Roleplay Project uses cookies and similar technologies so we can keep
you signed in, remember your preferences, and run the security
plumbing the site needs to work. We do not use third-party
advertising or cross-site tracking cookies. This page explains
exactly what we set and why, and how to change your mind.
Effective from 29 May 2026 · Phytoventures Ltd · ICO ZC041842
1. What cookies are, briefly
A cookie is a small text file that a website asks your browser to store. The browser sends it back to the same site on each visit, so the site can recognise you, remember a preference, or keep a session secure. "Similar technologies" includes things like localStorage and sessionStorage, which your browser keeps on its own but works the same way in practice.
Some cookies are essential: the site genuinely cannot work without them. Others are functional: they make the site nicer to use (saving your last view, remembering you've accepted this banner) but the site would still load if you turned them off.
2. Our lawful basis
Under the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR, we rely on two lawful bases:
Strictly necessary cookies do not require consent under regulation 6(4) PECR, because they're necessary to provide the service you've explicitly asked for (e.g. signing into the UCP, keeping that session secure).
All other cookies require your prior consent under regulation 6(1) PECR + UK GDPR Article 6(1)(a). That's the consent we ask for via the banner.
If you click Essential only, we will not set any cookie that isn't strictly necessary, and the site will still work.
3. The exact cookies and storage we use
3.1 On roleplayproject.net (this site)
Name
Category
Purpose
Lifetime
rpp_cookie_consent
Essential
Records that you've accepted the cookie banner so we don't show it again. Without it, we cannot honour your choice on later visits.
12 months
__cf_bm
Essential
Set by Cloudflare in front of our edge to distinguish humans from bots. Required for the site to be reachable safely.
30 minutes
cf_clearance
Essential
Set by Cloudflare after a successful challenge to avoid challenging you on every request.
up to 1 hour
3.2 On ucp.roleplayproject.net (the UCP)
Name
Category
Purpose
Lifetime
ucp_token
Essential
HTTP-only signed JWT that proves you're signed in. Scoped to .roleplayproject.net so the bug portal, age-verification flow, and other sub-products share the session. Cleared on logout.
24 hours
ucp_device
Essential
Records a trusted device so we don't email-challenge you on every sign-in from this browser. Cleared if you choose "this isn't my device".
90 days
rpp_cookie_consent
Essential
Same role as on the marketing site.
12 months
3.3 Local storage (your browser, not transmitted to us)
Key
Category
Purpose
Lifetime
rpp_cookie_consent
Essential
Mirror of the cookie above so the banner doesn't briefly flash on subsequent visits before the cookie is read.
Until you clear browser storage
card_share_*
Functional
Used by the UCP to remember which Cards series you most recently viewed in the marketplace.
Until you clear browser storage
3.4 What we don't use
We do not run Google Analytics, Meta Pixel, TikTok Pixel, third-party advertising SDKs, or any cross-site tracking script. We don't sell behavioural data. If you've seen us elsewhere on the web, that's a coincidence — we didn't put a tag on you.
4. Changing your mind
Update your preferences
You can change your decision at any time. Choosing Essential only will clear any non-essential cookies on this browser on your next visit.
You can also clear cookies from your browser's settings at any time. Some browsers offer a "block all cookies" mode — if you use this, parts of the Service that depend on the essential cookies above will stop working (you won't be able to sign in to the UCP, for example).
5. Third-party cookies
Where we embed an external service that requires cookies, those cookies are set by that third party under their privacy and cookie policies, not ours. The third parties we currently embed are:
YouTube (Google LLC) — we embed a single background video on the homepage hero from the privacy-enhanced youtube-nocookie.com domain. YouTube does not set tracking cookies until you interact with the player; we serve the embed with autoplay, mute, and no clickable controls so no interaction can occur. See Google's Privacy Policy and YouTube's embedded-player notice.
Didit — identity-verification partner used to confirm 18+ status for the small number of applicants we need to verify. Didit handles its own session on its own domain; their cookies and processing live under Didit's privacy policy.
Discord — widget and "sign in with Discord" flows redirect you to Discord's domain, where Discord may set its own session cookies. See Discord's Privacy Policy.
Cloudflare — the network in front of our domains may set short-lived security cookies (e.g. __cf_bm) to protect against bots and abuse. See Cloudflare's cookie policy.
Font services — we load typefaces from Google Fonts and Font Awesome's CDN. These do not set cookies on our origin but may log IP addresses for caching.
Resend — transactional email provider that handles outbound emails (account verification, applications, invoices). Resend does not set cookies on our site.
Where a third-party cookie is set, it is set by that third party, not by us, and is governed by their policies. We do not place advertising or behavioural-tracking cookies on this site.
6. Updates to this policy
We may change this policy from time to time. We'll update the effective date above and, where the change is material, ask for your consent again the next time you visit.
7. Contact
Questions about cookies, data, or your rights? Email us at [email protected], or write to Phytoventures Ltd, Belmont Suite, Chorley New Road, Horwich, Bolton, England, BL6 6HG. You can also complain directly to the UK Information Commissioner's Office at ico.org.uk.
Roleplay Project
Server Online
Discord
Apply