The Daily Oracle is designed to use as little data as possible. We do not load advertising trackers, cross-site pixels, or third-party analytics by default.
Last updated: .
What we use
The site relies on two first-party storage mechanisms in your browser: cookies (small files set by the server) and localStorage (key-value storage scoped to this site). Both stay on your device and are not transmitted to any third party.
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
do_jwt |
localStorage | Signed-in session token (replaces traditional auth cookies) | 30 days, refreshed on use; deleted on sign-out |
do_state |
localStorage | Today’s reading, streak, preferences, daily-ritual state | Until you clear it |
do_remind |
localStorage | Your daily-reminder opt-in preference | Until you clear it |
do_seed |
localStorage | Anonymous personal seed used to keep readings stable across visits | Until you clear it |
wordpress_test_cookie |
Session cookie | WordPress login flow test (only set if you log in to /wp-admin) |
Session |
wp_* nonce cookies |
Session cookies | Form & comment-form security tokens (CSRF protection) | Session |
PHPSESSID |
Session cookie | Only set if a contributing plugin requires sessions; never used by this theme alone | Session |
What we do not use
- Advertising cookies (Google Ads, Meta Pixel, TikTok Pixel, X / Twitter, Pinterest, etc.).
- Third-party analytics by default (Google Analytics, Plausible, Fathom, Matomo) — enable any one of them via the Customizer if you wish.
- Cross-site tracking pixels of any kind.
- Browser fingerprinting libraries.
- Session-replay tools (Hotjar, FullStory, LogRocket).
- Persistent advertising identifiers.
Third-party services we may load
A few first-party features depend on a small number of named providers. Where they appear, they appear server-side; their cookies (if any) are loaded only when you interact with them.
| Service | When loaded | What it stores |
|---|---|---|
| Cloudflare | On every page (DDoS shield) | A short-lived security cookie (__cf_bm) used to distinguish humans from bots. No cross-site profiling. |
| Stripe / Paddle / Lemon Squeezy | Only on the billing checkout page | Their own session cookies for the checkout flow. Disclosed by the processor in its own policy. |
| Google Fonts | On any page that loads Cormorant Garamond | None. Google may briefly log the request IP; we do not pass any identifier. |
How to clear or refuse them
From inside the app
- Sign out — clears
do_jwtimmediately. - Hall → Ledger → Ask to be forgotten — clears all our localStorage entries and deletes your account on the server.
In your browser
- Chrome / Edge / Brave: click the padlock in the address bar → Site settings → Clear data.
- Firefox: click the padlock → Clear cookies and site data.
- Safari: Settings → Privacy → Manage website data → Remove.
You can also configure your browser to refuse cookies entirely. The site will continue to work for reading; signing in will require accepting at least the first-party do_jwt entry.
Consent
Because we use only strictly-necessary first-party storage and load no advertising trackers by default, we are not required to display a consent banner in most jurisdictions. If you enable an analytics provider via the Customizer, you must add an appropriate consent flow yourself; the theme does not ship one.
“Do Not Track” and Global Privacy Control
We honour the Global Privacy Control (Sec-GPC: 1) and the legacy Do Not Track header. When either is present, we do not load any optional analytics — even if the site owner has enabled one in the Customizer.
Changes
If we add or remove an item from the tables above, we’ll update this page with the new date at the top.
How to reach us
Questions about cookies or storage? Reach us via the Contact page, or directly at winner@yourdailyoracle.com. See also our Privacy Policy.