the consent version number, which will cause the informational cookie notice to reappear so you can review the updated policy
- For material changes, notify registered users via email
We encourage you to review this page periodically.
8. Contact Us
If you have questions about this Cookie Policy or our use of cookies and similar technologies, contact us at:
Joshua McLain Mystical Realms Email: privacy@mystical-realms.com Website: https://mystical-realms.com
This Cookie Policy was last reviewed on June 2025.