Cookie Policy

Last updated: 2026-05-19

This page lists the categories of cookies and similar storage Best Disc uses, why they exist, and how you can manage them. For the broader privacy picture, see our Privacy Policy.

Strictly necessary

These cookies are required for the Service to work. They cannot be switched off and do not require consent under the ePrivacy Directive.

• authjs.session-token / Auth.js session cookie. HttpOnly, Secure, SameSite=Lax. Required to keep you signed in.
• authjs.csrf-token / CSRF protection for sign-in flows.
• bestdisc_consent / Stores your cookie preferences for up to 12 months so we don't re-prompt you on every visit.

Analytics (consent-gated)

PostHog product analytics. Only loads if you accept the "analytics" category. Sets identifiers used for funnel + cohort analysis. Does not share data with advertisers.

We also use Plausible Analytics, which is cookieless and runs by default, no identifier, no fingerprint, no cross-site tracking.

Advertising (consent-gated)

Google AdSense may set advertising cookies after you accept the "marketing" category. These are used by Google to personalize ads. You can also opt out of personalization at adssettings.google.com.

Managing your choices

The consent banner appears on your first visit. You can change your preferences at any time by clearing the bestdisc_consent cookie in your browser settings, the banner will reappear on the next visit. Most browsers also let you block cookies entirely; doing so may break the sign-in flow.

Do Not Track

We honor the Global Privacy Control (GPC) signal: when set, your default consent is essential-only and analytics/marketing cookies are not loaded unless you actively accept them.

Questions

Contact privacy@bestdisc.org.

Note: This document is operational policy for the MVP and is pending review by counsel. It does not constitute legal advice.