Cookie Policy

Last updated: July 13, 2026

CardRevive Grading (grading.cardrevive.com.au) uses cookies and similar technologies. This policy explains what cookies we use and why.

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the website remember your preferences and understand how you use the site.

2. Cookies We Use

Essential Cookies (Required):

These cookies are necessary for the Service, account security, or a payment you request. They do not measure advertising performance.

  • next-auth.session-token: Keeps you logged into your account. Expires when you log out or after 30 days of inactivity. Set by our server.
  • next-auth.csrf-token: Prevents cross-site request forgery attacks. Session cookie. Set by our server.
  • next-auth.callback-url: Manages authentication redirects. Session cookie. Set by our server.
  • __stripe_mid / __stripe_sid: Required for Stripe payment processing to function securely. Set by Stripe.

Analytics Cookies (Optional):

These cookies and tags stay off until you select “Accept optional tracking”.

  • _ga / _ga_[ID]: Google Analytics 4 browser identifiers for page, interaction and conversion measurement. They can last up to 2 years. Google Analytics user-level and event-level data is configured for 14-month retention.
  • _gcl_*: Google Ads conversion and campaign attribution cookies. These are set only after opt-in and can last up to 90 days.
  • _fbp / _fbc: Meta Pixel browser and click identifiers used for advertising measurement. Meta documents a 90-day lifespan for _fbp.
  • cr_attribution_v1: With opt-in, this stores allowlisted acquisition source, campaign and landing-path fields for 30 days. Without opt-in, a visitor-requested referral link may store only its opaque referral code, landing path and dates so the referral can be fulfilled; no advertising campaign or external referrer fields are retained.

Functional preferences and local browser storage:

  • cr_home_variant: A random control/fee-filter homepage experiment bucket. It contains no account or device identifier, is HttpOnly, expires after 90 days, and prevents the page copy changing after load.
  • cardrevive-privacy-consent-v1: Records only your optional-tracking choice and its date so the site can honour it. It remains until you change the choice or clear browser storage.
  • cardrevive-analytics-id-v1 (optional): A random first-party identifier used to deduplicate allowlisted funnel events. It is created only after opt-in, rotates after 14 months, and is not an email, user ID, card name, report text, or image path.
  • cardrevive-private-workflow IndexedDB: An anonymous pre-signup card image/crop may remain only on your device for up to two hours so the workflow survives authentication. It is deleted after grading, reset, or expiry.
  • cardrevive-contextual-offers-v1: Impression counts and dismiss-until dates used to cap repeated report offers. It stores no card image, report text, email or account ID.

Browser error monitoring and replay (Optional):

  • Sentry browser error, performance and session-replay telemetry loads only after opt-in. Replay masks text and media by default, blocks the complete centering-checker tool subtree, and is configured for no more than 30 days of retention.

3. Third-Party Cookies

Google Analytics and Google Ads:After opt-in, Google receives browser, device, page, campaign, interaction and server-verified conversion information for analytics and advertising measurement. Google's privacy policy: https://policies.google.com/privacy.

Meta:After opt-in, Meta Pixel receives browser, device, page and conversion-event information for advertising measurement. Meta's privacy policy: https://www.facebook.com/privacy/policy/.

Stripe: Sets cookies required for secure payment processing. Stripe's privacy policy: https://stripe.com/privacy.

Sentry:After opt-in, Sentry receives browser error, performance and masked session-replay telemetry. Sentry's privacy policy: https://sentry.io/privacy.

4. Managing Cookies

Use the “Privacy choices” control fixed at the lower-left of every page to accept, reject, or withdraw optional tracking at any time. Withdrawal immediately stops new optional events and removes the first-party analytics ID, optional attribution fields, Sentry Replay browser-session storage, and accessible Google/Meta cookies from this site. A referral code you actively followed remains only to fulfil that referral. Withdrawal does not affect sign-in, security, payments, or the private on-device grading workflow.

You can control cookies through your browser settings. Most browsers allow you to:

  • See what cookies are stored and delete them individually
  • Block third-party cookies
  • Block all cookies
  • Clear all cookies when you close your browser

Note: Blocking essential cookies will prevent you from logging in and using the Service.

5. Contact

If you have questions about our use of cookies, contact us at info@cardrevive.com.au.

Your privacy choices

Essential sign-in, security, payments and on-device grading always work.

Optional first-party analytics, Google Analytics and Ads, Meta Pixel, plus Sentry error and session replay stay off unless you accept.

Read the Cookie Policy and Privacy Policy.