MoonLite — Cookie & Local-Storage Policy

Last updated: 11 July 2026. This expands Section 5 of the Privacy Policy.

Controller: LECTOR INTERACTİVE YAZILIM LİMİTED ŞİRKETİ — privacy@lectorinteractive.com Effective date: 11 July 2026 · Version: 2026-07-11

This Policy explains how cookies and similar technologies (localStorage, sessionStorage, IndexedDB) are used on moonlite.gg and play.moonlite.gg (the "Service"). Read it together with the Privacy Policy.


1. The headline: MoonLite sets NO cookies of its own

MoonLite places no first-party cookies on its own domain, uses no advertising, marketing, or cross-site tracking cookies, and runs no third-party analytics or ad SDKs. Instead of cookies, the app uses the browser's standard local-storage technologies to run on your device. Because these are "cookie-like" under most laws (ePrivacy, KVKK guidance), we describe them transparently here.

2. First-party local storage we use

Everything below is either strictly necessary for the Service to function or functional storage created directly by your own actions; consent banners are generally not required for these categories.

Item Type Purpose Lifetime
Session token localStorage Keeping you signed in (authentication) Until logout; server-side expiry 30 days
Browser identifier (jammer-cid) localStorage Guest content ownership across reloads Until you clear it
App preferences (graphics, cursor, UI, etc.) localStorage Remembering your settings Until you clear them
Projects, autosaves, drafts localStorage / IndexedDB Storing your work on your device (local-first design) Until you clear them
Audio cache IndexedDB Playing tracks without re-downloading Until you clear it
DM private keys and message history IndexedDB End-to-end-encrypted messaging (keys exist only on your device) Until you clear them
Test identifier (jammer-cid-fresh) sessionStorage Tab-scoped guest identity, only on ?fresh test links Until the tab closes

You can delete all of this at any time via your browser's site-data settings. Doing so signs you out and removes device-side content (local projects, DM keys, cached audio).

3. Infrastructure cookies

Our hosting provider Cloudflare may set technical cookies on our domains for security (for example, __cf_bm for bot management). These are strictly necessary, security-purposed, and governed by Cloudflare's own policy.

4. Third-party embeds (loaded only by your actions)

The following third-party content loads only when you use the relevant feature, and may set its own cookies under its own policies:

Provider When What it does
YouTube (Google) When you join a watch party / play a video The embedded player may use YouTube cookies; if you are signed in to YouTube it may associate activity with your account
archive.org (Internet Archive) When you open the "read the original scans" viewer in the archive terminal The embedded reader may use its own cookies
Google (accounts.google.com) When you choose "Sign in with Google" The sign-in flow runs on Google's own pages with Google's cookies
Google (googleusercontent.com) When profile pictures are displayed Image requests are served from Google infrastructure

These are optional: if you never join a watch party, never open the scan viewer, and never sign in with Google, they never load. The Service shows an informational notice before the first use of watch-party embeds.

5. Category summary

6. Your controls

You can view, delete, and block site data and cookies in your browser settings. Blocking strictly necessary storage will prevent the Service from working. You can additionally restrict third-party cookies at the browser level; the YouTube/archive.org embeds may then have reduced functionality.

7. Changes and contact

We may update this Policy; the current version is published with a new date and version number. Questions: privacy@lectorinteractive.com.