YGGDRASIL CARDS

Cookie Policy

Effective date: TBD

Draft pending legal review. This document is a working draft and has not yet been reviewed by counsel; it will be finalized before launch.

What cookies are

Cookies are small files stored on your device that help websites function, remember preferences, and understand usage. Similar technologies (local storage, pixels) work the same way. This policy explains the cookies used on yggdrasilcards.com (the "Site").

Categories of cookies we use

Strictly necessary (always on). Required to operate the Site (security, load balancing, remembering your cookie choices). These do not require consent.

Analytics [if applicable]. Help us understand how visitors use the Site so we can improve it. [Name the tool and whether it's cookieless. If you pick a privacy-preserving, cookieless analytics tool such as Plausible or Cloudflare Web Analytics, you may have NO analytics cookies to disclose, which is the cleanest path. If you use Google Analytics, it sets cookies and requires consent in many regions, disclose it here.]

Embedded media (Twitch, YouTube). When our live-stream players and status widgets load, Twitch and YouTube/Google may set their own cookies and collect data about you under their policies. These are third-party cookies we do not control. [Consider loading these players only after consent, or behind a "click to load" placeholder, to minimize cookies set before the user chooses, this is a common, privacy-friendly pattern and reduces your consent burden.]

Cookie table

Name / SourceTypePurposeDuration
[your consent cookie]NecessaryStores your cookie preferences[e.g. 6 months]
[analytics cookie or "none, cookieless"]AnalyticsAggregate usage stats[duration]
Twitch (various)Third-partyEmbedded player functionality and analyticsSet by Twitch
YouTube/Google (various)Third-partyEmbedded player functionality and analyticsSet by Google

[Fill this table with the actual cookies your final build sets. Keep it accurate; an inaccurate cookie table is worse than none.]

Your choices

  • Consent banner: When you first visit, we [request your consent before setting non-essential cookies / let you accept or reject non-essential cookies]. You can change your choice anytime via [the "Cookie settings" link in the footer].
  • Browser controls: You can block or delete cookies in your browser settings. Blocking strictly necessary cookies may break parts of the Site.
  • Embedded media: [If you use click-to-load, explain that embedded players, and their cookies, load only when you choose to play them.]

Changes

We may update this policy; the effective date above reflects the latest version.

Contact

Yggdrasil Cards LLC, info@yggdrasilcards.com

Implementation guidance (for Claude Code, not part of the published policy)

Recommended approach to minimize legal burden and cost:

  1. Pick cookieless analytics (Plausible, Fathom, or Cloudflare Web Analytics) instead of Google Analytics. No analytics cookies means a far simpler consent story and a cleaner privacy posture. This is the single biggest simplifier.
  2. Click-to-load embeds. Render Twitch/YouTube players as a branded placeholder (thumbnail + play button) and only load the real iframe when the user clicks. Until then, no third-party cookies are set. This is the privacy-friendly default and reduces what you must ask consent for.
  3. Consent banner: implement a lightweight banner that:
    • Sets only strictly-necessary cookies before a choice is made.
    • Offers clear "Accept" and "Reject non-essential" options (equal prominence; "reject" should be as easy as "accept", several laws require this).
    • Stores the choice in a first-party consent cookie and re-exposes it via a footer "Cookie settings" link.
    • Gates analytics and full embed loading on consent where required.
    • Use a reputable open-source/managed CMP (e.g. Klaro, CookieYes, Osano) rather than rolling your own, so the consent logic is maintained for you. Many have free tiers.
  4. "Minimum vs recommended cookies": present two clear options in the banner, "Necessary only" (minimum) and "Accept all" (recommended), matching the language you wanted. Necessary- only must fully work.
  5. Keep the cookie table in this policy in sync with whatever the final build actually sets; automate a cookie audit during QA.

The cheapest, lowest-risk configuration is: cookieless analytics + click-to-load embeds + a simple consent banner. That combination may mean you set almost no non-essential cookies at all, which is the easiest possible compliance position.