Cookies, consent & the compact · working draft

Cookies & Consent

A policy that obeys its own game. The table runs on a rule — no lying — and a policy is just the table extended to you. So this one tells the truth: what we store, where it lives, and what you're consenting to. Consent to the science is consent to the truth.

The honest summary: free play sets no tracking cookies and keeps everything in your own browser — your game data never reaches a server. The only cookie we ever set is a strictly-necessary session cookie, and only if you choose to sign in for online play. No advertising, no third-party analytics, no fingerprinting, no cross-site anything.
One thing that does reach us, because the no-lie rule means disclosing it: if the site hits a bug, it sends a tiny first-party crash report — the error message, the file and line, and the page path — to our own log, capped at three per visit. No identity, no cookies, no game content (a thrown error could in rare cases echo text you typed; it's truncated and goes only to us, never a third party). It exists so a tester's broken moment doesn't vanish silently. That's the whole beacon.
Not legal advice. A working draft to be finalized with privacy counsel in each operating jurisdiction before any data is collected for keeps. Written to align with GDPR/ePrivacy and CCPA/CPRA; alignment is a counsel determination, not a certification. Read alongside the Privacy notice.

The compact — the No-Lie rule, both ways

In the game, the machine may paint and it may bluff a guess, but it can never pretend to have scored — only humans score, and the Constitution forbids lying about it. That rule doesn't stop at the table. We hold ourselves to it here: no dark patterns, no pre-ticked boxes, no "we value your privacy" banner that does the opposite, no consent harvested by exhaustion. If a thing is stored, this page names it. If we don't need it, we don't take it. The no-lie rule is the product — so it has to spread to the paperwork, or the paperwork is the lie.

What is set, and where it lives

Cookies (server-side, sent with requests): exactly one, and only on a deliberate action. When you sign in to online play, a single strictly-necessary session cookie is set — HttpOnly, same-site, used only to keep you signed in to your game. It carries no advertising identifier and is not read by anyone but the game server. Sign out and it's gone. Never signing in means this cookie never exists.

On-device storage (local, never transmitted): the free game keeps its state in your browser's local storage. This is not a tracking cookie — it is never sent to a server, never shared, and you can clear it anytime (your browser's site-data control, or the in-game controls). It covers only functional things:

  • Your free-play counter — a local tally of games played, kept only on this device. Play is free with no cap — nothing is rationed or gated; the counter is just for your own stats and clears when you clear site data.
  • The Vault — collections and scores you chose to save, on this browser only.
  • Your age range — a coarse band (under-13 / 13–17 / 18+), never your date of birth.
  • Preferences — theme, soundtrack, relaxed mode, tutorial progress.
  • Entitlement proof — if you hold a Pass, a token that unlocks features on this device.
  • Bits of play — easter-egg and session state that lives and dies with the tab or the browser.
We set no advertising or cross-site tracking cookies, run no third-party analytics, and do no device fingerprinting. There is nothing here to opt out of, because there is nothing here to opt into.

Consent to the science

Only Humans Score is also a running experiment in human-versus-machine judgment. When a future server tier is live and you choose to sign in, the thing you consent to is the science: that the depersonalized shape of play — the machine's clues, the names submitted as captions, the hidden guess, flags, crown outcomes, timestamps, model identifiers — may join an anonymous research corpus and be studied, released openly (CC0). What is never in that corpus is you: the link between a row and a person is never stored (see Privacy → The hinge). Consent here is narrow and honest — you are lending the judgment, never the judge.

Today, on the free static site, none of this is collected. There is no backend and nothing to consent to yet — the corpus is planned architecture, and the public Ticker runs on sample readings until a deliberate, aggregate-only pipeline exists. Anonymous free play stays anonymous; signing in is the one door you choose to walk through, and even then the wall between identity and the record is the keystone term.

Your controls

Clear the on-device storage anytime from your browser's site-data settings, or with the in-game controls (the Vault has its own clear button). Block cookies in your browser and free play still works in full; only the optional sign-in for online play needs the session cookie. Do-Not-Track and Global Privacy Control signals are honoured by default — there is no behavioural tracking to suppress.

This page summarizes the working notice; the governing document is finalized with counsel before any data is collected for keeps. Questions: the curator.