← Back to home
Trackers and local storage

Cookie management

Last updated: May 1, 2026
Hammerpint uses a limited number of cookies and trackers. Strictly necessary cookies are set without prior consent. Audience measurement cookies (Google Analytics 4) are set only after your explicit consent, given through the banner shown on your first visit and revocable at any time via the footer.

1. What is a cookie?

A cookie is a small text file stored by your browser at a site's request. It typically maintains a session, remembers a preference, or secures an exchange.

2. Strictly necessary cookies (set without consent)

  • laravel_session — authenticated session. Duration: browser session. Necessary.
  • XSRF-TOKEN — CSRF protection. Duration: session. Necessary.
  • locale — remembers your language choice (fr/en). Duration: 1 year. Convenience.
  • cf_clearance, __cf_bm (Cloudflare Turnstile) — anti-bot, set during OAuth login. Duration: a few hours. Necessary.

3. Audience measurement (set only after consent)

If you click "Accept" on the cookie banner, Hammerpint sets the following cookies to measure site audience:

  • _ga, _ga_<ID> (Google Analytics 4, where <ID> matches our GA4 stream identifier — visible in your browser's cookie inspector) — anonymous visitor and session ID. Duration: 13 months.

Our Google Analytics configuration is set up to respect your privacy:

  • IP anonymisation at collection;
  • Google Signals disabled (no cross-referencing with Google accounts);
  • Ad personalization disabled;
  • Data retention: 2 months (the minimum offered by GA4);
  • No data is used for advertising purposes nor sold to third parties.

If you click "Refuse" or have not yet chosen, no Google Analytics script is loaded and no third-party cookie is set.

4. Consent log

When you click "Accept" or "Refuse", we record your choice in an internal log on our servers. This record is required by GDPR Article 7(1), which mandates that the data controller be able to demonstrate that consent was obtained.

Each log entry contains:

  • the date and time of your choice;
  • your choice ("accepted" or "refused");
  • your user ID (if you are signed in) or an anonymous session identifier;
  • a salted SHA-256 hash of your IP address and user-agent — irreversible, and not practically reversible to the original values.

This log is strictly internal, retained for 5 years (the CNIL-recommended retention for proof of consent), and never shared with third parties.

5. Local storage

Hammerpint also uses localStorage (browser storage) for:

  • remembering army-builder display preferences (open/closed accordions);
  • storing a custom naming pack if you import one;
  • remembering your cookie consent choice (hp_cookie_consent) — duration: 6 months, after which the banner re-appears.

The contents of localStorage stay on your device. Only your choice (Accept/Refuse) is transmitted to our servers for the consent log described in section 4.

6. Changing or withdrawing your choice

You can revisit your consent at any time by clicking "Manage my cookies" in the footer. The banner will re-appear and you can accept or refuse again. Each change creates a new entry in the consent log (the log is append-only, history is preserved).

You can also delete all cookies from your browser settings. Refusing strictly necessary cookies will prevent the service from working (for example, you won't be able to sign in).