Cookie Policy
Rust Snowball uses only the cookies it must to authenticate you, secure the Platform, and remember your preferences. No third-party advertising cookies, no cross-context behavioral tracking. The inventory below explains what is set and why.
This Cookie Policy explains what cookies and similar storage technologies we use, why we use them, and how you can manage them. It supplements our Privacy Policy and forms part of our Terms of Service.
1. What is a cookie?
A "cookie" is a small text file stored by your browser when you visit a website. "Similar technologies" include localStorage, sessionStorage, IndexedDB, the browser cache, and request signals such as user-agent, locale, and accept-language that we read from the request rather than store on your device. We treat all of the above as cookies for the purpose of this Policy.
2. Categories of cookies we use
Strictly necessary. Cookies and storage items we cannot operate the Platform without — authentication, CSRF protection, rate limiting, anti-abuse, security, basic UI state. No opt-out is possible; disabling these cookies will break the Platform.
Functional / preference. Cookies that remember your settings — language, theme, sound, accepted modals. Optional; disabling them resets the preference but does not break the Platform.
Analytics & performance. We use only first-party, aggregated analytics. We do not currently set third-party advertising cookies, behavioral-advertising pixels, or cross-context tracking. If we ever introduce optional analytics that require consent in your jurisdiction, we will obtain your consent first via a cookie banner.
3. Cookie inventory
The cookies actively set by the Platform are:
- __Host-rt_session (or
rt_sessionin non-prod) — Strictly necessary. Holds your authenticated session JWT. HttpOnly, Secure, SameSite=Lax. Duration: up to 60 days (rotated each visit). - rt_state — Strictly necessary. Signed CSRF / return-URL state during Steam OpenID login. HttpOnly, Secure, SameSite=Lax. Duration: 5 minutes.
- __Secure-rt_staff_session — Strictly necessary. Staff-only admin session cookie (path-scoped to /admin). HttpOnly, Secure, SameSite=Strict. Duration: short- lived per staff policy. Not set on player browsers.
- cf_clearance / __cf_bm — Strictly necessary. Set by Cloudflare for bot mitigation, DDoS protection and Turnstile challenges. HttpOnly, Secure, SameSite=None. Duration: per Cloudflare default. See Cloudflare's cookie policy for detail.
- rt_prefs / rt_* — Functional. Stores non-sensitive preferences such as muted sounds, accepted modals, locale. localStorage by default.
- NEXT_LOCALE — Functional. Persists the chosen interface language. Duration: 1 year.
We may add or remove cookies as the Platform evolves. This inventory is updated at least every six months and on any material change.
4. Browser and device controls
You can refuse, accept, or delete cookies via your browser settings. The exact path varies by browser; the major vendors publish instructions at the following pages:
You can also send a Global Privacy Control (GPC) signal; we will honor it where applicable law requires.
5. Do Not Track
We do not currently respond to Do Not Track (DNT) browser signals, which are not standardized. We honor GPC where the law requires.
6. Consequences of disabling strictly necessary cookies
You cannot log in, place wagers, or initiate deposits or withdrawals without strictly necessary cookies. If you disable them, the Platform will not function and you will not be able to complete the contract you formed under our Terms of Service.
7. Changes to this Policy
We may update this Cookie Policy from time to time. Updates take effect when posted on the Platform.
8. Contact
Questions about cookies: [email protected].