Cookie Policy

What This Policy Covers

This Cookie Policy explains how Realistic Icon ("we", "our", or "us") uses cookies and similar storage technologies on the 3D Icon Gallery. It pairs with our Privacy Policy and Terms & Conditions.

We keep cookie use to a minimum. The technologies we describe below are the ones we actually use — there are no advertising cookies, no third-party trackers, and no cross-site profiling.

What Are Cookies?

Cookies are tiny text files a website asks your browser to store on your device. The next time you visit, the browser sends them back so the site can recognize you (for example, that you're signed in or that you prefer dark mode).

Modern browsers also support related technologies — localStorage, sessionStorage, IndexedDB — that work similarly but with different lifetimes and limits. For brevity we call all of them "cookies" in this policy.

Why We Use Cookies

Sign-in sessions — to remember that you're signed in so you don't have to authenticate on every page load.

Preferences — to remember things you've configured, like the active theme (light or dark), your preferred icon catalogue style, and the language you've selected.

Security — to detect signs of session hijacking and to enforce CSRF protections on form submissions.

Lightweight analytics — to count how often pages are loaded so we know which content is useful. The analytics is anonymized and aggregated; we don't build per-user profiles.

Categories of Cookies We Use

Strictly necessary — required for the Service to function (sign-in session token, CSRF token, language preference). Without these, large parts of the gallery would not work. These don't require consent under most laws because they're essential to deliver the service you've asked for.

Functional — remember choices you've made (theme, default icon style, density preference). These improve the experience but aren't strictly required to use the Service.

Analytics — anonymized counters that tell us aggregate things like "this page was viewed 4,200 times this month." We use a privacy-respecting analytics tool, not Google Analytics.

What we DON'T use — third-party advertising cookies, retargeting pixels, social-media tracking widgets, or cross-site tracking. We don't share data with ad networks.

Specific Cookies We Set

ri_session — strictly necessary. Holds your sign-in session. HttpOnly, Secure, SameSite=Lax. Lifetime: 30 days (renewed on each visit).

ri_csrf — strictly necessary. Prevents cross-site request forgery on form submissions. Lifetime: session only.

ri_lang — functional. Remembers your selected interface language. Lifetime: 1 year.

ri_theme — functional. Stored in localStorage; remembers your light/dark theme choice. Lifetime: persistent until cleared by you.

ri_density — functional. Stored in localStorage; remembers your preferred UI density on member pages. Lifetime: persistent until cleared by you.

analytics_id — analytics. An anonymous identifier (random UUID, not tied to your account) used to deduplicate page-view counts within a 24-hour window. Lifetime: 24 hours.

Third-Party Cookies

Sign-in providers — when you sign in with Google, LINE, or Apple, that provider may set its own cookies during the OAuth handshake. These are governed by the provider's own privacy and cookie policies (linked from the sign-in page).

Payment processor — when you visit the Billing page, our payment processor (Stripe) may set cookies necessary to render their secure card form. We don't share account information with Stripe beyond what's required to charge your subscription.

We don't embed third-party advertising scripts, social-media tracking pixels, or analytics tools that build user profiles across sites. If we add a third-party integration in the future that meaningfully changes cookie use, we'll update this policy and notify signed-in members.

Managing Your Cookies

You can clear or block cookies from your browser settings — every major browser provides controls in its preferences. Be aware that blocking strictly-necessary cookies will sign you out and may break the gallery.

If you want to disable the analytics cookie while keeping sign-in working, the simplest path is to use your browser's built-in tracking-protection feature (Brave Shields, Firefox ETP, Safari ITP, etc.). Our analytics endpoint is on a well-known list and is blocked by default in most of those tools.

On the member-area Settings page, you can also opt out of the analytics cookie specifically. We'll remember the opt-out via a small cookie of its own ("ri_no_analytics"), which we consider strictly necessary because it implements your stated preference.

Browser-Level Controls

Chrome — Settings → Privacy and security → Cookies and other site data.

Firefox — Settings → Privacy & Security → Cookies and Site Data.

Safari — Preferences → Privacy → Manage Website Data.

Edge — Settings → Cookies and site permissions → Manage and delete cookies.

Most browsers also honor the "Global Privacy Control" (GPC) signal. We treat GPC as a binding opt-out from any non-essential cookies and from any data sharing that could be considered a "sale" under California law.

Changes to This Policy

If we add or remove cookies in a way that meaningfully changes how the Service works, we'll update this page and bump the "last updated" date at the bottom. Significant changes are also flagged in-app the next time you sign in.

Contact

Cookie or tracking questions: privacy@bluweo.com. We typically reply within 5 business days.

For broader data-protection questions or GDPR / CCPA requests, see the Privacy Policy.