Cookie Policy
Billiard CRM — Cookie Policy Operator: Golden West Games, Tacoma, WA Effective Date: [DATE] Last Updated: [DATE]
1. What Are Cookies?
Cookies are small text files that a website or web application stores on your device (computer, tablet, or smartphone) when you visit or use it. They allow the application to remember information about your visit — such as whether you are logged in — so you don't have to re-enter it each time.
Not all browser storage is technically a cookie. Billiard CRM also uses browser local storage and session storage, which work similarly to cookies but are stored differently in your browser. This policy covers all of these technologies collectively unless otherwise noted.
We use these technologies only to make Billiard CRM function correctly and to monitor application errors. We do not use cookies for advertising, marketing, or behavioral profiling.
2. Cookies We Set
The table below lists the HTTP cookies set by Billiard CRM and its infrastructure providers. "Session" duration means the cookie is deleted when you close your browser. All listed cookies are set only for authenticated users unless noted.
| Cookie Name | Type | Purpose | Duration | Set By |
|---|---|---|---|---|
next-auth.session-token | Strictly Necessary | Maintains your authenticated session. Without this cookie you cannot log in. | Session | NextAuth.js |
next-auth.csrf-token | Strictly Necessary | Prevents cross-site request forgery attacks. Validated on every state-changing request. | Session | NextAuth.js |
next-auth.callback-url | Strictly Necessary | Stores the URL to redirect you to after sign-in completes. | Session | NextAuth.js |
__Secure-next-auth.session-token | Strictly Necessary | HTTPS-only variant of the session token (set in production). Same purpose as above; both may appear depending on environment. | Session | NextAuth.js |
__Secure-next-auth.csrf-token | Strictly Necessary | HTTPS-only variant of the CSRF token (set in production). | Session | NextAuth.js |
__Secure-next-auth.callback-url | Strictly Necessary | HTTPS-only variant of the callback URL (set in production). | Session | NextAuth.js |
__vercel_live_token | Strictly Necessary | Used by Vercel to authenticate access to deployment preview environments. Not set in production. | 30 days | Vercel |
sentry-sc | Functional — Optional | Set by Sentry's session replay SDK to manage replay session continuity across page navigations. | Session | Sentry |
3. Browser Local Storage We Use
In addition to cookies, Billiard CRM stores data in your browser's local storage (a persistent, per-origin key-value store). Unlike cookies, local storage data is not sent to our servers automatically — it stays on your device and is read by JavaScript running in your browser.
The following keys are set in local storage:
| Key | Purpose | Set By |
|---|---|---|
billiard-crm-theme | Stores your light/dark/system theme preference. | Theme provider |
dashboardHiddenCards | Stores your dashboard layout customization (which summary cards you have hidden). | Dashboard customizer |
dashboardTheme | Stores your selected dashboard color theme variant. | Dashboard customizer |
notificationSound | Stores your preference for whether notification sounds are enabled. | Notification provider |
notificationsEnabled | Stores your preference for whether in-app notifications are enabled. | Notification provider |
tabBlinkEnabled | Stores your preference for whether the browser tab blinks on new notifications. | Notification provider |
lastOnlineTime | Records the last time your browser had a live connection, shown on the offline status page. | Offline page |
These keys contain no personal information and are used solely to remember your UI preferences between sessions. They are stored on your device only and are not transmitted to our servers.
Sentry's session replay SDK may also write data to local storage (e.g., breadcrumb and replay session data). This data is used to construct error reports sent to Sentry when a replay session is captured.
4. Third-Party Cookies
Billiard CRM does not use any third-party analytics, advertising, or tracking cookies. Specifically, we do not use:
- Google Analytics or Google Tag Manager
- Meta Pixel (Facebook)
- LinkedIn Insight Tag
- Hotjar, FullStory, LogRocket, or similar session recording services loaded via third-party scripts
- Mixpanel, Amplitude, Segment, or similar product analytics tools
- Any advertising network pixels or retargeting tags
The only third-party cookie functionality we use is Sentry's session replay feature for internal error monitoring (described in Section 2 above). Sentry is used strictly as an error-monitoring and debugging tool; data collected by Sentry is not shared with advertising networks or used for marketing purposes.
5. Sentry Session Replay
We use Sentry's session replay feature to help diagnose bugs. When a replay session is captured, Sentry records a reconstruction of your screen interactions (scrolls, clicks, and form inputs) for the duration of the capture window, subject to the following configuration:
- Normal sessions: 1% of authenticated sessions are recorded at random.
- Error sessions: 100% of sessions during which a JavaScript error occurs are recorded.
Sentry is configured to mask input fields and sensitive content. Captured replays are visible only to Golden West Games staff and are retained for 30 days before automatic deletion, consistent with Sentry's standard retention policy.
If you prefer not to be included in session replay capture, you may contact us at steve@goldenwestgames.com and we will take reasonable steps to exclude your account from replay sampling.
6. Your Choices
Browser cookie settings. You can configure your browser to block or delete cookies at any time. Instructions vary by browser:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Safari: Preferences → Privacy
- Firefox: Settings → Privacy & Security → Cookies and Site Data
Important: Blocking or deleting strictly necessary cookies (the next-auth.* cookies listed in Section 2) will prevent you from logging in. The application cannot function without them.
Local storage. You can clear local storage through your browser's developer tools (Application → Local Storage in Chrome/Edge DevTools) or by clearing your browser's site data. Clearing local storage will reset your UI preferences (theme, dashboard layout, notification settings) to their defaults.
Cookie consent banner. We currently serve Billiard CRM only to business customers who have agreed to our Terms of Service. We do not currently display a cookie consent banner. If we expand the service to contexts requiring a consent mechanism (e.g., EU/EEA customers subject to ePrivacy requirements), we will implement an appropriate banner and update this policy.
7. Updates to This Policy
We may update this Cookie Policy as we add, remove, or change the cookies and storage technologies we use. We will post the updated policy at [URL to Cookie Policy page] and update the "Last Updated" date at the top. For material changes, we will notify you by email.
8. Contact
If you have questions about our use of cookies or this policy, please contact:
Golden West Games Tacoma, WA Email: steve@goldenwestgames.com