Last updated · April 27, 2026
This Cookie Policy explains how stash.trade (d4.affix.trade and related domains) uses cookies and similar storage technologies on your device. It supplements the Privacy Policy and complies with the EU ePrivacy Directive (Directive 2002/58/EC, as implemented in Polish law) and Article 6 of the GDPR.
01What are cookies?
Cookies are small text files that a website stores on your device so it can remember things between visits — for example, that you are signed in. "Local storage" is a similar mechanism that keeps preferences in your browser without sending them back to our servers. We use both.
We also use a category called strictly necessary cookies, which under the ePrivacy Directive may be set without prior consent because they are essential for delivering the service you requested (e.g. signing you in).
02Categories we use
Strictly necessary — always on
Required for sign-in, session continuity, CSRF protection and storing your cookie-banner choices. Disabling these will sign you out and break core functionality. No prior consent required under EU law.
Preferences — stored on your device
UI settings (theme, parallax, sound, watch list). Stored in your browser's local storage and never transmitted to our servers in a way that identifies you. Cleared when you clear browser data.
Analytics — not currently used
stash.trade does not currently load any third-party analytics. If we add analytics in the future, we will update this Policy and ask for your consent through the cookie banner before any non-essential cookie is set.
Advertising — planned, off by default
We plan to display ads through a third-party advertising network once approved. Ad cookies will be loaded only after you give consent through the cookie banner. The advertising network acts as an independent controller for ad data; the network's own privacy notice and opt-out controls will be linked here when ads go live.
03Detailed list
| Identifier | Type | Category | Purpose | Retention |
|---|---|---|---|---|
| Sign-in session | Cookie | Necessary | Keeps you signed in after successful authentication via Battle.net or Discord. | Session or up to 30 days |
| Sign-in CSRF token | Cookie | Necessary | Cross-Site Request Forgery (CSRF) protection for the sign-in flow. | Session |
| Sign-in return URL | Cookie | Necessary | Returns you to the page you were on after sign-in. | Session |
| Cookie consent | Cookie | Necessary | Stores your cookie-banner choices so we don't ask again on every visit. | 12 months |
| UI preferences (theme, parallax, sound, watch list) | localStorage | Preferences | Remembers UI preferences. Stays on your device. | Until you clear browser storage |
| Third-party advertising cookies | Cookie | Advertising | If and when ads are enabled, the advertising network sets cookies to deliver and measure ads. Set on the network's domains, not ours. Not active until you opt in via the cookie banner. | Up to 13 months (set by the network) |
04Third-party content
Some pages embed content delivered by third parties:
- Web fonts — typefaces used by the interface are served from a third-party font CDN. Standard font-loading mode is used, which does not set tracking cookies on our domain, but the provider may log the request IP address.
- Discord avatars— if you signed in with Discord, your public avatar is loaded directly from Discord's content delivery network. Discord may log the request IP address.
- Diablo item icons — item images are loaded from public Diablo community databases. The hosting service may log the request IP address.
05Managing your choices
- Use the cookie banner that appears on your first visit to accept or reject non-essential categories. You can change your decision at any time by clearing the consent cookie or by clicking the cookie-settings link in the footer.
- Most browsers let you block or delete cookies in their privacy settings. Blocking strictly necessary cookies will sign you out and may break parts of the site.
- Local-storage preferences can be cleared from your browser's site-data settings.
- Once advertising is enabled, links to the advertising network's own opt-out tools will be added here.
06Do Not Track and Global Privacy Control
We respect Global Privacy Control (GPC) signals where applicable: a GPC signal is treated as a refusal of consent for non-essential cookies. Browsers sending the older Do Not Track header are treated the same way.
07Changes to this Policy
We may update this Cookie Policy when cookies are added, removed or change purpose. The "Last updated" date at the top of this page reflects the latest revision. We will re-prompt you for consent if a material change is made to non-essential categories.
08Contact
Questions about cookies or to revoke consent? Reach us via the contact form.