LIVE BATTLES0OPEN CHALLENGES0IN QUEUE0BTC/USDT1-MIN CANDLESSTAKES FROM$10WIN THRESHOLDFIRST TO 3 / 6PAYOUT95% TO WINNERMATCH TIME~2-5 MINMODEQUICK · RANKED
Home/Legal/Cookie Policy

Cookie Policy

A complete, plain-English inventory of every cookie ORACLX sets on your browser. We use only essential cookies — no advertising, no third-party analytics, no cross-site tracking.

Effective May 5, 2026
Plain-English summaryORACLX sets three small cookies on your browser, all of which are strictly necessary to operate the Service: one to keep you signed in, and two to enforce platform access controls when access controls are in effect for your route. We do notuse advertising cookies, third-party analytics cookies, social-network cookies, retargeting pixels, or any cross-site tracking technology. You can refuse our cookies, but doing so prevents you from signing in or accessing parts of the platform that require active access controls.

1. Overview

This Cookie Policy explains the use of cookies and similar storage technologies on the ORACLX website at oraclx.net and any subdomain thereof (the "Service"). It is a companion to, and should be read together with, our Privacy Policy.

We have designed the Service to use the minimum set of cookies needed to function. Every cookie we set falls into the "strictly necessary" category — there are no marketing cookies, no behavioral-advertising cookies, no third-party analytics scripts, and no social-media tracking pixels. If we add a non-essential cookie in the future, we will update this Policy and obtain your consent before setting it.

2. What Cookies Are

A cookie is a small text file that a website asks your browser to store. The next time you visit the site (or visit any other page on the same site), your browser sends the cookie back. Cookies allow the site to remember information about you between requests — most commonly, that you are signed in.

Cookies vary along several dimensions:

  • Session vs persistent — session cookies are deleted when you close the browser; persistent cookies have an expiry date and remain until that date or until you delete them manually.
  • First-party vs third-party — first-party cookies are set by the site you are visiting; third-party cookies are set by an external service embedded on the page.
  • HttpOnly — httpOnly cookies cannot be read by JavaScript on the page, which significantly reduces the risk of theft via cross-site scripting.
  • Secure — secure cookies are only transmitted over HTTPS connections.
  • SameSite — controls whether the cookie is sent on cross-site requests (lax / strict / none).

3. Categories of Cookies

The Service does not currently use cookies in every category. The full menu of categories — and where ORACLX stands on each — is:

  • Strictly necessary — cookies without which core functions of the site (sign-in, security, accessing gated content) cannot work. ORACLX uses these.
  • Functional / preference — cookies that remember your UI choices (theme, language, etc.). ORACLX does not currently use these as cookies; preferences live in your account or in browser localStorage where applicable.
  • Performance / analytics — cookies that count visitors, measure page load, etc. ORACLX does not currently use cookies for analytics. We collect aggregate, IP-derived geographic statistics on the server side (see Privacy Policy §3.4); no cookie is involved.
  • Advertising / targeting — cookies that build a profile of your interests for ad targeting or that allow advertisers to retarget you. ORACLX does not use any advertising cookies.
  • Social media — cookies set by embedded social- network widgets. ORACLX does not embed social-media widgets and does not set such cookies.

4. Cookies We Set

The following table is the complete list of cookies the Service sets on your browser. Each is set on the oraclx.net domain (with Domain=.oraclx.net in production, allowing it to be valid across oraclx.net, app.oraclx.net, and api.oraclx.net).

4.1 humai_token

  • Purpose — your authenticated session token (a signed JWT). Sent on every API request so we can identify you without asking you to sign in for each click.
  • Category — strictly necessary.
  • Expiry — same as your JWT expiry, typically seven (7) days; refreshed on each successful authenticated request.
  • FlagsHttpOnly, Secure (in production), SameSite=Lax in development / Strict in production, Path=/.
  • Set when — you complete sign-in via your wallet provider.
  • Cleared when — you sign out, or it expires.

4.2 oraclx_preview

  • Purpose — proves you correctly entered the access PIN for the platform's restricted-access gate. The Edge middleware verifies this cookie before serving any route protected by an active access control.
  • Category — strictly necessary, set only while the access gate is active for your route. Where the access gate is not active for a route, this cookie is not required for that route.
  • Expiry — thirty (30) days from issuance.
  • FlagsHttpOnly, Secure (in production), SameSite=Lax, Path=/.
  • Set when — you submit the correct access PIN on the access-gate page.
  • Cleared when — you click "Sign Out" (if you also held an administrative bypass cookie), the cookie expires, or an administrator rotates the access PIN (which invalidates all outstanding cookies via a version stamp embedded in the cookie payload).

4.3 oraclx_admin

  • Purpose — administrative bypass for the platform access gate. After a backoffice administrator signs in, this cookie is set so that the same browser passes any active access controls on the public app without entering a PIN.
  • Category — strictly necessary (administrative).
  • Expiry — seven (7) days from issuance.
  • FlagsHttpOnly, Secure (in production), SameSite=Lax, Path=/.
  • Set when — you sign in to the ORACLX backoffice and your account is recognized as an administrator.
  • Cleared when — you sign out of the backoffice (the sign-out flow explicitly clears this cookie), the cookie expires, or your administrator account is revoked.

4.4 What we do NOT set

  • No advertising or retargeting cookies.
  • No third-party analytics cookies (Google Analytics, Mixpanel, Amplitude, etc.).
  • No social-media tracking pixels.
  • No cross-site tracking technology.
  • No fingerprinting cookies (we do not derive a stable fingerprint from cookie+browser combinations).

5. Similar Technologies

In addition to cookies, the Service may use the following storage technologies on your browser. These are subject to the same general considerations as cookies.

5.1 LocalStorage

We may use window.localStorage to remember small, non-sensitive UI preferences such as whether you have dismissed the cookie banner, whether you have muted ambient audio, the music-player track index, and similar. LocalStorage entries are scoped to the origin (oraclx.net) and are not transmitted to the server. You can inspect and clear localStorage entries via your browser's developer tools.

Specifically, the Service writes the following localStorage keys:

  • oraclx_cookie_consent — records your response to the cookie banner ("accepted" or "rejected") so we don't show the banner on every page load.
  • battleCameraChoice / battleAvatarChoice — your camera-on / avatar choice for the next Battle, set just before joining.
  • oraclx_rematch_anchor_* / oraclx_rematch_* — short-lived per-Battle keys that synchronize the post-Battle rematch countdown across browser tabs.
  • Various sound and player-preference toggles for the Battle UI (mute state, etc.).

5.2 SessionStorage

The Service may use window.sessionStorage for transient state that lives only for the current browser tab session.

5.3 IndexedDB

The Service does not currently use IndexedDB. The wallet provider you authenticate with (Magic Labs) may use IndexedDB to cache its own state independent of ORACLX; that is governed by the wallet provider's own policies.

6. Third-Party Cookies

The Service does not embed third-party scripts that set cookies on your browser as you use the ORACLX app itself. The third-party services we depend on (described in our Privacy Policy) interact with us through APIs on our server side, not through tags embedded in your browser. Specifically:

  • We do not include Google Analytics, Mixpanel, Hotjar, FullStory, or any similar tag.
  • We do not include Google Tag Manager.
  • We do not include Facebook Pixel, X / Twitter pixel, LinkedIn Insight, TikTok Pixel, or any social-network tag.
  • We do not include third-party advertising or retargeting tags.

The wallet provider you authenticate with (Magic Labs) renders its own login UI in a popup or iframe; that UI is governed by Magic's own policies and may set its own cookies on its own domain. ORACLX does not control those cookies and they do not appear on our inventory.

On your first visit to the Service, we display a cookie consent banner that informs you of our cookie use and gives you a choice to accept or refuse. Your choice is recorded in a localStorage key (oraclx_cookie_consent) so you do not have to repeat it on every page load.

You can revisit your choice at any time by:

  • Clearing the oraclx_cookie_consent entry from your browser's localStorage (e.g., via Developer Tools), which causes the banner to display again on your next page load; or
  • Clearing all browsing data for the oraclx.net origin, which has the same effect.

Because every cookie we currently set is strictly necessary to operate the Service, "refusing" cookies in our banner means you are choosing not to use the parts of the Service that depend on those cookies — see Section 9.

8. Controlling Cookies in Your Browser

All major browsers allow you to view, manage, and delete cookies. The exact steps vary; consult your browser's documentation. As a starting point:

  • Chrome — Settings → Privacy and security → Cookies and other site data.
  • Firefox — Settings → Privacy & Security → Cookies and Site Data.
  • Safari (macOS) — Safari → Settings → Privacy → Manage Website Data.
  • Edge — Settings → Cookies and site permissions → Cookies and site data.
  • Brave — Settings → Privacy and security → Cookies and other site data.

You can also configure your browser to block third-party cookies by default. Because ORACLX does not set any third-party cookies, this setting will not affect your use of the Service.

9. Effect of Refusing Cookies

If you block or delete the cookies described in Section 4:

  • humai_token — you will not stay signed in. Each new request will appear unauthenticated and you will be redirected to sign in again. You will not be able to enter Battles, place Spectator side bets, or perform any action that requires an authenticated session.
  • oraclx_preview (where the platform access gate is active for a route) — you will see the PIN modal on every page load and will not be able to enter that route without re-entering the PIN.
  • oraclx_admin — administrator browsers will see the PIN gate on the public app despite being signed in to the backoffice. They can still operate the backoffice itself.

We do not currently offer a "cookie-free" mode of the Service. If you require one, please contact us at legal@oraclx.net to discuss alternatives.

10. Changes to This Policy

We may update this Cookie Policy from time to time. The current version, with its effective date, will always be posted at oraclx.net/legal/cookies. If we add a non-essential cookie or materially change the categories of cookies we use, we will re-display the cookie consent banner so you can re-confirm your choice.

11. Contact

For questions about this Cookie Policy, contact us at:

ORACLX — Privacy Team
Email: privacy@oraclx.net
Legal: legal@oraclx.net

Questions? Reach our legal team at legal@oraclx.net
← Back to ORACLX