Legal and privacy
Cookie and Local Storage Policy
- Last updated:
- 21 June 2026
- Effective:
- 21 June 2026
- Version:
- 2026-06-21
1. Plain-English summary
We use cookies and similar technologies to keep you signed in, protect forms, route you to the correct league, remember preferences, keep unsent prediction choices from being lost, support offline queues, deliver notifications after opt-in, and diagnose faults.
You can manage browser cookies and site data through your browser settings. Mobile app storage can be cleared through device settings or sign-out flows where available. Clearing local storage does not delete server-side account, prediction, billing, audit, support, or provider records.
2. Cookies
| Name | Purpose | Category | Retention |
|---|---|---|---|
| ss_session | Keeps a signed-in user session active. | Essential | Up to 7 days. |
| ss_last_league | Remembers the most recent league so the main site can return you there. It does not authenticate you. | Essential functionality | up to 30 days |
| csrf_token | Helps protect forms and API requests from cross-site request forgery. | Essential security | Up to 7 days. |
| core_org | Routes users on the shared core host to the correct organisation context. | Essential functionality | 24 hours |
3. Browser storage
| Storage | Purpose | Category | Retention |
|---|---|---|---|
| theme | Stores light or dark theme preference. | Preference | Until changed or site data is cleared. |
| scoresocial:timezone | Stores timezone preference for fixture kick-off display. | Preference | Until changed or site data is cleared. |
| Prediction save keys | Stores unsent prediction card choices so users do not lose picks before submission. | Functionality | Until submitted, expired by app logic, cleared, or site data is removed. |
| entry-skip-submit-confirm | Remembers whether a user skipped the submit confirmation prompt. | Preference | Until changed or site data is cleared. |
| Prediction tab coordination key | Coordinates unsent-entry behavior within a browser tab. | Functionality | Usually cleared when the tab or browser session ends. |
| IndexedDB scoresocial / prediction-queue | Stores queued prediction submissions while offline or sync is pending. | Functionality/offline support | Until synced, cleared, expired, or site data is removed. |
| Service worker and Cache Storage | Supports the PWA shell, offline loading, and cached assets/pages. | Functionality/offline support | Managed by browser cache controls and app cleanup. |
4. Notification storage
| Item | Purpose | Category | Retention |
|---|---|---|---|
| Web push endpoint and keys | Allows browser push services to deliver reminders, results, account messages, and event/pool updates after opt-in. | Optional notification functionality | Until opt-out, browser permission removal, account cleanup, or server cleanup. |
| Expo/mobile push token | Allows Expo, Apple, or Google push systems to deliver mobile notifications after opt-in. | Optional notification functionality | Until logout, token replacement, account cleanup, or app data removal. |
5. Diagnostics and Replay
| Item | Purpose | Category | Retention |
|---|---|---|---|
| Sentry event/session identifiers | Groups errors, performance traces, logs, and diagnostics so faults can be investigated. | Diagnostics/security | According to the active Sentry project settings. |
| Sentry Session Replay | Not loaded by default. It may be introduced only after a separate diagnostics consent or deliberate support capture flow exists. | Optional diagnostics | No replay data is collected while the integration is disabled. |
6. Mobile app storage
| Storage | Purpose | Category | Retention |
|---|---|---|---|
| SecureStore ss_tokens | Stores mobile access/refresh tokens, base URL, organisation slug/config, and session context. | Essential | Until logout, account deletion, token replacement, or app data removal. |
| SecureStore prediction save keys and queue keys | Stores mobile unsent prediction choices and offline submission queue data. | Functionality/offline support | Until submitted, cleared, expired by app logic, logout cleanup, or app data removal. |
| SecureStore cached branding and pending pool keys | Stores organisation branding and pool onboarding state. | Functionality | Until refreshed, cleared, logout cleanup, or app data removal. |
| AsyncStorage theme and push keys | Stores mobile theme preference and last push-token registration state. | Preference/notification functionality | Until changed, token replacement, logout, or app data removal. |
7. Managing choices
Essential cookies and storage are needed for login, security, tenant routing, and core prediction flows. Optional push notifications are controlled by browser/app permission prompts and account notification settings where available.
For account deletion, see Data Deletion and Account Closure. For privacy rights requests, see Data Export and Subject Access Requests.