Cookie Policy

Cookie Policy

Last updated: 25 April 2026 Version: 1.0

1. What cookies are

Cookies are small text files that visited websites send to the user's browser, where they are stored to be retransmitted to the same sites on the next visit. Similar technologies (local storage, session storage, pixel tracking, fingerprinting) are treated in the same way for the purposes of this policy.

Board of Legends uses cookies to provide a functional and secure service and, only with your consent, for analytics and platform improvement.

2. Data Controller

GiBSeS OÜ Registered office: Tallinn, Estonia Email: privacy@boardoflegends.com

3. Categories of Cookies Used

3.1 Strictly necessary technical cookies (always active)

These cookies are essential for the operation of the Service and do not require consent pursuant to art. 122 of the Italian Privacy Code and the ePrivacy Directive.

Local storage used for:

• UI preferences (sidebar state, client-side onboarding completed)
• Temporary cache of application data
• PWA features (service worker, manifest)

Disabling these cookies would prevent use of the Service.

3.2 Third-party cookies for payments (strictly necessary)

These cookies are set by Stripe only during the payment flow. They fall within the category of strictly necessary cookies for contract performance and do not require separate consent.

Details: Stripe Cookie Policy

3.3 Anonymised analytical cookies (optional consent)

We currently do not use third-party analytics services.

Should we activate analytical tools in the future (e.g. self-hosted Plausible Analytics, Matomo, or other privacy-friendly solutions), we will update this policy and request consent via a cookie banner.

Future planned settings:

• Privacy-friendly tools without cross-site tracking
• IP anonymisation (truncation of the last octet)
• No behavioural tracking outside the platform
• Explicit opt-in required

3.4 Marketing and profiling cookies

Board of Legends does NOT use marketing, remarketing, advertising or third-party profiling cookies (e.g. Google Ads, Facebook Pixel, LinkedIn Insight Tag).

We do not retarget our users.

3.5 Cookies from the web portal (boardoflegends.com)

The public portal may in the future use aggregate analytical cookies to measure traffic and conversions. These will be activated only upon consent via a compliant cookie banner.

4. Consent Management

4.1 Cookie banner

On your first visit to the website (boardoflegends.com) you will see a cookie banner that allows you to:

• Accept all cookies (technical + analytical if present)
• Reject non-necessary cookies (technical only active)
• Customise preferences by category

Consent is:

• Free: you may choose without being penalised
• Specific: by category of cookie
• Informed: with a link to this policy
• Unambiguous: requires an affirmative action (no pre-ticked boxes)
• Revocable: you may change your choices at any time

4.2 Modifying or revoking consent

To modify or revoke consent:

• Via the website: click on "Manage cookies" in the website footer
• Via account settings: Settings → Privacy → Cookie preferences
• Via the browser: delete existing cookies (the banner will reappear on the next visit)

4.3 Browser settings

You may configure your browser to:

• Block all cookies
• Automatically delete cookies at the end of a session
• Receive a notification before accepting cookies
• Accept only first-party cookies

Links to guides for the main browsers:

• Chrome
• Firefox
• Safari
• Edge
• Opera

Note: blocking strictly necessary technical cookies will prevent the Service from functioning (login, session management, checkout).

5. Extra-EU Data Transfer

Some third-party cookies (Stripe) may involve data transfers to the United States.

Applied safeguards:

• Standard Contractual Clauses (SCC)
• EU-US Data Privacy Framework (for certified providers)
• Encryption in transit (TLS 1.3)

Details in the Privacy Policy section 12.

6. Do Not Track

The Controller respects the "Do Not Track" (DNT) signal sent by the browser for analytical and marketing cookies. When DNT is active, no analytical cookies will be set, even if you had previously given consent.

Strictly necessary technical cookies remain active even with DNT, as they are essential for the Service to function.

7. Retention

Cookies have variable durations as indicated in the table in §3. Maximum durations:

• Session cookies: until the browser is closed
• Persistent cookies: maximum 12 months (unless extended with renewed consent)

You may manually delete cookies from your browser settings at any time.

8. Minors

Cookies are not used to collect data from minors under 16 years of age. The Service is directed at adults (18+) or at minors with parental authorisation.

9. Changes to the Cookie Policy

The Controller will update this policy in the event of:

• Activation of new analytics or functional tools
• Changes to third-party providers
• Regulatory updates (EDPB, Garante Privacy, AKI)

Changes will be communicated with:

• An update of the date at the top of the document
• Reactivation of the cookie banner (for updated consent)
• Email to registered users for substantial changes

10. Complaints

If you believe that the processing of your data via cookies infringes the applicable regulations, you may:

1. Contact the Controller: privacy@boardoflegends.com
2. Lodge a complaint with the supervisory authority:
   • Estonia: Andmekaitse Inspektsioon (AKI), www.aki.ee
   • Italy: Garante Privacy, www.gpdp.it
   • Other EU countries: the authority in your country of residence

11. Contact

For questions about cookies:

Email: privacy@boardoflegends.com Address: GiBSeS OÜ, [INSERIRE INDIRIZZO COMPLETO TALLINN]

This Cookie Policy is drafted in Italian. The Italian version prevails in the event of discrepancies with other languages.

Appendix: Summary table of consent required