Keyboard shortcuts

CryptolutCryptolut
BTC79,315-1.39%ETH2,254.86-0.85%SOL90.85-3.92%BNB669.27+2.22%XRP1.43-0.39%ADA0.2644-2.19%DOGE0.1125+3.62%AVAX9.75-0.42%LINK10.18-0.61%DOT1.34+1.07%BTC79,315-1.39%ETH2,254.86-0.85%SOL90.85-3.92%BNB669.27+2.22%XRP1.43-0.39%ADA0.2644-2.19%DOGE0.1125+3.62%AVAX9.75-0.42%LINK10.18-0.61%DOT1.34+1.07%
Legal

Cookie Policy

Last updated: 2026-04-28

What cookies are

A cookie is a small text file that a website asks your browser to store on your device. When you come back — either on the same visit or weeks later — your browser sends the cookie back with each request, so the site can recognise the session, remember a preference, or count a unique visit. Cookies are not executable code, cannot read files on your device, and cannot identify you beyond the data the site already has about you.

The page you are reading lists every cookie Cryptolut sets on cryptolut.com, the category each one belongs to, the lifetime, and the flags that govern how the browser treats it. It also distinguishes cookies from a related-but-different mechanism called local storage, which we use for a couple of preferences that never need to leave your device.

Categories we use

Following the standard categorisation expected under the EU ePrivacy Directive (often called the Cookie Law), the UK’s PECR rules, and the CCPA, we classify cookies into four buckets:

  • Strictly necessary. Required for the site to function or to record your consent. Cannot be disabled in the consent banner because turning them off would prevent the site from working as you reasonably expect.
  • Preference. Remember choices you have made — for example, your selected theme — so we do not have to ask again on every page. Optional.
  • Analytics. Help us understand which articles travel and how the site performs in aggregate. We use a privacy-preserving, server-side approach with rotated anonymous identifiers; no cross-site tracking. Optional.
  • Marketing. Used to deliver advertising or measure ad performance. We do not run marketing cookies on Cryptolut today. The category is listed for completeness and so the consent banner can be honest about what is and is not present.

Cookies we set

The table below lists every cookie set directly by Cryptolut, with its name, purpose, category, lifetime, and security flags. Names are prefixed with cw_so they are easy to spot in your browser’s developer tools.

NamePurposeCategoryDurationFlags
cw_sessionAuthenticates logged-in editorial staff so the admin area can be used.Strictly necessary7 daysHttpOnly, Secure, SameSite=Lax
cw_consentRecords the choices you made in the cookie consent banner so we do not ask again on every page.Strictly necessary12 monthsSecure, SameSite=Lax
cw_themeRemembers whether you prefer the light or dark interface so we can paint the right one immediately.Preference1 yearSecure, SameSite=Lax
cw_anonServer-side, rotated daily anonymous identifier used by our cookieless aggregate analytics. No personal data.Analytics24 hoursHttpOnly, Secure, SameSite=Lax

Where you see HttpOnly in the flags column, the cookie cannot be read by JavaScript on the page; only the server can see it. Secure means the cookie is only ever sent over HTTPS. SameSite=Lax means the cookie is not sent on cross-site requests other than top-level navigation, which mitigates a class of cross-site request-forgery attacks.

Third-party cookies

We do not run advertising networks or social-media tracking widgets on Cryptolut. The only third parties whose cookies may briefly appear are:

  • Cloudflare. Our edge and DDoS-protection layer may set a strictly-necessary cookie (typically __cf_bm or cf_clearance) to distinguish humans from automated bots. The cookie is set by Cloudflare on Cloudflare’s terms; it carries no advertising identifier and is short-lived.
  • Embedded media. Some articles include embeds — an X post, a YouTube video, an Instagram clip — that are loaded only after you click. When you click, the third party will set its own cookies under its own privacy policy. We try to use privacy-respecting embed variants where they exist (for example youtube-nocookie.com).

Cookies vs. local storage

Cookies are tied to a domain, sent on every request to that domain, and constrained by their flags. Local storage is a separate browser feature that lets a site keep small key-value pairs on your device that are never automatically attached to network requests. We use local storage where the data only needs to live on your device and never needs to reach our servers.

  • cw_theme — a mirror of your theme preference, also stored in the cw_theme cookie, so the right colour scheme paints before the page hydrates.
  • cw_saved — the list of article slugs you have bookmarked with the “save” button. Stays on your device. We do not have a copy.
  • cw_recent — the last few articles you opened, used to power “Continue reading” on the homepage. Stays on your device.

Clearing site data in your browser removes both cookies and local-storage entries. Your saved articles list will not survive the clear, because we do not hold a copy.

How to manage your cookies

The most direct way is to use the consent banner that appears on your first visit. If you have dismissed it, the Manage your cookie preferencesbutton at the top of this page reopens it so you can change your choices. The same control is available from the footer of every page under “Manage cookies”.

You can also manage cookies at the browser level. Every modern browser has a settings area that lets you view, block, or delete cookies for a given site:

  • Chrome: Settings → Privacy and security → Cookies and other site data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Safari: Preferences → Privacy → Manage Website Data.
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.

Blocking the strictly-necessary cookies listed above will stop you logging in as an editor and will stop us remembering your consent choice, which means the banner will reappear on every visit. Blocking preference cookies will reset your theme on each visit. Blocking analytics cookies has no user-visible effect at all.

Do Not Track and Global Privacy Control

We honour the Global Privacy Control (GPC) signal as a binding opt-out of non-essential cookies and of any sale or sharing of personal information under the CCPA, even though we do not currently sell or share. We also treat the older Do Not Track (DNT) header as a request not to be subject to cross-site tracking; because we do not run cross-site trackers, the practical effect of DNT on Cryptolut is the same as our default behaviour.

Changes to this policy

If we add or remove cookies we will update the table above and refresh the “Last updated” date. Material changes — for example adopting a new analytics provider, or starting to set advertising cookies — will trigger the consent banner to reappear so you can make a fresh choice. We will not silently expand what we collect.

Contact

Questions about cookies? Write to privacy@cryptolut.com. For the broader explanation of how we handle personal data see the Privacy Policy.