Cookie Policy

Last updated: May 2026

The short version

Celestial Command uses one strictly necessary first-party cookie to keep you logged in. All fonts are served locally from our own server — no request is ever made to Google Fonts. We load optional third-party sign-in scripts (Google Sign-In, Apple Sign-In) only after you accept via the cookie banner. No advertising cookies, no analytics, no tracking pixels.

What is a cookie?

A cookie is a small text file stored on your device by your browser. We also use localStorage to remember your cookie consent choice.

Strictly necessary — always active

Name	Provider	Purpose	Expires
`cc_session`	celestialcommand.io	Keeps you logged in during your play session. Stores your user ID and CSRF token. Without this cookie the game cannot function.	Browser session / 31 days of inactivity
`cc_cookie_consent`	celestialcommand.io	Stores your cookie consent choice (`accepted` or `declined`) so the banner does not re-appear on every page. Stored in `localStorage`, not a cookie.	Persistent (localStorage)

Optional — loaded only with your consent

The following third-party sign-in services are loaded only if you click Accept in the cookie banner. If you click Decline, none of these scripts are fetched — you can still sign in with your username and password.

Service	Provider	Purpose	Cookies / data sent	Provider privacy policy
Google Sign-In (GIS)	Google LLC	Allows you to sign in with your Google account instead of a username and password. The Google Identity Services script (`accounts.google.com/gsi/client`) is loaded only when you click Accept and Google Sign-In is enabled by the server operator.	Google may set its own cookies (e.g. `g_state`, `GAPS`) on the `accounts.google.com` domain to manage the sign-in flow. Google's privacy policy governs this data. We receive only the verified Google user ID and email address.	Google Privacy Policy
Sign in with Apple	Apple Inc.	Allows you to sign in with your Apple ID. Apple Sign-In is handled via a server-side OAuth redirect — no Apple JavaScript SDK is loaded in your browser. Your browser is redirected to `appleid.apple.com` and back.	Apple's own authentication pages handle the sign-in. Apple may set session cookies on the `appleid.apple.com` domain during the redirect flow. We receive only the verified Apple user ID and, optionally, your email address.	Apple Privacy Policy

No SSO required. You can always register and sign in with a username and password instead. The Sign in with Google and Sign in with Apple buttons are hidden if you decline the cookie banner.

What we do NOT use

No Google Analytics, Matomo, or any other analytics / tracking service
No Facebook Pixel or other social media tracking pixels
No advertising cookies or retargeting
No fingerprinting or supercookies
No cross-site tracking of any kind
No external font CDNs — all typefaces are self-hosted on our server

Managing your consent

You can change your consent at any time by clearing the cc_cookie_consent key from your browser's localStorage (DevTools → Application → Local Storage). The banner will re-appear on your next page load.

Managing cookies

You can delete or block cookies at any time using your browser settings. Note that deleting the cc_session cookie will log you out of the game.

Legal basis

The cc_session cookie is strictly necessary for the service to function — no consent is required (ePrivacy Directive Art. 5(3) exemption). The optional third-party sign-in services (Google Sign-In, Apple Sign-In) are loaded only on the basis of your explicit consent (GDPR Art. 6(1)(a)).

Contact

Questions about this policy? Contact us via the details in our Imprint.