Cookie Policy
Last updated:
This policy explains which cookies and local storage (localStorage) mechanisms craftboxgifts.com uses, who sets these cookies, for what purpose, and what control you have over them. This document forms part of our Privacy Policy.
1. What are cookies?
A cookie is a small text file that a website places in your browser during a visit. It contains anonymous or pseudonymous identifiers that help the site “remember” you or your preferences.
craftboxgifts.com also uses localStorage — a browser storage mechanism that is part of HTML5. It is similar to a cookie but is not automatically sent to the server. The ePrivacy Directive (EU) also applies to this type of storage.
2. Cookies used on craftboxgifts.com
craftbox-consentNecessaryStores the cookie consent decision ("accepted" or "declined"). Written to localStorage (for client-side scripts) and to an HTTP cookie (for server-side CAPI integration). Required for ePrivacy Directive compliance. Analytics scripts load only when the value is "accepted".
__Secure-next-auth.session-tokenNecessaryNextAuth.js session cookie. Stores the JWT that authenticates the user's session on the server. In HTTPS environments it is named __Secure-next-auth.session-token; in local development — next-auth.session-token. Used to protect the customer's My Account area. Set with Secure; HttpOnly; SameSite=Lax attributes.
__Secure-next-auth.callback-urlNecessaryStores the redirect URL used after OAuth sign-in completes. Part of the OAuth 2.0 flow (Google OAuth). Secure; HttpOnly; SameSite=Lax.
__Host-next-auth.csrf-tokenNecessaryCSRF protection token for NextAuth.js. Prevents cross-site request forgery (CSRF) in session management operations. HttpOnly; SameSite=Lax.
craftbox-cartFunctionalStores the shopping cart contents across browser sessions. Without it, the cart is cleared when the page reloads. Consent for this function is implied — it is directly tied to the purchase process.
_gaAnalyticsGoogle Analytics 4 main cookie. Stores a randomly generated client ID to distinguish returning visits. Does not store directly identifiable information. Data: statistics.
Third party: Google LLC — Privacy Policy
_ga_*AnalyticsGA4 collection-specific cookie. Stores the session state for a specific GA4 Property ID. Works together with _ga for session analysis.
Third party: Google LLC — Privacy Policy
_fbpMarketingFacebook Pixel cookie. Tracks visits across the Facebook family of platforms (including Instagram) to measure conversions and optimize advertising campaigns. Sent to Meta Platforms Ireland Ltd.
Third party: Meta Platforms Ireland Ltd. — Privacy Policy
3. Consent & control
3.1 Cookie banner
On your first visit to craftboxgifts.com, a cookie banner appears at the bottom of the screen. Clicking “Accept” enables analytics (GA4) and marketing (Facebook Pixel) cookies. Clicking “Decline” means those scripts will not load. In either case the decision is stored in the craftbox-consent localStorage key.
3.2 Withdrawing consent
You can withdraw consent for analytics cookies at any time using the following methods:
Method 1 — Browser DevTools
Open DevTools (F12), go to “Application” → “Local Storage” → craftboxgifts.com. Delete the craftbox-consent key. When the page reloads, the banner appears again.
Method 2 — Browser settings
From your browser settings you can clear all cookies and localStorage for craftboxgifts.com. Chrome: Settings → Privacy and security → Cookies and other site data → See all site data.
Method 3 — Google Analytics Opt-Out
You can also use Google’s official opt-out add-on: tools.google.com/dlpage/gaoptout
Method 4 — Facebook Pixel Opt-Out
To turn off Facebook interest-based advertising: facebook.com/help/164968693837950
3.3 Disabling cookies entirely
You can disable cookies entirely in your browser, but this will impair the shopping cart function (craftbox-cart) and the proper operation of other sites.
4. Legal basis
| Cookie | Category | Basis |
|---|---|---|
craftbox-consent | Necessary | Legitimate interest (GDPR Art. 6(1)(f)) — ePrivacy compliance |
__Secure-next-auth.session-token | Necessary | Contract (GDPR Art. 6(1)(b)) — session authentication |
__Secure-next-auth.callback-url | Necessary | Legitimate interest (GDPR Art. 6(1)(f)) — OAuth flow |
__Host-next-auth.csrf-token | Necessary | Legitimate interest (GDPR Art. 6(1)(f)) — CSRF protection |
craftbox-cart | Functional | Contract (GDPR Art. 6(1)(b)) — purchase process |
_ga, _ga_* | Analytics | Consent (GDPR Art. 6(1)(a)) — ePrivacy Directive Art. 5(3) |
_fbp | Marketing | Consent (GDPR Art. 6(1)(a)) — ePrivacy Directive Art. 5(3) |
5. Policy changes
When we add new cookies or change a category, we will update this page and revise the “Last updated” date. When we add analytics or marketing cookies that require consent, the cookie banner will appear again (consent reset).
6. Contact
For questions about cookies or privacy, contact us:
Email: info@craftboxgifts.com
Address: 2 Davit Kipiani St, Tbilisi 0119, Georgia
Response time: 30 calendar days (GDPR Art. 12)