[] BONFIRE · v0.1.0 · NOMINAL

// legal

Cookie Notice

Effective:

What cookies and localStorage keys the Bonfire website uses, what each is for, and how to opt out. Phase 1 draft; short because the site is light on tracking by design.

1. What we use

The Bonfire website uses two categories of browser storage:

  • Strictly necessary. A single localStorage key named bonfire-consent that stores your consent decision (accepted / rejected). Set when you click a button on the consent banner; never set otherwise. Persists until you clear it.
  • Analytics (opt-in). PostHog (privacy-respecting product analytics) and Sentry (error tracking) fire only if you accept consent. Both anonymize IP addresses at collection time. Both retain data for a bounded period (see Privacy Policy § 3). Neither uses third-party advertising cookies, retargeting pixels, or fingerprinting.

2. What we do not use

No advertising cookies.

No retargeting pixels.

No third-party fingerprinting scripts.

No dark-pattern pre-checked boxes.

No "legitimate interest" fake-opt-out flow.

3. How to opt out

On first visit, the consent banner gives you two buttons: Accept and Reject. Reject is the default until you click Accept. The banner remembers your decision via the bonfire-consent localStorage key so it does not bother you on later visits.

To change your decision after the fact: clear the bonfire-consent localStorage key for this domain in your browser's developer tools, then reload the page. The banner reappears and you can choose differently. A proper "revisit consent" button will ship with the PostHog + Sentry wiring (framework ticket BON-213).

4. Browser-level opt-out

You can also block storage at the browser level. Most modern browsers let you block third-party cookies, block all cookies on a per-site basis, or clear storage on exit. Any of these also works as an opt-out. If localStorage is blocked, the consent banner will treat every visit as first-visit and ask again, but nothing tracks you in between.

5. Do Not Track (DNT) and Global Privacy Control (GPC)

The site will respect Global Privacy Control (GPC) signals when the PostHog + Sentry wiring lands in BON-213. A GPC signal is treated as an explicit Reject, overriding any prior Accept. Standalone DNT signals are informational only under current browser practice and are treated as a soft preference that biases the consent banner default toward Reject but does not itself block tracking.