White KnightAcademy
Online chess lessons
Live, small-group classes with a real coach.
Chess lessons for beginners
Start from zero — complete beginners welcome.
Online chess coaching
A coach who knows your child — group or 1-on-1.
Learn chess online
A parent’s guide — and the fastest way to improve.
Free self-study
A free account: puzzles, homework and a report.
How it worksPricingCoachesFAQBlog
Log inStart for €5

Privacy

Privacy PolicyChildren's Privacy NoticeCookie PolicySubprocessors

Terms

Terms of Service — Parent / Guardian (for Child Accounts)Terms of Service — Adult Users (Self-Registered, Age 18+)Coach Contractor AgreementBeta Test Addendum

Conduct & safeguarding

Acceptable Use PolicySafeguarding PolicyCoach Code of Conduct

Support

Contact & Complaints
← All policies

Cookie Policy — WhiteKnight Academy

Effective date: 2026-07-02


1. What this page covers

This Cookie Policy explains what cookies and similar browser storage we use across our websites — the public marketing site at https://whiteknight.academy and the learning platform at https://analytics.whiteknight.academy — why, and how you can control them. It supplements the Privacy Policy, which remains the primary document governing our handling of your personal data.

2. A quick definition

  • Cookie — a small text file a website stores in your browser and reads back on each request.
  • localStorage / sessionStorage — browser storage available to websites, held on your device and not transmitted automatically with every request. We use these mainly to remember UI preferences.
  • Third-party cookie — a cookie set by a different domain than the one you visited.

3. What we use — and why

We classify storage into three groups:

3.1. Strictly necessary (no consent required)

These are set without asking, because without them the Service does not work. Under ePrivacy Art 5(3) second sentence they fall inside the "strictly necessary" carve-out; under CCPA §1798.140(e)(2)–(3) they are "service provider" processing.

Name (or pattern) Set by Purpose Expiry
sb-access-token, sb-refresh-token Supabase Keeps you signed in. Without these you would be logged out on every page. Session + refresh lifecycle (up to 1 hour access, longer refresh)
wk-consent Us Remembers your cookie-banner choice so we do not ask again on every visit 12 months
wk-csrf Us CSRF token for authenticated form submissions Session
cf_chl_* Cloudflare Turnstile (set on challenges.cloudflare.com, not on our domain) Short-lived challenge token written only when a visible CAPTCHA is shown on the parent-with-child registration form. Used to prevent automated mass-registration. The default "managed" mode skips this cookie when the visitor is judged human without a challenge. 30 minutes

3.2. Functional localStorage (no consent required — UI state only)

These items never leave your device (except when you explicitly click "Sync across devices" in settings, which we do not yet offer). They exist only to make the UI remember what it looked like last time.

Key Purpose
wk-sidebar-collapsed Whether you had the sidebar collapsed or expanded
wk-layout-* Persisted dashboard layout choices
wk-filter-* Last-used filter values on report pages
wk-cache-* Short-lived client caches for heavy charts (invalidated automatically)
wk-onboarding-progress Where you left off in onboarding

3.3. Analytics (requires your consent)

We use analytics to understand how our site is used — which pages are visited, from which referral source, on which device families — so we can improve the product. Analytics cookies are not set until you opt in through our cookie banner or preferences page (ePrivacy Art 5(3); Polish ustawa Prawo komunikacji elektronicznej 2024).

Name (or pattern) Set by Purpose Expiry
_ga Google Analytics 4 Distinguishes unique browsers; client identifier used by GA4 2 years
_ga_<container-id> Google Analytics 4 Session state for this property 2 years
_gid Google Analytics 4 (legacy) Distinguishes users within a 24-hour window 24 hours

We have configured Google Analytics 4 with:

  • IP anonymisation on by default;
  • Data-retention set to the shortest option supported by GA4 (currently 2 months for event data);
  • Consent mode v2 — no _ga / _ga_* cookies are written until consent is granted; before consent, GA4 operates in cookieless "consent denied" mode and sends only aggregate, non-identifying ping data.

Our tags are loaded through Google Tag Manager (container ID GTM-5TF7QK4N). GTM itself does not set tracking cookies; it is a tag-management layer that decides which vendor tags to load based on your consent choices.

3.4. Advertising and marketing (requires your consent)

We run paid-acquisition campaigns on the platforms below and use their conversion / retargeting pixels to measure campaign effectiveness and to reach people with similar interests to our existing users. These cookies are not set until you opt in through our cookie banner or preferences page.

Provider What the cookies do Default expiry
Google Ads Conversion tracking and remarketing audience membership (e.g., _gcl_au, NID) Up to 2 years
Meta (Facebook / Instagram) Meta Pixel conversion and custom-audience cookies (e.g., _fbp, fr) Up to 90 days
TikTok for Business TikTok Pixel conversion and audience cookies (e.g., _ttp) Up to 13 months
X (formerly Twitter) Ads X Pixel conversion tracking (e.g., muc_ads, personalization_id) Up to 2 years

Specific cookie names, durations, and data points are controlled by each provider and may change; the current-state table is maintained by Google Tag Manager and reviewed quarterly.

We do not use session-replay or behaviour-watching tools (no Hotjar, Clarity, FullStory, LogRocket). We do not sell or share your personal data for cross-context behavioural advertising within the meaning of CCPA/CPRA §1798.120–.121; the retargeting described above uses our own events sent to the ad platform under each platform's data-processor terms, not data-sharing for a third party's own purposes.

3.5. Children's accounts — analytics and advertising are blocked

When a user is logged in as a Child (under 16 — see Privacy Policy § 6), all analytics and advertising tags are blocked on every page of the session, regardless of consent banner choice. This is enforced at our tag-management layer (GTM trigger conditions) and is not dependent on user input. It aligns with:

  • California AADC §22675(d) — no profiling by default.
  • COPPA §312.2 "child-directed service" rules.
  • ICO Children's Code principle 7 (use of children's data for profiling).

Analytics and advertising therefore run only on (a) the public marketing pages, and (b) adult-authenticated dashboards.

4. Third-party cookies — only while you sign in with Google

If you choose "Sign in with Google" (optional), Google sets its own cookies on its domain during the sign-in flow. These are governed by Google's cookie policy at https://policies.google.com/technologies/cookies and are outside our control. After sign-in completes, Google cookies are no longer read from our site.

If you use email/password sign-in instead, no third-party cookies are set by us.

5. How we ask for consent

Our cookie banner appears on your first visit and offers three actions:

  • Accept all — enables the strictly-necessary set (§ 3.1), analytics cookies (§ 3.3), and advertising/marketing cookies (§ 3.4).
  • Essential only — keeps the strictly-necessary set on and blocks both analytics and marketing. This is the default if you do nothing or dismiss the banner.
  • Customise — opens https://whiteknight.academy/legal/cookie-preferences where you can toggle each non-essential category individually.

Your response is stored in a first-party browser item called wk-consent, which records:

  • which categories you granted or denied,
  • the version of the policy at the time of the choice,
  • the timestamp.

You can change your preferences at any time on the same /legal/cookie-preferences page. When you withdraw consent for a category, we push gtag('consent', 'update', …) through our tag manager, which stops new cookies in that category from being written and instructs browsers to clear existing ones on the next visit.

The banner respects the Global Privacy Control browser signal (CPRA §1798.135(b)) and any Do-Not-Track header by treating them as a denial of analytics and marketing consent, without showing the banner.

6. Children and cookies

The full child-protection rules are in § 3.5 above. In short: analytics and advertising cookies are blocked entirely on pages served to logged-in Child accounts. This is enforced at the tag-management layer, not at the banner layer.

7. How to reject or delete cookies in your browser

You can always control cookies at the browser level:

  • Chrome / Edge: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Settings → Privacy
  • Mobile: browser settings → cookies

Blocking the strictly-necessary cookies listed in § 3.1 will break sign-in and cause the Service to stop working for you. Blocking wk-consent will cause the banner to re-appear each visit.

8. Do we fingerprint?

No. We do not use device fingerprinting, canvas fingerprinting, audio fingerprinting, or similar browser-identification techniques. Our telemetry stores only coarse device/browser family (e.g., "Chrome on Windows desktop") as described in Privacy Policy § 3.6; it does not contain identifiers that could uniquely track you across sessions.

9. Changes to this Cookie Policy

If we add any cookie or similar technology beyond the list in § 3, we will update this page, refresh the cookie banner for a re-consent, and — where required — email active account holders at least 15 days in advance.

10. Contact

  • Privacy questions: privacy@whiteknight.academy
  • General: contact@whiteknight.academy
  • Post: TheBroda sp. z o.o., ul. Wierna 12, Warszawa, Poland

11. Version history

  • 2026-07-02 — v1 (initial publication, accompanies Privacy Policy v1).

Effective date: 2026-07-02 · TheBroda sp. z o.o. · KRS 0000677402, NIP 5242831345Back to site →
White Knight Academy

Live online chess lessons for children, taught by real, vetted coaches.

Lessons
Online chess lessonsFor beginnersOnline coachingLearn chess onlineFree self-study
Academy
How it worksPricingCoachesFAQBlog
Trust
About usOnline safetySafeguardingPrivacy & GDPRTermsCookie preferences
Contact
contact@whiteknight.academyLog inStart for €5
© 2026 White Knight Academy. All rights reserved.Made with Help Context