Please note: This document is provided for transparency and is not legal advice. Buyer.gg LLC is having these terms reviewed by qualified legal counsel; the final, counsel-reviewed version governs.
1. Overview & what these technologies are
This Cookie Policy explains how buyer.gg (the "Service" or "Site") uses cookies, browser storage, and similar technologies, and the choices available to you. The Service is operated by Buyer.gg LLC, a Delaware limited liability company and the merchant of record, located at 8 The Green, STE B, Dover, Kent County, DE 19901, United States ("Buyer.gg", "we", "us", or "our").
This Cookie Policy forms part of, and should be read together with, our Privacy Policy and our Terms of Service. Where this policy uses a term that is defined in the Privacy Policy, that definition applies here too.
1.1 Plain-English definitions
To keep things clear for everyone — including teenagers and parents — here is what these technologies actually are:
- Cookies are small text files that a website asks your browser to store on your device. When you return to the site, your browser sends the cookie back so the site can recognize your session or remember a setting. Cookies set by the site you are visiting are called first-party cookies; cookies set by another company whose code runs on the page are called third-party cookies.
- Local storage is a browser feature (part of the "Web Storage" standard) that lets a site save small amounts of data on your device that stays until it is cleared. We use local storage to keep your cart and preferences.
- Session storage is similar to local storage, but the data is cleared automatically when you close the browser tab.
- Similar technologies include pixels, tags, software development kits (SDKs), and device or browser identifiers. We do not use advertising pixels or tracking tags (see Section 5).
Throughout this policy we use the word "cookies" as shorthand to cover cookies, local storage, session storage, and the similar technologies described above, unless we say otherwise.
1.2 What buyer.gg is
buyer.gg is an independent online marketplace for virtual in-game items used in Roblox experiences, delivered manually in-game by our staff to a verified in-game account. We are not affiliated with, endorsed by, or sponsored by Roblox Corporation, Uplift Games LLC, or any game developer; all trademarks belong to their respective owners. Because our Service is account-based and processes payments, the cookies and storage we rely on are focused on keeping you signed in, keeping your account secure, and making features such as the cart work — not on tracking you.
The Service is intended only for users 13 or older, and users under 18 (or the age of majority where they live) must have a parent or guardian's permission and involvement to use it. Full eligibility terms are set out in our Privacy Policy and Terms of Service.
2. Why we use cookies & similar technologies
We deliberately keep our use of cookies minimal. Today we use only strictly-necessary and functional technologies. We use them for the following purposes:
- Authentication and session management. When you sign in, your browser stores an authentication (session) token so you stay signed in as you move between pages and so we know which account is making a request. Without this, you would have to re-enter your password on every page.
- Security and CSRF protection. We use security tokens and related values to protect against cross-site request forgery (CSRF) and other attacks, and to verify that requests genuinely come from you.
- Fraud and abuse prevention. Because the Service handles payments and account balances, our security and CSRF values, together with our infrastructure provider (Cloudflare), help detect and block fraudulent, automated, or abusive activity (for example, bot traffic or account-takeover attempts).
- Remembering your cart and preferences. Functional storage remembers the items in your cart and basic preferences so the Service behaves the way you expect.
- Core functionality. Some cookies are needed for the Site to load reliably and for features such as the prepaid wallet, Star Points loyalty, levels and claimable rewards, referrals, and occasional free-entry raffles or giveaways to work.
We do not currently use analytics cookies, advertising or marketing cookies, retargeting cookies, or any cross-site behavioral-tracking technology. See Section 5 for the full list of what we do not use.
3. Categories of cookies we use
The law generally groups cookies into categories based on what they do. We use two categories today: strictly necessary (which cannot be switched off because the Service will not work without them) and functional (which improve your experience and are optional). The table below lists the technologies in honest terms. The names shown describe what each item is rather than an exact technical key, because some are browser-storage values rather than traditional named cookies, and third-party items are named and set by the providers themselves.
| Technology / type | Category | Purpose | Typical duration | Opt-out |
|---|---|---|---|---|
| Authentication / session token (browser local storage or session storage) | Strictly necessary | Keeps you signed in to your account and identifies your session to our API. | Until you sign out, or until the session expires or is cleared. | No — required to use a signed-in account. |
| Security / CSRF and request-verification values | Strictly necessary | Protects against cross-site request forgery and helps confirm requests come from you; supports fraud and abuse prevention. | Session, or short-lived. | No — required for a secure session. |
| Cloudflare security cookie | Strictly necessary | Set by Cloudflare, our CDN and security provider, to help protect the Service from malicious traffic and to keep it available. | Set by Cloudflare; typically up to 12 months. | No — required for site security. |
| Cart contents (browser local storage) | Functional | Remembers the virtual items you have added to your cart so they are still there when you return. | Until you clear it or your browser storage is cleared. | Yes — you can clear it in your browser (see Section 6). |
| Preferences (browser local storage) | Functional | Remembers basic interface preferences and state so the Service behaves consistently for you. | Until cleared. | Yes — you can clear it in your browser. |
The exact set of values may change as we improve the Service. When a change affects the categories above (for example, if we ever introduced an optional cookie), we would update this table and, where required, ask for your consent first.
4. Third-party cookies & services
Some features of the Service rely on trusted third-party providers whose code may set their own cookies or storage when those features are used. These third parties act as our service providers (processors), and their use of cookies is governed by their own privacy and cookie policies, not ours. The third parties that may set cookies in connection with the Service are:
| Provider | Role | When cookies may be set |
|---|---|---|
| Cloudflare | CDN, DNS, and security/anti-abuse layer in front of the Site. | On general use of the Site, to protect and deliver it. |
| Crisp | Customer support live-chat widget. | Only where the support-chat widget is enabled and loaded, so conversations and your chat history work. |
| Optional "Sign in with Google" (OAuth) authentication. | Only during the sign-in flow if you choose to sign in with Google. |
We do not control these third parties' cookies and we do not receive cross-site advertising data from them. For more information, please review their respective policies. Our full list of service providers (sub-processors), including our payment processors NOWPayments (cryptocurrency) and, when card payments are enabled, PaymentCloud, our email provider Resend, and our hosting providers Vercel (frontend) and Railway (backend and database), is set out in our Privacy Policy. We never receive or store full card numbers.
5. What we do NOT use
For analytics, we use one privacy-friendly tool: Vercel Web Analytics, to understand aggregate traffic and page performance. It is cookieless — it sets no cookies, does not use your device's storage to track you, does not identify you, and does not follow you across other websites or build an advertising profile. With that single exception, the following do not apply to buyer.gg:
- We do not use Google Analytics or any other cookie-based web-analytics tool.
- We do not use the Meta/Facebook Pixel or any social-media advertising pixel.
- We do not use advertising, marketing, or retargeting cookies.
- We do not use cross-site or cross-context behavioral-tracking technologies, and we do not build advertising profiles about you.
- We do not use third-party A/B-testing or experimentation trackers.
- We do not currently run a "cookie preference center" or consent-banner tool, because we only use strictly-necessary and functional technologies, which generally do not require a consent banner.
If this ever changes — for example, if we decide to introduce analytics or any non-essential cookies — we will update this Cookie Policy, list the new technologies, and obtain your consent where required by law (including, where applicable, through a consent mechanism) before setting them.
6. Managing & disabling cookies
You are in control of cookies and browser storage on your device. You can manage them in two main ways:
6.1 Through your browser settings
Most browsers let you view, block, or delete cookies and clear your local and session storage. The exact steps vary by browser; the providers publish their own instructions:
- Google Chrome — Settings → Privacy and security → Third-party cookies / Clear browsing data.
- Mozilla Firefox — Settings → Privacy & Security → Cookies and Site Data.
- Apple Safari — Settings/Preferences → Privacy → Manage Website Data; on iOS, Settings → Safari.
- Microsoft Edge — Settings → Cookies and site permissions → Manage and delete cookies and site data.
6.2 Clearing local and session storage
Because we keep your sign-in token and cart in browser storage, you can also clear those directly using your browser's "Clear browsing data" / "Clear site data" tools, or via the browser's developer tools (Application/Storage panel).
Important: The strictly-necessary technologies in Section 3 are required for the Service to work. If you block or clear them, you will be signed out, your cart may be emptied, and core features such as checkout may stop working. There is no way to use a signed-in account without the authentication and security values.
7. Do Not Track & Global Privacy Control
Do Not Track (DNT). Some browsers can send a "Do Not Track" signal. Because there is no common, finalized industry standard for how websites should respond to DNT signals, we do not currently respond to them differently. However, this has little practical effect with our Service, because — as explained in Section 5 — the only analytics we use is cookieless and we avoid advertising and cross-site tracking entirely.
Global Privacy Control (GPC) and opt-out signals. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, so there is nothing for you to opt out of in that respect. Where you send a GPC signal or make an opt-out request, we treat it as a valid request and honor applicable privacy rights. You can also exercise your privacy rights (including access, correction, and deletion) at any time by emailing corporate@buyer.gg, as described in our Privacy Policy (CCPA/CPRA and other applicable laws).
8. Consent under GDPR, UK GDPR & PECR
If you are in the European Economic Area (EEA), the United Kingdom, or another region with similar rules, the following applies:
- Strictly-necessary cookies. The cookies and storage that are strictly necessary to provide a service you have requested (for example, keeping you signed in and keeping the Service secure) do not require consent under the EU ePrivacy rules and the UK Privacy and Electronic Communications Regulations (PECR). We rely on these because you cannot use a signed-in marketplace account without them.
- Non-essential cookies. We do not currently set non-essential cookies. If we ever introduce them (for example, analytics or marketing cookies), we will request your consent before they are set, in line with the GDPR, UK GDPR, and PECR, and we will explain their purpose and duration in this policy.
- Withdrawing consent. Where consent is the legal basis, you may withdraw it at any time — for example, through any consent mechanism we provide, by adjusting your browser settings, or by contacting us. Withdrawing consent is as easy as giving it. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.
- Functional cookies. The functional storage we use (cart and preferences) supports features you actively use; you can remove it at any time using your browser, as described in Section 6.
For more on the legal bases we rely on, international transfers, and your rights, please see our Privacy Policy.
9. Changes & effective date
We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in our practices, or in the law. When we make a material change, we will update the "Last updated" date and version number at the top of this page and, where required, take additional steps such as notifying you or requesting consent.
This Cookie Policy is Version 2.0, with an effective date and last-updated date of June 19, 2026. Your continued use of the Service after an update takes effect means you accept the revised policy, except where your consent is separately required for non-essential cookies.
10. How to contact us
If you have questions about this Cookie Policy or about how we use cookies and similar technologies, please contact us:
- Privacy, legal & data requests: corporate@buyer.gg
- Customer support: support@buyer.gg
- Postal address: Buyer.gg LLC, 8 The Green, STE B, Dover, Kent County, DE 19901, United States.
If you are a parent or guardian and believe a child under 13 has provided us with personal information, please contact corporate@buyer.gg so we can delete it. The Service is intended only for users 13 or older (US COPPA), and we do not knowingly collect personal information from children under 13.