Cookie Policy
What is a cookie?
A cookie is a small text file that a website asks your browser to store. Cookies are scoped to the domain that set them (a “first-party” cookie), or to a different domain whose script was embedded on the page (a “third-party” cookie). They typically contain a randomly generated identifier and an expiry date. Modern browsers also expose related storage mechanisms — localStorage, sessionStorage, IndexedDB, the Cache API — which are subject to the same consent rules under the EU ePrivacy Directive and UK PECR. We treat all of these consistently and refer to them collectively as “cookies” throughout this document.
How we use cookies
america777.casino uses cookies for four narrow purposes: (1) to keep you signed in to your hub account, (2) to remember your locale, (3) to record your cookie consent, and (4) — only after consent — to record self-hosted analytics events that help us improve the site. We do not use cookies to build advertising profiles, retarget you on other websites or share identifiers with third-party marketing networks.
Cookie categories
Essential (always on)
Essential cookies are required for the website to function. They cannot be switched off without breaking core features such as sign-in and locale switching. These cookies do not store personal data beyond the random session identifier. The legal basis is “strictly necessary” under PECR Reg. 6(4)(b) and ePrivacy Art. 5(3) — no consent required.
Functional (consent or implicit)
Functional cookies remember preferences you have actively chosen — locale, viewing density, the last channel you visited inside the live chat. Some are set the moment you make a choice (implicit consent), others — like the optional “reduce motion” toggle — are loaded only when explicitly enabled.
Analytics (consent only)
Analytics cookies record aggregated, IP-anonymised usage on a self-hosted PostHog instance. They let us answer questions like “does the new hero carousel raise sign-up clicks?” without identifying individual users. They never load before you click “Accept” in the cookie banner.
Marketing
We do not use marketing or advertising cookies. There is no Facebook Pixel, no Google Ads tag, no TikTok pixel, no Hotjar, no FullStory and no DMP integration. Our Content-Security-Policy header blocks the relevant origins as a defence-in-depth measure.
Full cookie inventory
| Name | Category | Purpose | Retention |
|---|---|---|---|
| a777_locale | Essential | Stores the preferred interface language (en / de / fr). | 12 months |
| a777_session | Essential | Anonymous session ID; lets the server stitch a single page-view across multiple requests. | Session |
| a777_csrf | Essential | Cross-Site Request Forgery double-submit token. | Session |
| a777_consent | Essential | Records your cookie banner choices (essential / analytics / functional). | 12 months |
| next-auth.session-token | Essential | Authenticated hub-account session (set only after sign-in). | 30 days |
| a777_density | Functional | Remembers the comfort vs compact UI density toggle. | 12 months |
| a777_motion | Functional | Stores the “reduce motion” preference for animations. | 12 months |
| a777_ph_distinct | Analytics | Random PostHog identifier for aggregated analytics. IP-anonymised on ingest. | 12 months |
| a777_ph_session | Analytics | PostHog session window for funnel reporting. | 30 minutes (rolling) |
Third-party content & embeds
Game demo iframes are loaded with sandbox, loading="lazy" and referrerPolicy="no-referrer". The studio CDNs may set their own cookies inside the iframe; those cookies are not readable by the hub. We do not embed third-party social widgets (no Twitter timeline, no Facebook Like, no YouTube auto-play). Where we do link to external resources (BeGambleAware, GamCare, regulator portals) we open them in a new tab with rel="noopener" to prevent reverse tab-nabbing.
How to opt out
Three ways to manage your preferences:
- Cookie banner. Reopen it from the “Cookie settings” link in the footer at any time.
- Browser settings. All major browsers expose cookie controls in their settings panel; you can clear our cookies, block them entirely, or limit them per session.
- Account deletion. Delete your hub account from the Privacy Centre to clear the authenticated session cookie immediately.
After opting out of analytics, the analytics module is unloaded and any existing a777_ph_* cookies are removed within 24 hours by our back-end cleanup job.
Global Privacy Control & Do Not Track
We honour the Global Privacy Control standard. When the Sec-GPC: 1 header is present we treat it as an automatic refusal of analytics and skip the cookie banner — no further interaction required. The legacy DNT header (DNT: 1) is honoured the same way, even though the W3C standard has been deprecated.
Consent records
For ePrivacy / GDPR compliance we keep a 3-year audit log of consent decisions: timestamp, hashed IP, locale, browser version and the exact set of categories consented to. The log is restricted to the data-protection officer and is retrieved on request when you exercise your right of access.
Changes & versioning
Whenever we add, remove or repurpose a cookie this page is updated and the “Last updated” date at the top is bumped. Material changes (a new analytics provider, a change of retention) require fresh consent — the cookie banner reopens automatically and your previous choice does not roll over.
Contact
Questions about this policy or to exercise your privacy rights: privacy@america777.casino. For technical issues with the cookie banner or consent persistence: editor@america777.casino. The full data-handling framework is described in our privacy policy.
Frequently asked questions
No. The hub does not load Google Ads, Facebook Pixel, TikTok Pixel, Pinterest tags or any other ad-network cookie. Editorial policy explicitly forbids them, and our CSP header blocks the relevant origins to enforce the rule technically.
Your cookie preferences are stored in a first-party cookie called `a777_consent` for 12 months. Reopen the cookie banner from the footer link to reset it before that.
It should not. If you see `a777_ph_*` after refusing, force-reload the page (Ctrl+Shift+R / Cmd+Shift+R) and clear site data — older browsers occasionally cache the analytics module from before consent was revoked. Email privacy@ if it persists.
Essential features (locale, login) need certain cookies to work. The site will fall back to URL-based locale if locale storage is blocked. Account features will be unavailable without session cookies, but reading content remains possible.
There is no native mobile app — the hub runs as a Progressive Web App (PWA). The PWA inherits the same cookie rules as the website and does not set any additional identifiers.