Notifications 
Cookie and Tracking Notice
1. Purpose of This Notice
This Cookie & Tracking Notice (“Notice”) explains how SkinJoker Tech Ltd. (“SkinJoker,” “we,” “our,” “us”) uses cookies, software development kits (“SDKs”), pixels and comparable technologies (collectively, “Cookies”) when you visit or interact with the website skinjoker.com and its sub-domains, mobile progressive-web application (PWA) and application-programming-interface endpoints (together, the “Site”).
It should be read together with our Privacy Policy, which describes in detail how we process personal data. Capitalised terms not defined here carry the meaning set out in our Privacy Policy or Terms & Conditions.
2. What Are Cookies?
Cookies are small text files stored on your device when you browse a website. They enable recognition of your browser, store preferences or collect usage statistics. We also employ other identifiers—such as HTML5 local-storage objects, device IDs, web beacons and JavaScript-based SDKs—which, for regulatory purposes (GDPR, UK GDPR, ePrivacy Directive, CCPA/CPRA), are treated like cookies.
3. Why We Use Cookies
| Category | Purpose | Legal Basis* | Lifespan |
|---|---|---|---|
| Strictly Necessary | Enable core Site functions (login, account security, payment processing, fraud prevention) | Contract performance (Art. 6 (1)(b) GDPR) | Session or ≤ 1 day |
| Security & Fraud | Rate-limiting, bot detection, DDoS mitigation (e.g., Cloudflare Bot Management) | Legitimate interests (Art. 6 (1)(f)) | ≤ 30 minutes |
| Functional | Remember language, region, RG limits, cookie-banner choices | Consent (Art. 6 (1)(a)) | ≤ 6 months |
| Performance & Analytics | Aggregate usage metrics, funnel analysis, crash diagnostics (Google Analytics 4, Hotjar) | Consent | ≤ 24 months |
| Marketing & Personalisation | Measure ad campaign efficacy, retarget lapsed players, prevent duplicate offers (Google Ads, Facebook, TikTok pixels) | Consent | ≤ 6 months |
* Under the EU ePrivacy regime, Strictly Necessary cookies do not require consent; all others do. For CCPA/CPRA, collection constitutes “sharing” or “sale” only where targeted advertising identifiers are involved—users may opt-out.
4. First-Party vs Third-Party Cookies
- First-Party Cookies are set directly by SkinJoker (e.g.,
sk_session,rg_prefs). - Third-Party Cookies are set by service providers acting under contract. We impose contractual data-protection addenda (DPAs) and Standard Contractual Clauses (SCCs) when data is transferred outside the EEA/UK.
| Provider | Cookie / Identifier | Purpose | Retention |
|---|---|---|---|
| Cloudflare | _cf_bm , _cflb |
DDoS & bot mitigation | 30 min / session |
| Google Analytics 4 | _ga , _gid , _ga_<container> |
Site performance & user journey analysis | 24 months / 24 hours / 90 days |
| Hotjar | _hjSessionUser , _hjIncludedInSessionSample |
Heat-map & UX optimisation | 12 months / 30 min |
| Intercom | intercom-session-<id> |
Live-chat & support CRM | 7 days |
| SumSub (KYC) | sumsub_jwt |
Keeps identity-verification session | 1 hour |
| Facebook Pixel | _fbp |
Ad measurement / retargeting | 90 days |
| Firebase | Device ID (SDK) | Mobile push notifications, analytics | Persistent until reset |
A complete, dynamically updated list is available in the Cookie Preferences Centre (link in footer).
5. Cookie Preferences & Withdrawal of Consent
When you first land on the Site, a banner explains our use of non-essential cookies and offers three options:
- “Accept All” – enables all categories.
- “Decline Non-Essential” – only strictly necessary & security cookies remain.
- “Customise” – granular toggles for Functional, Analytics, Marketing categories.
You can change your settings anytime via Cookie Settings in the footer. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
6. Browser & Device Controls
- Delete or block cookies in browser settings (Chrome, Firefox, Safari, Edge).
- Use browser add-ons such as Google Analytics Opt-out (GAO-O) or uBlock Origin.
- Reset advertising identifiers on Android/iOS (“Reset Advertising ID”).
Blocking certain cookies may degrade functionality (e.g., staying logged in, wallet address generation).
7. Other Tracking Technologies
- Web Beacons / Pixels
1×1 gifs loaded from ad networks to record impressions. - Local Storage
Used to cache provably-fair seeds for offline validation; cleared when you clear browsing data. - Software Development Kits (SDKs)
Firebase Cloud Messaging for push notifications; Intercom SDK for in-app chat. - Server-Side Logging
TLS handshake meta-data, IP, user-agent, device fingerprint—stored in encrypted log buckets for 7 days, strictly for security diagnostics.
8. Do Not Track (DNT) & Global Privacy Control (GPC)
The Site currently honours GPC signals for California residents by treating them as an opt-out of cross-context advertising cookies. Traditional DNT headers are not universally supported and therefore not acted upon.
9. Data Sharing & International Transfers
Cookie-derived data may be transferred to the United States, Singapore or other jurisdictions where our vendors host servers. We rely on SCCs, vendor Binding Corporate Rules or adequacy decisions to safeguard such transfers (see Privacy Policy §8).
10. Data Retention
Cookie identifiers are stored no longer than listed in §4 or as required for legal or security purposes (e.g., AML audit logs). Aggregated, de-identified analytics data may be retained indefinitely.
11. Updates to This Notice
We may update this Notice to reflect changes in technology, legal requirements or business practices. Material changes are announced via the cookie banner and a prominent Site notice 7 days before taking effect. Continued use of the Site after the effective date constitutes acceptance.
12. Contact
Data Protection Officer
SkinJoker Tech Ltd.
22/F, 2 International Finance Centre, 8 Finance Street, Central, Hong Kong SAR, China
E-mail: [email protected] • Support (24 / 7 / 365): [email protected]
Play responsibly. 18 + only.