Cookie Policy

Last updated: January 22, 2026
PoliciesTermsPrivacyCookiesCommunity Guidelines
Like all platforms, we use cookies and other similar technologies for the site to function, and to give you a better and more personalized experience of Change.org. This policy outlines which cookies we use and explains how you can manage them.

Table of Contents
  1. What is a cookie?
  2. What cookies do we use?
  1. How do I manage cookies?
  2. Policy updates

  1. What is a cookie?

    Cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript are standard features of websites that allow us to store small amounts of data on your computer about your visit to the Change.org platform. They help us learn which areas of the platform are useful and which areas need improvement.
    On Change.org, we use cookies for many things, which we explain in detail below and which include:

    • to remember your preferred language and country;
    • to help you log in again when you revisit the platform;
    • to connect your Change.org account to your social media account, if you choose to do so; and
    • to help our engineers improve the platform, by understanding how people find us and what devices they’re using.

    The section below, titled “How do I manage cookies?”, outlines the choices you can make to control cookies. However, if you disable cookies and similar technologies, your experience on the platform may be diminished and some features may not work as intended.

    2. More information about cookies can also be found at http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm, https://ico.org.uk/for-the-public/online/cookies/ and http://www.allaboutcookies.org/.

  2. What cookies do we use?

    Below we list the different types of cookies that may be used by Change.org. Our Privacy Policy complements this Cookie Policy and outlines how any information that may be collected from cookies is used.

    Provider & legal basis. “1P” means first party (set by Change.org); “3P” means third party (set by our partners). Essential cookies are strictly necessary (no consent required under ePrivacy); processing relies on GDPR Art. 6(1)(b) and/or 6(1)(f). Preference, Analytics, and Marketing cookies are used with your consent (GDPR Art. 6(1)(a)).

    Retention. “Session” cookies expire when you close your browser. Unless otherwise stated, non-essential cookies persist for up to 13 months and you can withdraw consent at any time via the cookie manager.

    Transfers. Where cookie data is transferred outside your region, we use appropriate safeguards (e.g., Standard Contractual Clauses). See our Privacy Policy for more details.

    Essential Cookies

    Essential cookies enable you to navigate our platform and to use our services and features. Without these cookies, our website and platform will not perform as smoothly for you, and we may not be able to provide certain core functions and features.

    Note: We use Google reCAPTCHA on some pages (including our Help Center). reCAPTCHA may set cookies such as _GRECAPTCHA, AEC, SOCS, NID and may use local storage keys (e.g., rc::a/b/c). We configure reCAPTCHA strictly for anti-abuse/security.

    CookieProvider (1P/3P)ExpiryUse / categorization rationale
    ACCOUNT_CHOOSERGoogle (3P)Up to 6 monthsStores Google account chooser state for Sign-In UX and security.
    AECGoogle (3P)Up to 6 monthsEnsures requests are made by the user and not malicious sites; anti-abuse.
    G_AUTHUSER_HGoogle (3P)SessionFacilitates Google login and sharing on Change.org.
    G_ENABLED_IDPSGoogle (3P)SessionFacilitates Google login and sharing on Change.org.
    HSIDGoogle/YouTube (3P)Up to 13 monthsTracks Google account ID and recent sign-in time for security.
    LANGPayPal (3P)SessionProvides PayPal payment options and security.
    LSIDGoogle (3P)Up to 2 yearsGoogle account session management and security.
    LSOLHGoogle (3P)Up to 2 yearsLogin session state and security for Google services.
    New Relic scriptNew Relic (3P)SessionPerformance metrics (e.g., page load times, transaction traces).
    SOCSGoogle (3P)Up to 13 monthsSecurity/state management for Google services; may record consent status.
    Sentry scriptSentry (3P)SessionError diagnostics (logs, stack traces, device/browser info, IP).
    SIDGoogle/YouTube (3P)Up to 13 monthsTracks Google account ID and recent sign-in time for security.
    X-PP-SILOVERPayPal (3P)SessionProvides PayPal payment options and security.
    __Host-1PLSIDGoogle (3P)Up to 2 yearsGoogle account session integrity and security.
    __Host-3PLSIDGoogle (3P)Up to 2 yearsGoogle account session integrity and security.
    __Host-GAPSGoogle (3P)Up to 2 yearsMaintains Google session state and security for Sign-In.
    __Secure-1PAPISIDGoogle (3P)Up to 2 yearsAuthentication/abuse prevention for Google services; security-only configuration.
    __Secure-1PSIDGoogle (3P)Up to 2 yearsAuthentication and session security; security-only configuration.
    __Secure-1PSIDCCGoogle (3P)Up to 1 yearSession security and fraud prevention; security-only configuration.
    __Secure-1PSIDTSGoogle (3P)Up to 2 yearsTimestamped token to protect Sign-In and prevent abuse; security-only configuration.
    __Secure-3PSIDTSGoogle (3P)Up to 2 yearsTimestamped token to protect Sign-In and prevent abuse; security-only configuration.
    __Secure-BUCKETGoogle/YouTube (3P)Up to 13 monthsPrevents spam/abuse and ensures secure operation of embedded Google/YouTube services. Not used for advertising.
    __Secure-ENIDGoogle (3P)Up to 13 monthsPrevents spam/fraud and protects services against abuse. Not used for advertising.
    __Secure-STRPStripe (3P)Up to 1 yearStripe security and fraud-prevention for payments/embedded components.
    __cf*Cloudflare (3P)SessionGeneral Cloudflare security cookies.
    __cf_bmCloudflare (3P)Up to 30 minutesPrevents certain attacks (DDoS) and other security risks.
    __cf_ob_infoCloudflare (3P)SessionPrevents certain attacks (DDoS) and other security risks.
    __cf_use_obCloudflare (3P)SessionPrevents certain attacks (DDoS) and other security risks.
    __cfduidCloudflare (3P)SessionLegacy Cloudflare security cookie (used only if enabled).
    __cfruidCloudflare (3P)SessionPrevents certain attacks (DDoS) and other security risks.
    __cfuidCloudflare (3P)SessionPrevents certain attacks (DDoS) and other security risks.
    __cfuvidCloudflare (3P)SessionPrevents certain attacks (DDoS) and other security risks.
    __stripe_midStripe (3P)Up to 1 yearPrevents payment fraud.
    __stripe_sidStripe (3P)SessionPrevents payment fraud.
    _GRECAPTCHAGoogle (3P)Up to 6 monthsreCAPTCHA bot detection and abuse prevention for forms; may be set on google.com.
    _change_idChange.org (1P)SessionTracks user state and login.
    _change_langChange.org (1P)Up to 13 monthsTracks language preference.
    _change_sessionChange.org (1P)SessionMaintains session for logged-in users.
    _helpjuice_session_v2Helpjuice (3P)SessionMaintains session for our Help Center/knowledge base.
    _px3Human Security (3P)Up to 1 yearBot/fraud detection.
    _pxff_*Human Security (3P)SessionBot/fraud detection.
    _pxhdHuman Security (3P)Up to 1 yearBot/fraud detection.
    _pxvidHuman Security (3P)Up to 1 yearBot/fraud detection.
    app_meta_ppmu_ty_receiptChange.org (1P)Up to 13 monthsTracks user preferences (e.g., banner dismissals, promotions, unsubscriptions).
    app_meta_promoted_tyChange.org (1P)Up to 13 monthsTracks user preferences (e.g., banner dismissals, promotions, unsubscriptions).
    app_meta_starter_dash_prompt_bannerChange.org (1P)Up to 13 monthsTracks user preferences (e.g., banner dismissals, promotions, unsubscriptions).
    app_meta_unsubscribe_gtmChange.org (1P)Up to 13 monthsTracks user preferences (e.g., banner dismissals, promotions, unsubscriptions).
    cf_clearanceCloudflare (3P)Up to 1 yearCloudflare challenge clearance; protects against abuse.
    cidStripe (3P)SessionProvides payment options and security.
    cookie_bannerChange.org (1P)Up to 13 monthsStores cookie preferences.
    countryChange.org (1P)Up to 13 monthsShows content relevant to a user’s country.
    docs.prefsStripe (3P)SessionProvides payment options and security.
    dont_auto_login_via_facebookChange.org (1P)Up to 13 monthsAllows users to disconnect Facebook auto-login.
    enforce_policyPayPal (3P)SessionProvides PayPal payment options and security.
    fbsr_*Meta/Facebook (3P)SessionFacilitates login and sharing on Change.org.
    g_stateGoogle (3P)SessionTemporary state for One-Tap/Sign-In flow; anti-abuse.
    l7_azPayPal (3P)SessionProvides PayPal payment options and security.
    machine_identifierStripe (3P)Up to 1 yearPrevents payment fraud.
    membership_viewChange.org (1P)Up to 6 monthsPersonalizes membership signup options displayed.
    optimizelyEndUserIdOptimizely (3P)Up to 13 monthsInclude/exclude user in experiments per consent.
    optimizelyOptOutOptimizely (3P)Up to 13 monthsRecords a user’s Optimizely opt-out state.
    pending-signature-*Change.org (1P)SessionKeeps track of signatures requiring authentication.
    private_machine_identifierStripe (3P)Up to 1 yearProvides payment options and security.
    pxctsHuman Security (3P)SessionBot/fraud detection.
    recent-viewsStripe (3P)SessionProvides payment options and security.
    sc_fPayPal (3P)SessionProvides PayPal payment options and security.
    stripe.csrfStripe (3P)SessionCSRF protection for Stripe.
    tsPayPal (3P)SessionProvides PayPal payment options and security.
    ts_cPayPal (3P)Up to 3 yearsProvides PayPal payment options and security.
    tsrcePayPal (3P)SessionProvides PayPal payment options and security.
    uuidChange.org (1P)Up to 13 monthsTracks user state and login.

    Preference Cookies

    Preference cookies remember your choices and settings—like language or region—so the site works the way you expect when you come back. They help us keep your preferences over time and personalize content (for example, greeting you by name).

    CookieProvider (1P/3P)ExpiryUse / categorization rationale
    OTZGoogle (3P)Up to 6 monthsGoogle preferences tracking.
    app_download_banner_closed_countChange.org (1P)Up to 13 monthsTracks times seen/dismissed for banners (policy updates, GDPR, surveys).
    app_meta_membership_before_you_goChange.org (1P)Up to 13 monthsTracks membership page visits.
    app_meta_membership_reminderChange.org (1P)Up to 13 monthsTracks membership page visits.
    app_meta_public_signature_*Change.org (1P)Up to 13 monthsSignature display preference.
    current_user_languageHelpjuice (3P)Up to 13 monthsSaves language preference in the Help Center.
    mem_banner_xChange.org (1P)Up to 13 monthsMembership banner dismissal preference.
    mem_card_xChange.org (1P)Up to 13 monthsMembership card dismissal preference.
    psf_combo_bandit_rr1Change.org (1P)Up to 13 monthsKeeps track of amount displayed on combo page.
    starter-banner-petition-[petitionID]Change.org (1P)Up to 13 monthsBanner frequency and preference tracking.
    tos_banner_remaining_views_*Change.org (1P)Up to 13 monthsBanner frequency and preference tracking.

    Analytics Cookies

    Analytics cookies collect information about how you use Change.org, like which pages you visited and which links you click on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions.

    CookieProvider (1P/3P)ExpiryUse / categorization rationale
    __stripe_orig_propsStripe (3P)Up to 1 yearAnalyzes and improves Stripe payment services.
    __utm*Google (3P)Up to 13 monthsGoogle Analytics: distinguishes users/sessions.
    _airbrake_session_*Change.org / Airbrake (1P/3P)SessionError and performance monitoring.
    _gaGoogle (3P)Up to 13 monthsGoogle Analytics: distinguishes users.
    _gat*Google Tag Manager (3P)1 minuteThrottles request rates.
    _gidGoogle (3P)Up to 13 monthsGoogle Analytics: distinguishes users.
    Experiments_*Change.org (1P)Up to 13 monthsProduct experiments evaluation.
    ga_first_visitGoogle (3P)Up to 13 monthsRemembers first-visit traffic source/browser.
    NIDGoogle (3P)Up to 6 monthsGoogle preferences tracking.
    optimizelyRedirectDataOptimizely (3P)Up to 13 monthsRuns product experiments.
    optimizelySessionOptimizely (3P)Up to 13 monthsRuns product experiments.

    Marketing Cookies

    Marketing cookies track your activity to help deliver more relevant content or advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers.

    CookieProvider (1P/3P)ExpiryUse / categorization rationale
    APISIDGoogle (3P)Up to 2 yearsUsed for ads on Google.
    NIDGoogle (3P)Up to 6 monthsGoogle preferences tracking.
    PREFGoogle (3P)Up to 2 yearsUsed for ads on Google.
    SAPISIDGoogle/DoubleClick (3P)Up to 2 yearsUsed by DoubleClick for ads on Google/YouTube.
    SIDCCGoogle (3P)Up to 1 yearUsed for ads on Google.
    SSIDYouTube (3P)Up to 2 yearsUsed by YouTube for ads on Google/YouTube.
    _gcl_auGoogle Tag Manager (3P)3 monthsStores and tracks conversions.
    _uetsidMicrosoft Advertising (3P)SessionMicrosoft Advertising (Bing) ads.
    _uetvidMicrosoft Advertising (3P)Up to 13 monthsMicrosoft Advertising (Bing) ads.
    __Secure-3PAPISIDGoogle/YouTube (3P)Up to 2 yearsUsed by YouTube for ads on Google/YouTube.
    __Secure-3PSIDGoogle/YouTube (3P)Up to 2 yearsUsed by YouTube for ads on Google/YouTube.
    __Secure-3PSIDCCGoogle/YouTube (3P)Up to 1 yearUsed by YouTube for ads on Google/YouTube.

  3. How do I manage cookies?

    You can manage your cookie preferences and opt-out of preference, analytics, and marketing cookies with the cookie manager. You can change or withdraw your consent at any time using the cookie manager.

    If you are in a region that requires prior consent (e.g., the EU/EEA/UK), we will set only essential cookies until you provide consent for additional categories. If you are in California, you can use the cookie manager to exercise your “Do Not Sell or Share My Personal Information” choice for cookies that may be considered a “sale” or “sharing” under the CPRA.

    You can also control cookies via your browser settings and device-level controls (which may allow you to block or delete cookies and similar technologies). Note that certain features of the platform may not function properly without essential cookies.

  4. Policy updates

    This is a snapshot of how we use cookies today; we may change this Cookie Policy if we change our use of cookies over time. The “last updated” date at the top of this page indicates when this page was last changed.

    Please refer to our Privacy Policy for more information about Change.org’s data usage. If you have specific questions, please reach out to the appropriate contact listed in our Privacy Policy [9. Key contacts].

    Thanks for supporting change in your community — we can’t wait to see what you’ll change next!


    5. We provide this Cookie Policy in multiple languages, using artificial intelligence (ChatGPT). To the extent permitted by applicable law, the English version will control in the event of any conflict or inconsistency.