Last updated: 2026-05-20
Who we are and what this policy covers
Wonder Saga is operated by Mawal AB, a Swedish private limited company (organization number 559279-0462, VAT number SE559279046201), with its registered office at Hallandsgatan 38, 118 57 Stockholm, Sweden. In this policy, "Wonder Saga", "we", "us", and "our" refer to Mawal AB; "you" and "your" refer to the person using the service.
This policy explains the cookies and similar technologies used on the Wonder Saga websites at wondersaga.com and wondersaga.se, and how you can control them. It covers what each technology does, who sets it, why, whether you have to accept it, and how to change your mind.
Mawal AB decides which cookies and similar technologies are used on the service. How we handle personal data in general, including the legal bases, the recipients, how long we keep data, and your data protection rights, is described in our Privacy Policy. For any question about cookies, email info@wondersaga.com.
What cookies and similar technologies are
Cookies are small text files a website asks your browser to store on your device and reads back on later page loads.
First-party cookies are set under our own domain. Third-party cookies are set under another company's domain when its code runs on the page.
Session cookies are deleted when you close the browser. Persistent cookies stay until they expire or you delete them.
Similar technologies include local storage and session storage, which are small key-and-value stores in your browser, and IndexedDB, a larger database in your browser. We use these to keep small amounts of data on your device in the same way as cookies.
Tags and pixels are small pieces of third-party code, or small invisible images, that load on a page and let a provider record that the page was viewed or that an action happened. We use a few of these for the analytics and advertising purposes described below. They usually work alongside cookies, so blocking cookies also limits what they can do.
The same consent rules apply to all of these, not only to classic cookies. This policy uses "cookies" as shorthand for all of them.
Why we use cookies and how we ask for your consent
We use cookies to keep you signed in and run core features, to remember settings you have chosen, to understand how the service performs and to find and fix errors, and to measure the ads we run so we know which ones bring new users.
Strictly necessary cookies are set without asking for your consent, because the service cannot deliver what you asked for without them. For other cookies we ask for your consent first and do not set them until you agree. One analytics tool we use sets nothing on your device at all, so it needs no consent; this is explained in the next section.
The first time you visit, and again if our cookie use changes materially, a cookie banner appears before any non-essential cookie is set. You can accept all cookies, deny all non-essential cookies, or open the details to choose category by category and save your choices. Rejecting is as straightforward as accepting: the "Deny all" button sits next to "Accept all". No optional category is switched on in advance. Strictly necessary cookies are listed in the banner for transparency but cannot be turned off.
Your choice is saved in the cookie_consent cookie so the service honors it and so we can show that consent was given. We may ask again from time to time, and we will ask again if our use of non-essential cookies changes materially. You can change or withdraw your consent at any time, as described in section 6.
The cookies we use, by category
The technologies below are grouped by what they are for. The exact set can change as the service evolves and as our providers update their own technologies. You can always see the current set in your browser's storage view, and the cookie settings let you change your choices at any time.
Strictly necessary cookies and storage
These are needed to deliver the service you asked for and to honor settings you have chosen, so they are set without asking for consent. They keep you signed in, hold your authentication state, remember your cookie choices and your answer to the language prompt, and keep the work in progress while you create a story. If you block them in your browser, parts of the service, such as signing in, may stop working.
| Name | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
| session | Wonder Saga (first-party) | Keeps you signed in after you authenticate. | Cookie | 31 days |
| cookie_consent | Wonder Saga (first-party) | Remembers your cookie choices so we can honor them and not ask again on every visit. | Cookie | 1 year |
| language_preference | Wonder Saga (first-party) | Remembers your answer to the language prompt so it is not shown to you again. | Cookie | 1 year |
| firebaseLocalStorageDb | Firebase Authentication, by Google (stored in your browser) | Stores your signed-in authentication state so your session persists between page loads. | IndexedDB | Until you sign out or clear your browser storage |
| firebase-heartbeat-database | Firebase, by Google (stored in your browser) | Records which features of the Firebase sign-in tools your browser has used. | IndexedDB | Until you clear your browser storage |
| create-form-state | Wonder Saga (first-party) | Holds the story details you are entering so they survive a page reload. | Session storage | Until you close the browser tab |
| stories-per-page | Wonder Saga (first-party) | Remembers how many saved stories you chose to show per page in your account. | Local storage | Until you clear your browser storage |
Analytics and performance
For usage analytics we use Vercel Analytics. It measures page views and basic usage without setting any cookies or storing anything on your device, and it does not build a cross-site profile of you. Because it stores nothing on your device, it does not rely on cookie consent. Any personal data it still receives, such as a truncated IP address, is covered by our Privacy Policy.
To detect and diagnose errors we use Sentry. Sentry reports errors to us so we can fix them, and that error reporting sets nothing on your device. If you accept the analytics and performance category in the cookie banner, Sentry additionally keeps a short diagnostic record in your browser's session storage. It captures the content of the pages you view and what you do on them, such as clicks and scrolling, so that when something goes wrong we can step through what happened. This is not a video or a recording of your screen, and text is masked and media is hidden. It is held only for the current browser tab and is cleared when you close the tab or withdraw your consent.
| Name | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
| sentryReplaySession | Sentry browser tools (Functional Software, Inc.) | Holds a short, masked diagnostic record of the page content and your interactions so we can investigate an error if one occurs. | Session storage | Until you close the browser tab |
Advertising and conversion cookies
We advertise Wonder Saga on platforms such as Google and Meta (Facebook). When you reach the site from one of our ads and later create an account or buy a subscription, advertising and conversion cookies let us tell the ad platform that the ad worked, so we can measure what we spend. We set these cookies only if you accept the advertising category in the cookie banner.
We use these cookies to measure our own ad campaigns. We do not use them to build an advertising profile of you on our side, and Wonder Saga does not show third-party ads.
| Name | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
| targeting | Wonder Saga (first-party) | Stores the Facebook ad-click identifier from an ad you came through, so a later sign-up or purchase can be counted as a conversion. | Cookie | 1 year |
| _gcl_au | Google (first-party cookie set by the Google tag) | Lets Google Ads measure that a visit led to a sign-up or purchase. | Cookie | Set and controlled by Google; see the Google cookie notice |
Meta does not set its own cookie on our site, so the only advertising item stored on your device is our own targeting cookie. When you accept advertising cookies, Google may set further cookies on its own domains; their names and lifetimes are controlled by Google and are listed in Google's cookie notice.
Because these cookies pass information to advertising companies, US state privacy law may treat their use as a "sale" or "sharing" of personal information. See section 8.
Other companies that set cookies through our service
Some of the technologies above are provided by other companies. Their cookies are governed by those companies' own cookie and privacy notices, and we do not control them.
- Google. Firebase Authentication keeps you signed in, and Google Ads measures conversions from our ads. See Google's cookie notice at policies.google.com/technologies/cookies.
- Sentry (Functional Software, Inc.). Error monitoring and diagnostics. See sentry.io/privacy.
- Paddle. Our checkout is operated by Paddle as Merchant of Record. When you open the Paddle checkout, Paddle and the providers it relies on to run the checkout, such as payment processing and fraud prevention, set their own cookies for the checkout flow under their own domains and notices. We do not control these cookies, and they are not set on the Wonder Saga site itself. See Paddle's privacy notice at www.paddle.com/legal/privacy.
How to manage, change, or withdraw your consent
A cookie icon button is shown at the edge of every page. Click it to reopen the cookie settings at any time and change your category choices.
You can change or withdraw your consent at any time. Doing so is as easy as giving consent in the first place. Withdrawing consent does not affect the lawfulness of anything we did based on your consent before you withdrew it.
You can also block or delete cookies through your browser settings, and clear local storage, session storage, and IndexedDB there. Most browsers explain how on their own help pages. Blocking strictly necessary cookies will break parts of the service, such as signing in.
You can manage Google's advertising cookies through Google's Ads Settings at adssettings.google.com, and opt out of interest-based advertising from many companies through youronlinechoices.eu (EU and EEA) or optout.aboutads.info (US).
Do Not Track and Global Privacy Control
Do Not Track. Some browsers can send a "Do Not Track" signal. There is no common, agreed standard for how a website should respond to it, so we do not act on it.
Global Privacy Control. Global Privacy Control (GPC) is a browser signal that asks a website to opt you out of the sale or sharing of your personal information. Because we do not sell or share personal information through cookies as those terms are used under US state privacy law (see section 8), there is currently no such activity to opt out of. If that changes, we will treat a valid GPC signal as a request to opt out.
US state privacy rights and cookies
Some advertising and tracking cookies pass information to other companies. US state privacy laws, such as the California Consumer Privacy Act (CCPA), can treat this as a "sale" or "sharing" of personal information even when no money changes hands. Those obligations, including the duty to honor the Global Privacy Control, bind businesses that meet the laws' thresholds; a smaller operator may honor the same rights voluntarily.
Mawal AB does not currently meet the thresholds of the CCPA or other US state privacy laws, and honors these rights voluntarily. We use advertising and conversion cookies only to measure our own ad campaigns. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the CCPA. There is therefore no "Do Not Sell or Share My Personal Information" activity to opt out of today. If our practices change, we will provide an opt-out and honor a valid Global Privacy Control signal as described in section 7.
Our wider US state privacy disclosures are in the US state privacy rights section of our Privacy Policy. If you are in California, you can also raise concerns with the California Privacy Protection Agency at cppa.ca.gov.
How cookies relate to your personal data
Some of the cookies described here process personal data, such as online identifiers or your IP address. How we handle personal data, the legal bases we rely on, who we share it with, how long we keep it, and the rights you have are described in our Privacy Policy.
Changes to this Cookie Policy
We may update this Cookie Policy as the service and our providers change. The "Last updated" date at the top reflects the most recent change. If we add or materially change the non-essential cookies we use, we will ask for your consent again or show a prominent on-site notice before the new cookies are set.
How to contact us and complain
For any question about this Cookie Policy, email info@wondersaga.com.
Complaints. If you think our use of cookies or similar technologies does not respect your rights, please contact us first at info@wondersaga.com so we can help. You also have the right to complain to a supervisory authority. In Sweden, the authority for the cookie-consent rule is the Swedish Post and Telecom Authority (Post- och telestyrelsen, PTS) at pts.se, and the authority for data protection is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se. If you are in another EU or EEA country, you can complain to your national data protection authority; you can find it through the European Data Protection Board directory at edpb.europa.eu. If you are in the United Kingdom, you can complain to the Information Commissioner's Office at ico.org.uk/concerns.
Mawal AB
Hallandsgatan 38
118 57 Stockholm
Sweden
