The cookies we set, and why.

GateCrate runs on the smallest set of cookies it can. We don’t drop third-party advertising or cross-site tracking cookies by default, and we don’t sell what we learn from the ones we do set. A cookie here is a small file your browser stores so the site can remember something between requests.

• Session — keeps you logged in to your artist account (Auth.js). Strictly necessary; expires when your session ends.
• Security — CSRF and similar tokens that stop forged requests. Strictly necessary.
• Preferences — remembers small choices like a dismissed banner. Set only when you make the choice.
• Gate verification (temporary) — when a fan connects a platform to clear a step, a short-lived cookie carries that ephemeral connection. It’s scoped to the gate flow and isolated from any artist login, and it clears once the step is verified.

An artist can choose to add their own Meta, Google, or TikTok conversion pixel to their gate so they can measure their own campaigns. That’s a per-artist, opt-in feature that’s part of a later phase and stays off until released. When it’s live and an artist enables it, the fan will see the appropriate consent prompt before any such cookie is set — it is never on by default across GateCrate.

You can clear or block cookies in your browser settings, including blocking third-party cookies entirely. Blocking the strictly-necessary ones will stop you logging in or completing a gate, but everything else degrades gracefully.

Questions about cookies? Email privacy@gatecrate.com. How we handle the data behind them is in our Privacy Policy.