Cookie Policy
Effective date: November 11, 2025
GemTCG, LLC d/b/a “CollectBuySell” (“CollectBuySell”, “we”, “us”, or “our”) uses cookies and similar technologies to operate and secure our website and services (“Service”). This Cookie Policy explains what these technologies are and how we use them.
Current status: As of the effective date above, we only use strictly necessary cookies required to run the Service (e.g., sign-in/session, security, fraud prevention). We do not use advertising cookies and we do not set analytics cookies unless/until you opt in (if/when analytics is offered in your region).
1) What are cookies?
Cookies are small text files placed on your device by a website. They can be “session” cookies (deleted when you close your browser) or “persistent” cookies (stay until they expire or you delete them). Related technologies include local storage, pixels, and SDKs; we treat them like cookies in this policy.
2) How we use cookies
We currently use cookies only to:
- Authenticate sessions (keep you signed in and route your requests to your account).
- Provide security (e.g., CSRF protection, bot protection, rate-limiting).
- Deliver core features (e.g., remembering minimal UI state that is required for the Service to function).
We do not use cookies for targeted advertising. If we later enable optional analytics (e.g., Google Analytics), we will present a consent banner (where required) and will not set analytics cookies until you opt in.
3) The cookies we set (examples)
Actual cookie names can vary by environment. Typical examples include:
| Category | Example name(s) | Purpose | Duration |
|---|---|---|---|
| Strictly necessary – Session | next-auth.session-token, __Secure-next-auth.session-token | Keeps you signed in and associates requests with your account. | Session / up to ~30 days (varies by config) |
| Strictly necessary – CSRF | next-auth.csrf-token | Protects forms and sign-in flows from cross-site request forgery. | Short-lived |
| Strictly necessary – Edge/security | __cf_bm, cf_clearance (Cloudflare, if enabled) | Bot management and challenge/clearance to keep the site available and secure. | Short-lived / per challenge |
| Strictly necessary – Payments | Stripe checkout/session cookies (only during checkout, if used) | Enables secure payment flows. | Session / short-lived |
Names are illustrative; providers may change names/values over time.
4) Third-party cookies and services
Some essential features rely on third parties that may set their own strictly necessary cookies when those features are used:
- Authentication (e.g., NextAuth/your auth provider)
- Security/CDN (e.g., Cloudflare)
- Payments (e.g., Stripe)
If/when we enable analytics (e.g., Google Analytics), those cookies will be optional and only set with your consent (where required). You can change your choice at any time via the cookie banner or your browser (see below).
5) Your choices
You can control cookies through your browser settings:
- Block/limit cookies, delete existing cookies, or set “Do Not Track.”
- If your browser supports Global Privacy Control (GPC), we treat it as a preference to opt out of non-essential cookies.
Note: Blocking strictly necessary cookies may break sign-in or core features.
6) Region-specific notes
Where required (e.g., EEA/UK), we will present a cookie consent banner and only set non-essential cookies after your opt-in. You may withdraw consent at any time via the banner settings (when available) or your browser.
7) Updates to this policy
We may update this Cookie Policy to reflect changes to cookies, providers, or applicable law. We’ll update the Effective date above and, where required, provide additional notice.
8) Contact us
Questions about cookies? Email contact@gemtcg.com.