Three cookies, all of them strictly necessary.
A complete inventory of every cookie set by the iGRT Community dashboard. No analytics, no advertising, no banner.
The short version
We set three cookies. All of them are strictly necessary to operate the sign-in flow and, where enabled, the first-time password rotation. We set zero analytics cookies, zero advertising cookies, zero third-party tracking cookies. Because every cookie we set is strictly necessary under the ePrivacy Directive and Recital 30 of the GDPR, we are not legally required to ask for cookie consent and we do not display a cookie banner.
If a future feature requires non-necessary cookies (for example, analytics) we will introduce a consent banner at the same time and will not set those cookies until you opt in.
Every cookie we set
The dashboard sets the following cookies under the community.igamingrealtalk.com domain (or localhost during development). Every entry below is strictly necessary.
| Name | Purpose | Lifetime | Flags |
|---|---|---|---|
igrt.access | The short-lived access token issued at sign-in. Used to authenticate API calls during a session. | 15 minutes | HttpOnly, Secure, SameSite=Lax |
igrt.refresh | The rotating refresh token used to mint a new access token without forcing you to sign in again. Rotated on each use; theft of a stale value invalidates the entire family. | 30 days | HttpOnly, Secure, SameSite=Lax |
igrt.must_change_pw | A breadcrumb set after we issue you a temporary password. When the forced password-change step is enabled, the sign-in proxy reads it to send you to the change-password screen until you rotate. Cleared the moment you set a new password. | Until first password change, or up to 30 days | Secure, SameSite=Lax (read by the sign-in proxy, so not HttpOnly) |
We do not set cookies that read or write personal data beyond the opaque session identifiers above. The cookies do not contain your name, email, IP address, or any profile field.
Third-party cookies
The iGRT Community dashboard does not embed third-party widgets, advertising tags, or analytics scripts. As a result no third party sets cookies through our site.
The only external service involved in your day-to-day use of the dashboard is WhatsApp, which loads only when you click a wa.me deep-link. At that point you are interacting directly with Meta in your own browser. Any cookies set on the WhatsApp domain are governed by Meta's own cookie policy.
Controlling cookies in your browser
You can clear or block cookies in your browser settings at any time. Because the cookies above are strictly necessary, blocking them will sign you out and prevent you from signing back in.
Changes to this policy
If we add or remove cookies, we will update the table in section 03 and refresh the dates at the top of this page. Material changes (in particular, anything that introduces non-necessary cookies) will be announced inside the dashboard fourteen days before they take effect, together with a consent banner where consent is required.
END OF DOCUMENT · COOKIE POLICY · 9 MAY 2026