01Overview
In plain language: a few small files and signals let us keep you logged in, stop people from cheating the unlock flow, and run the services that make SEPX work. This page explains what those technologies are and how to control them.
This Cookie Policy explains how SEPX, LLC (“SEPX”, “we”, “us” or “ our”) uses cookies, browser local storage, and device fingerprinting across this legal website and across our services, including the SEPX Discord bots and the SE Keys access/unlock system. It supplements, and should be read together with, our Privacy Policy, which describes the full set of personal data we process and the legal bases on which we rely.
A short glossary of the technologies covered here:
- Cookies are small text files a website or service stores in your browser. They can be “session” cookies (deleted when you close the browser) or “persistent” cookies (kept until they expire or you remove them), and either “first-party” (set by us) or “third-party” (set by another company, such as an advertising or login provider).
- Local storage (and related browser storage such as
sessionStorage) lets a service keep small amounts of data in your browser, for example a preference or a short-lived token, much like a cookie but accessed by client-side code rather than sent automatically with every request. - Device fingerprinting is the practice of combining signals about your browser and device — such as canvas-rendering output and other JavaScript signals, together with your IP address and User-Agent — into an identifier we use to detect fraud and to stop people bypassing the unlock flow. We describe this in detail in the Device Fingerprinting section below.
We refer to cookies, local storage, fingerprinting and similar technologies collectively in this policy as “cookies and similar technologies”.
02This Website vs. Our Services
This legal website is deliberately lightweight; the operational services are where the technologies described in this policy actually run.
This legal website. The site you are reading now exists to publish our policies and company information. It uses only minimal, strictly-necessary browser storage needed to serve the pages securely and remember basic display settings. It does not run advertising trackers, does not embed third-party ad networks, and does not fingerprint your device. As a result, browsing these policy pages does not subject you to the monetisation or anti-bypass technologies described below.
Our services. By contrast, our operational services use the technologies described in this policy because they are functionally necessary or are part of how the service is delivered:
- The unlock flow. When you click
UnlockorGenerate Keyin Discord, you receive a one-time link and complete a third-party AdMaven content-locker ad offer. That flow relies on session state, an anti-bypass click ID, device fingerprinting, and AdMaven’s own cookies and similar technologies. - Account and login. The SEPX Discord bots and the SE Keys access system use account, login and security cookies so you can sign in with Discord, stay signed in, and use the Services safely.
Reading these legal pages is not the same as using our services. The advertising, login and fraud-prevention technologies below apply to the unlock flow and to the Services — not to this documentation site.
03Categories We Use
The table below groups the cookies and similar technologies we and our providers use, by purpose.
Exact names and lifetimes can change as we update the services and as our providers update theirs. The categories, however, describe the kinds of technologies you can expect to encounter when using the unlock flow and the Services.
| Category | Purpose | Examples |
|---|---|---|
| Strictly necessary | Required to operate the service securely and to deliver features you actively request. These cannot be switched off without breaking core functionality such as login and the unlock flow. | Session cookie that keeps you signed in; anti-bypass click ID that ties a one-time link to a single unlock attempt; Discord OAuth login state; CSRF/security tokens; cookies supporting database-backed rate limiting. These cookies are httpOnly, secure and sameSite where applicable. |
| Functional / preferences | Remember choices you make so the service behaves the way you expect, such as interface or display preferences. | Local storage or cookies recording UI preferences and previously selected options when using the Services. |
| Analytics / performance | Help us understand how the services are used and perform so we can fix problems and improve them. Used only in aggregate and, where required, subject to consent. | Aggregated usage and performance measurement; counts of unlock attempts and error rates. We do not use these to build advertising profiles of you. |
| Fraud prevention | Detect and block abuse, automated bots, and attempts to bypass the ad-supported unlock flow. Treated as strictly necessary to protect the service and our monetisation. | Device fingerprint derived from canvas and JavaScript signals combined with IP address and User-Agent; fraud risk scoring; audit signals. See Device Fingerprinting. |
| Third-party | Set by other companies whose services we integrate. We do not control these cookies; they are governed by those companies’ own terms and privacy notices. | AdMaven cookies set while you complete a content-locker offer; Discord cookies set during OAuth login; cookies set by infrastructure and, where used, our payment processor. |
04Device Fingerprinting
Fingerprinting is central to keeping the free, ad-supported unlock flow fair — it is how we tell a genuine user apart from a bot or a bypass attempt.
Because access through SE Keys is primarily ad-supported and free to you, the system must resist automated abuse and attempts to skip the ad offer. To do this, we generate a device fingerprint for the browser session involved in an unlock. The fingerprint is built from:
- Canvas signals — the output of rendering an image with your browser, which varies subtly between devices and configurations;
- Other JavaScript signals — characteristics your browser exposes to client-side code; and
- Network and request signals — your IP address and User-Agent, which the server sees with each request.
These signals are combined to recognise when the same device repeatedly attempts to abuse the system, to feed our fraud risk scoring, and to enforce the anti-bypass design of the unlock flow (random, unguessable click IDs and HMAC-signed, expiring, one-time links). The fingerprint works alongside the click ID rather than replacing it.
Retention. Device fingerprints are pruned after approximately 30 days. Related session data is purged when the session expires, and generated access keys expire on a per-guild time-to-live (by default about one hour) and are threshold-purged. See the Privacy Policy for full retention details.
Legal basis. We rely on device fingerprinting as strictly necessary to provide the service you request and as a legitimate interest in preventing fraud, securing the unlock flow, and protecting the ad-supported model that keeps access free. Where local law treats fingerprinting as requiring consent, we handle it through the consent mechanisms described below.
Fingerprinting and the related click ID are integral to the unlock flow. Blocking them — for example by disabling JavaScript or scripts on the unlock page — will typically prevent the system from verifying your ad-offer completion and issuing an access key or Discord role.
05Third-Party Cookies
Some cookies you encounter while using our services are set by other companies, not by us.
When you use the unlock flow or log in, you interact with third-party providers that set and read their own cookies and similar technologies. We do not control these cookies, cannot read their contents, and are not responsible for how those providers operate them. They are governed by those companies’ own terms and privacy notices, which we encourage you to review.
- AdMaven. The content-locker ad offers you complete in the unlock flow are served by AdMaven. AdMaven and the advertisers behind individual offers set their own cookies and similar technologies, and each offer carries its own terms and privacy notice. These are governed by AdMaven’s own policies, not ours. Completing an offer is part of how access stays free — it is not a purchase.
- Discord. Logging in with Discord (OAuth) and using Discord generally may cause Discord to set cookies in your browser, subject to Discord’s own policies.
- Google. Our AI features use Google (Gemini). Google may set cookies in connection with services it provides, under Google’s own policies.
- Infrastructure and payments. Our hosting, database and infrastructure providers, and any payment processor used for paid products, may set strictly-necessary cookies to deliver and secure those functions.
To understand and control these third-party cookies, please consult the relevant provider’s own cookie and privacy notices in addition to using the browser controls described below.
06Managing Your Choices
You can control most cookies through your browser, and through a consent banner where we are required to show one.
Browser controls. All major browsers let you view, block and delete cookies and clear local storage, usually under a privacy or security settings menu. You can typically block third-party cookies, delete existing cookies, or set the browser to ask before storing cookies. You can also disable JavaScript, although doing so will break much of the functionality of our services.
Consent banner. In the EU/EEA and the UK, where the law requires it, we present a consent mechanism for non-essential technologies (such as analytics) so you can accept or decline them. You can change your choice later using the same mechanism where it is offered.
Global Privacy Control and Do Not Track. Browser “Do Not Track” signals are not consistently standardised, and we do not currently respond to them as a separate opt-out. Where we are legally required to honour an opt-out preference signal such as Global Privacy Control (GPC), we will treat a valid signal as an applicable opt-out request to the extent required by law. Because SEPX does not sell personal data, many such signals have limited practical effect on our processing.
Disabling strictly-necessary cookies and storage — including the session cookie, the anti-bypass click ID, Discord OAuth login state, and security/CSRF tokens — will break login and the unlock flow. If you block these, the services may not work for you.
07Consent
Strictly-necessary technologies do not need your consent; non-essential ones do, where the law requires it.
For users in the EU/EEA and the UK, we rely on your consent for non-essential cookies and similar technologies, such as analytics/performance measurement, before they are set, where consent is required. You may withdraw that consent at any time using the consent mechanism or your browser controls; withdrawal does not affect the lawfulness of processing carried out before you withdrew.
Strictly-necessary technologies — those required to provide a service you have requested (for example, keeping you logged in, securing the request, and operating the anti-bypass unlock flow) — do not require consent and remain active so the services can function. Fraud-prevention signals, including device fingerprinting, are treated as strictly necessary and/or as a legitimate interest in protecting the service, as described in the Device Fingerprinting section and in our Privacy Policy.
Outside the EU/EEA and the UK, we use cookies and similar technologies in accordance with applicable local law, which may permit certain uses without prior consent.
This Cookie Policy describes our general practices. It is not legal advice and does not address your particular circumstances. If you need advice about your own situation, please consult a qualified professional.
08Changes & Contact
We may update this policy, and you can always reach us with questions.
We may revise this Cookie Policy from time to time to reflect changes in the technologies we use, our providers, or the law. When we do, we will update the “Last updated” date shown at the top of this page. Material changes may be communicated through the services. The current version is effective as of June 6, 2026. Continued use of the services after an update means you accept the revised policy.
If you have questions about this Cookie Policy or how we use cookies and similar technologies, contact us at [email protected] (you may mark data-related enquiries Attn: Data Protection), or by post at Zachary Naone, Ehrenbergstraße 16a, Scanbox 20900, 10245 Berlin, Germany.
For more on the data we process and your rights, see our Privacy Policy. You may also wish to review our Terms of Service, Refund Policy, and our Contact page.