Mon–Fri · 09:00–18:00 CET · hello@lottoluckaustralia.com +34 91 432 7820
Last updated · 2026-05-20 · version 1.0

Cookie Policy

Every cookie we set on your browser is listed below. Essential cookies keep the platform secure and stateful. Analytics cookies are opt-in. We do not use advertising cookies and we never will.

1. What a cookie actually is

A cookie is a small piece of text saved by your browser at the request of a website. It is read back on subsequent visits to remember things — your session, your language, your consent choices. Local storage works similarly but is read by JavaScript rather than sent automatically with every HTTP request.

This policy covers both cookies and equivalent technologies (local storage, session storage, IndexedDB). The legal rules under ePrivacy and GDPR apply to all of them equally.

2. Why we use them

We use cookies for two purposes: keeping the platform stateful (your login session, your consent choice, your active league filters) and understanding usage patterns in aggregate. We do not use them for advertising, profiling, behavioural targeting, or cross-site tracking.

3. The three categories we use

Cookies on this site fall into three categories. The third category requires your consent before it loads; the other two run by default because the platform cannot function without them.

  • Strictly necessary — security, session, consent state. Always on.
  • Functional preference — language and accessibility choices. Always on by default; you can clear them by clearing your browser storage.
  • Analytics — aggregated usage metrics, opt-in only.

4. Strictly necessary cookies

These run by default because the platform breaks without them. Legal basis: ePrivacy "strictly necessary" exemption.

  • lla_session — your authenticated session. HttpOnly, Secure, SameSite=Strict. Expires 14 days after last activity.
  • lla_csrf — cross-site request forgery protection token. HttpOnly, Secure, SameSite=Strict. Session-bound.
  • lla_consent — your cookie consent state (the choice you made on the banner). 12 months.

5. Functional preference cookies

Remember preferences you have set. No consent required because they store choices you yourself made on the interface.

  • lla_lang — preferred display language (en, hu). 12 months.
  • lla_a11y — accessibility preferences such as reduced motion. 12 months.

6. Analytics cookies (opt-in)

Aggregated usage metrics, cookieless by default through Plausible Analytics — but if you grant consent at the banner, a single first-party cookie may be set for session attribution.

  • plausible_ignore — present only if you manually requested to be excluded from analytics. Indefinite.
  • lla_an — first-party analytics session identifier (rotated daily, no cross-day linkage). 24 hours.

We do not use Google Analytics. We do not use Facebook Pixel. We do not use Meta, TikTok, X, Snap, LinkedIn, or Microsoft Clarity tracking pixels.

7. Local storage we use

A small set of keys live in browser local storage rather than in cookies, mostly to avoid sending the value on every HTTP request. They never leave the browser.

  • lla.user — basic session sketch (display name, email) for header rendering after login. Cleared on logout.
  • lla.cookies — your detailed consent choice ("essential" / "all"), used to decide whether the analytics tag loads.
  • lla.news — newsletter sign-up acknowledgement, for the "already subscribed" check.

8. Third-party processors that may set cookies

When you trigger one of the following flows, the listed processor may set a first-party or third-party cookie under their own privacy policy:

  • Stripe — payment-flow cookies during deposit / withdrawal. Strictly necessary for payment fraud prevention.
  • Onfido — KYC verification flow cookies during the one-time identity check. Strictly necessary for the regulated check.

No advertising network ever sets a cookie on this domain.

9. Cookies we explicitly never set

Listing these by category, because telling you what we don't do is part of the trust contract:

  • Advertising / ad-targeting cookies of any provider;
  • Social-share tracking pixels;
  • Cross-site retargeting or "pixel" cookies;
  • Cross-device fingerprint identifiers;
  • Affiliate-tracking cookies for outbound traffic.

10. Managing cookies in your browser

You can clear or block cookies at any time through your browser settings. The main browsers:

  • Chrome — Settings → Privacy and security → Cookies and other site data.
  • Firefox — Settings → Privacy & Security → Cookies and Site Data.
  • Safari — Settings → Privacy → Manage Website Data.
  • Edge — Settings → Cookies and site permissions → Cookies and site data.

Note that blocking strictly necessary cookies will break login and the consent banner will keep returning.

11. Withdrawing analytics consent

To withdraw consent for analytics cookies after granting it, clear the lla_consent cookie (or all cookies from this domain). The banner will reappear and you can choose "Essential only". This withdraws consent immediately for any future activity.

12. Do Not Track signal

We respect the DNT header. If your browser sends DNT=1, we treat it as a refusal of analytics cookies regardless of any earlier consent stored on the device. This is a stricter interpretation than the law requires; we read the signal as the player's intent.

13. Updates to this policy

We review the cookie policy every 12 months and update it when our cookie inventory changes. Material updates trigger a re-consent flow — the banner reappears with the changes summarised. Minor edits are tracked in the public changelog at /legal/changelog.

14. How to reach us about cookies

Privacy questions including cookie questions go to privacy@lottoluckaustralia.com. By post: Lottoluck S.L., Calle de Velázquez 86, 4º planta, 28006 Madrid, Spain, marked "DPO — Cookies".

You may also lodge a complaint with the Spanish Data Protection Authority (AEPD) if you believe our cookie practices are unlawful.