Cookie Policy
Last updated: 20 May 2026
This Cookie Policy explains how Evolve Simulations Pty Ltd (“Evolve Simulations”, “we”, “us”) uses cookies and similar browser-storage technologies on evolve-rpg.comand related subdomains (the “Service”).
We keep our use of cookies minimal. We do not use cookies for advertising, cross-site tracking, or behavioural profiling, and we do not load third-party analytics SDKs such as Google Analytics, Meta Pixel, or similar.
This policy should be read together with our Privacy Policy and Terms of Service.
1. Overview
Evolve RPG is an authenticated web application. To sign you in, keep you signed in across pages, and remember small interaction preferences, we (and our authentication provider, Supabase) need to store a small amount of data in your browser. Some of that data is stored as HTTP cookies; some is stored in localStorage or sessionStorage. For brevity we refer to all of these as “cookies” in this policy unless context requires otherwise.
3. Categories of cookies we use
We group the cookies and similar storage we set into two categories: strictly necessary and functional. We do not use marketing, advertising, or behavioural-tracking cookies.
4. Strictly necessary cookies
These cookies are required for the Service to function. Without them you cannot sign in, your session would not persist, and certain security protections would not work. Under the Australian Privacy Act and the EU ePrivacy Directive these do not require prior consent.
- Supabase auth session — cookies and localStorage entries named
sb-fgntloyeexrctuzlqcyq-auth-token(and relatedsb-*entries) that hold your signed session token. Set first-party by Supabase Auth on sign-in. Lifetime: until you sign out or the refresh token expires. - OAuth state & PKCE verifiers — short-lived cookies used during the Google sign-in flow to prevent CSRF and authorisation-code interception. Lifetime: a few minutes, until the sign-in completes.
- Framework cookies — Next.js and Vercel platform cookies (for example, prefetch routing, edge cache hints). Lifetime: session or short-lived.
- Cookie / consent preference— if and when we record your acknowledgement of this policy, a small first-party cookie stores that choice so we don’t re-prompt you. Lifetime: up to 12 months.
5. Functional cookies
These cookies remember small interaction choices that improve the experience. They are not required to use the Service.
- Referral attribution (
evolve_ref) — set when you visit an invite link such asevolve-rpg.com/i/<code>. Stores the referral code so it can be credited to the inviting player when you create an account. First-party. Lifetime: up to 30 days, or cleared on successful sign-up. - UI preferences — small
localStorageentries that remember your last selected game system, table view, or collapsed-panel state. First-party. Lifetime: until cleared from your browser.
6. No advertising or third-party analytics
We do not run advertising on the Service and we do not embed third-party advertising or behavioural-tracking SDKs. Specifically, we do not load:
- Google Analytics, Google Tag Manager, or Google Ads tags
- Meta (Facebook) Pixel, TikTok Pixel, or similar conversion pixels
- Cross-site advertising or retargeting networks
- Session-replay or full-page recording tools
If this changes in the future, we will update this policy and — where required by law — request your consent before any non-essential tracking cookie is set.
7. Third-party cookies set by sub-processors
A small number of cookies may be set by third parties that we use to deliver core features. These are listed as sub-processors in our Privacy Policy.
- Stripe — when you open a checkout or payment flow, Stripe sets its own cookies on its checkout domain for fraud prevention and to keep your payment session live. These cookies are governed by Stripe’s cookie policy.
- Google— if you choose “Sign in with Google”, Google sets cookies on its own domains as part of the OAuth flow, governed by Google’s cookie policy.
We do not control cookies set by these third parties on their own domains. The lists above describe cookies that may be set as a direct consequence of using a feature you initiate (checkout, OAuth sign-in).
8. How to manage and disable cookies
You can control cookies through your browser settings. Most browsers let you:
- View what cookies are stored and delete them individually
- Block all cookies, or block third-party cookies only
- Clear cookies, localStorage, and site data when you close the browser
Helpful links: Chrome, Firefox, Safari, Edge.
Heads-up: if you block the strictly necessary cookies listed above, you will not be able to sign in or maintain a session on Evolve RPG. The Service relies on these cookies to function.
9. Do Not Track and Global Privacy Control
Modern browsers can send a “Do Not Track” (DNT) header or a Global Privacy Control (GPC) signal. Because we do not run advertising, behavioural tracking, or cross-site analytics, there is no tracking for us to disable in response to these signals. We honour their intent by default for all visitors.
10. Changes to this policy
We may update this Cookie Policy from time to time. Material changes (for example, adding a new category of cookie) will be flagged at the top of this page and, where required, communicated to signed-in users by email. The “Last updated” date above always reflects the current version.
11. Contact
Questions about this Cookie Policy: gamemaster@evolve-rpg.com — Evolve Simulations Pty Ltd, Sydney, NSW, Australia.