This page lists every cookie set when you visit ovoda.org, what each one does, who runs it, and how long it lives. It also shows how to block or delete cookies in every major browser. Nothing here is hidden, and nothing is written in the passive voice on purpose. If a cookie is not listed below, it is not on our site.
A cookie is a small text file, a few hundred bytes at most, that a website asks your browser to store. The next time you visit the same site, the browser sends the cookie back. That is the whole mechanism. Cookies cannot read other files on your device, cannot carry viruses, and cannot run code. They can only carry values that the website itself (or a script embedded on it) chose to set.
There is a useful distinction between first-party cookies, which ovoda.org sets itself, and third-party cookies, which are set by other services embedded on our pages (analytics, affiliate tracking, CDN). There is also a distinction between session cookies, which die the moment you close your browser, and persistent cookies, which sit on your device until they expire or you clear them manually.
Browser storage has expanded beyond cookies proper. Local Storage, Session Storage, and IndexedDB can do similar things. This policy covers all of the above together, because they raise the same questions.
Strictly necessary. The site cannot function without them. They keep your session alive, remember your cookie consent choice, and pass you through Cloudflare's security checks. You cannot opt out of these — if you block them, ovoda.org will not load correctly. They do not watch you around the web. They do not build a profile.
Analytics. Google Analytics 4 drops a small handful of cookies so we can count unique visitors, see which pages people read, and spot where the site breaks. Everything is aggregated. We do not see individual user journeys with names attached. IP addresses are anonymised at collection time. You can reject these and the site still works perfectly.
Functional. One or two cookies that remember a preference — for example, the language variant you picked. These are not necessary, but they make return visits tidier. If you block them, the site simply asks you again on the next visit.
Marketing / affiliate tracking. One cookie fires when you click the outbound "/go" link to Jackpot Jill Casino. It tells the casino's affiliate system that the click came from our site so the commission is attributed correctly. This cookie does not carry your name, email, or any personal detail. It carries a random click ID and a partner ID. We cannot use it to build an ad profile, because we do not run any ad profile — we do not run ads at all.
Below is every cookie you may encounter on ovoda.org. If we add one, this table is updated the same day.
| Cookie | Category | Provider | Purpose | Type | Retention |
|---|---|---|---|---|---|
ovoda_consent | Strictly necessary | ovoda.org | Stores your answer to the cookie banner so we stop asking. | Persistent | 12 months |
PHPSESSID | Strictly necessary | ovoda.org | Keeps your browsing session alive between page loads. | Session | Until browser close |
cf_clearance | Strictly necessary | Cloudflare | Confirms your browser passed the Cloudflare bot / security challenge. | Persistent | 30 minutes |
__cf_bm | Strictly necessary | Cloudflare | Bot management: separates real users from automated traffic. | Persistent | 30 minutes |
__cflb | Strictly necessary | Cloudflare | Load-balancer stickiness so you hit the same edge node during a session. | Session | Until browser close |
_ga | Analytics | Google Analytics 4 | Assigns an anonymous visitor ID so we can count unique readers. | Persistent | 24 months |
_ga_XXXXXXXXXX | Analytics | Google Analytics 4 | Holds the GA4 session state for a specific property (ID masked). | Persistent | 24 months |
_gid | Analytics | Google Analytics | Identifies a unique visitor within a 24-hour window for daily stats. | Persistent | 24 hours |
_gat_gtag_UA_XXXXXX | Analytics | Google Analytics | Throttles how often GA hits Google's servers from your browser. | Persistent | 1 minute |
lang | Functional | ovoda.org | Remembers whether you landed on the default or the en-AU variant. | Persistent | 12 months |
btag | Marketing | Jackpot Jill affiliate system | Records that your click came from Ovoda for commission attribution. Fires only when you click the "/go" outbound link. | Persistent | 30 days |
clickid | Marketing | Jackpot Jill affiliate system | Unique ID for the specific click, used to match registrations back to our referral. | Persistent | 30 days |
aff_sub | Marketing | Jackpot Jill affiliate system | Carries a sub-ID that tells the affiliate network which page the click came from. No personal data. | Persistent | 30 days |
Any cookie you see in your browser's developer tools while on ovoda.org that is not listed above either belongs to a stale entry we missed or is being set by a browser extension you have installed. Email [email protected] with a screenshot and we will investigate.
We run GA4 because the alternative is flying blind. It tells us that, say, the welcome bonus section gets 40% of our traffic and the mobile section gets 8%, which is how we decided to stop spending time on the VIP section (data: nobody read it). IP anonymisation is turned on at the property level, meaning the last octet of your IP is zeroed before Google's servers touch it. Advertising features, Google Signals, and cross-device linking are all disabled on our property. The GA4 data retention window is set to the shortest Google allows: 14 months.
You can block GA entirely by installing the official browser extension: tools.google.com/dlpage/gaoptout. Google's privacy policy is at policies.google.com/privacy.
Cloudflare sits in front of our origin server. Every request to ovoda.org hits Cloudflare first. The cookies it sets (cf_clearance, __cf_bm, __cflb) are technical — they prove you are a real browser and not a scraper, and they pin your session to a consistent edge node. Cloudflare's own statement on cookies is at cloudflare.com/privacypolicy. You cannot meaningfully opt out of these — blocking them means failing the bot check and getting a 403 instead of the page.
Tracking cookies that support commercial attribution. They fire the moment you click the outbound "/go" link. On a page where you never click that link, those cookies do not fire. This is the one category you can opt out of without losing site functionality: if you reject marketing cookies in our banner, the outbound link still works, but the affiliate network receives only the bare click with no pre-fired cookie context.
Settings → Privacy and security → Third-party cookies. You can block all third-party cookies, block only in Incognito mode, or allow them. For granular control, Site Settings → Cookies and site data lets you add ovoda.org individually. Full guide: support.google.com/chrome/answer/95647.
Settings → Privacy & Security → Enhanced Tracking Protection. Standard, Strict, and Custom modes are available. Strict blocks most cross-site cookies automatically. Full guide: support.mozilla.org.
Safari blocks cross-site tracking cookies by default via Intelligent Tracking Prevention. On desktop: Safari → Settings → Privacy. On iPhone: Settings → Safari → Privacy & Security. Full guide: support.apple.com/guide/safari.
Settings → Cookies and site permissions → Manage and delete cookies and site data. Three tracking prevention levels: Basic, Balanced, Strict. Balanced is the default. Full guide: support.microsoft.com/microsoft-edge.
Settings → Privacy and security → Accept cookies. Options: Allow, Allow from current website only, Block. For tracker blocking, Privacy and security → Smart Anti-Tracking.
Every modern browser has a setting to block all cookies, including strictly necessary ones. Use it if you want. Most websites, including this one, will not work properly, but you will be cookie-free.
This varies by category.
Refuse strictly necessary cookies: pages may fail to load, the security challenge may loop, your session may not persist between clicks. In practice you will probably stop using the site, which is fair.
Refuse analytics cookies: you see exactly the same site. We stop seeing your traffic in GA4. You lose nothing. We lose a little signal but keep working.
Refuse functional cookies: minor nuisance — the site forgets small preferences between visits.
Refuse marketing cookies: you see exactly the same site. If you later click a "/go" link, the affiliate network still records the raw click, but without the pre-fired cookie the attribution window is shorter (about 7 days instead of 30). This does not affect what bonus you get at the casino — that is controlled by the casino, not by us.
Your consent choice is saved in the ovoda_consent cookie for 12 months. To change it, clear the cookie for ovoda.org in your browser and reload the page — the banner reappears and you can make a different choice. We are working on a persistent "Cookie settings" link in the footer; until that ships, the manual-clear approach is the reliable route.
For the broader picture of what we do with data (not just cookies), see our Privacy Policy. The commercial relationship that explains the affiliate tracking cookies is set out on our Affiliate Disclosure. Any question not answered here goes to Contact.