Legal · Cookies

Cookie notice.

A short page about a short list. Four cookies, all first-party, none for advertising. That is why there is no banner on the marketing site.

Versionv1.0
EffectiveMay 1, 2026
Last updatedMay 4, 2026
StatusActive

Plain-English summary

Four cookies. All functional.

  • Why no banner? Under the EU ePrivacy Directive, banners are required for cookies that are not strictly necessary, e.g. advertising or analytics. We do not set any. Functional cookies (the kind that keep you logged in) do not need consent.
  • On the marketing site: No cookies until you sign up.
  • Once you sign in: Two WordPress auth cookies and a CSRF token, all first-party.
  • On the checkout page only: Stripe sets cookies inside its embedded payment form, scoped to stripe.com (third-party).

This notice covers cookies and similar storage (localStorage, sessionStorage) used by the SpotRivals marketing site, dashboard, and checkout. It applies in addition to the Privacy policy.

The cookies we set#

All of the cookies in this table are first-party (set by SpotRivals on the SpotRivals domain), strictly necessary, and do not require consent under EU/UK law.

NamePurposeLifetime
wordpress_logged_in_*Keeps you logged in after sign-in. Set by WordPress core. Required for the dashboard to work.14 days, or until you log out.
wordpress_sec_*The HTTPS-only companion to the auth cookie. Used to verify the session has not been tampered with.14 days, or until you log out.
wp-settings-*Remembers small preferences (e.g. dashboard layout). Only set after you sign in.1 year.
cw_csrfA short-lived token used to protect form submissions and API calls from cross-site request forgery.Session (until you close the browser tab).

Third-party cookies#

We embed Stripe Elements (the payment form) on the checkout page. Stripe sets cookies on the stripe.com domain, scoped to that domain, when you visit checkout. They are used to detect fraud, remember your card, and let Stripe Link work.

Stripe documents these cookies at stripe.com/cookies-policy/legal. They are only present on the checkout page and only set by Stripe; SpotRivals does not read or write them.

We do not embed any other third-party scripts that set cookies. Specifically, the SpotRivals marketing site contains no Google Analytics, no Google Tag Manager, no Meta Pixel, no LinkedIn Insight Tag, no TikTok pixel, no X conversion tag, and no session-replay tools.

Managing cookies#

You can clear or block cookies from your browser settings. If you block our auth cookies, you will not be able to log in to the dashboard. If you block Stripe cookies, you will not be able to complete checkout.

Changes to this notice#

If we ever add a non-essential cookie (analytics, advertising, A/B testing), we will update this page first, roll out a consent banner before the cookie ships, and email account owners 14 days before it goes live.

Found something we set that is not on this list?

That would be a bug. Tell us at privacy@spotrivals.com and we will fix it.

Email us

The rest of the legal & trust set

All documents →
Trust · AI

AI use policy

One AI vendor, one job. Anthropic Claude reads the diff and writes a strategic-impact line. No training on your inputs. EU AI…

 Trust · Entity

Legal information

Who runs SpotRivals: trade name, legal form, KvK, BTW, registered address. Single source of entity truth. Currently pending KvK registration; placeholders are…

 Most read

Privacy policy

What we collect, what we do with it, and what we will not do with it. Plain-English summary at the top, the…
The brief is the product. The legal is the floor.

Get the Monday brief on your competitors.

14-day free trial, no card. Cancel inside the dashboard with one click.

Start free trial Back to legal & trust