Cookies Notice.
A short, exhaustive list of every cookie or local-storage value lockd.it sets in your browser, what it does, who controls it, and how long it stays.
Cookies and storage we set ourselves
| Name | Purpose | Lifetime |
|---|---|---|
katz_session |
Essential. Keeps you signed in. Without this cookie the dashboard, signing flow, and admin tools cannot work. Tied to a session row in our database, not a tracking cookie. | 30 days, sliding |
oauth_state |
Essential. Prevents cross-site request forgery during a Google sign-in flow. Set when you click "Continue with Google," cleared on return. | ~10 minutes |
localStorage: lockd:cookie-consent:v1 |
Functional. Remembers your choice from the cookie banner so we don't show it again. | Until you clear browser data |
localStorage: lockd:a11y:v1 |
Functional. Remembers your accessibility settings (text size, contrast, motion) so they persist across visits. | Until you clear browser data |
localStorage: lds:draft:new-deal:v1 |
Functional. Auto-saves your in-progress deal draft so you don't lose it on refresh. Cleared after you create the deal. | 24 hours |
Third-party cookies set by services we embed
| Service | Purpose | Privacy policy |
|---|---|---|
| Cloudflare Turnstile | CAPTCHA on public forms (e.g., the early-access waitlist). Sets a short-lived token tied to your form submission. Privacy-respecting, no behavioral profiling. | Cloudflare |
| Google OAuth (when used) | Sets cookies on Google's domain when you click "Continue with Google." We do not see or store these — they belong to Google. Used only at the moment of sign-in. | |
| Google Fonts | We load fonts from fonts.googleapis.com. No cookies are set on lockd.it itself, but font requests reveal your IP to Google. We will move to self-hosted fonts before public launch. |
What we do not do
- We do not run advertising trackers, retargeting pixels, or social-media tracking cookies.
- We do not run cross-site behavioral analytics. There is no Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight, or similar.
- We do not sell or share personal information for cross-context behavioral advertising. See the Do Not Sell or Share section of our privacy notice.
- We do not fingerprint your device beyond the IP address and user agent that appear in standard server logs.
Your choices
From within lockd.it
The cookie banner that appears on your first visit lets you choose between "Accept all" and "Essentials only." Today these two choices are equivalent because every cookie we set is essential or functional — there is nothing optional to opt out of. If we ever add an analytics or advertising cookie, that banner will gate it on your consent.
You can clear your remembered consent and see the banner again:
Cleared. Refresh the page to see the banner again.
From your browser
You can block or clear cookies through your browser settings. For most browsers: Settings → Privacy → Cookies and site data. Blocking essential cookies (like katz_session) will prevent you from signing in.
Major browser controls:
California residents
Under the CCPA / CPRA, California residents have the right to know what personal information is collected, to delete it, to correct it, and to opt out of sale or sharing for behavioral advertising. We do not sell or share personal information for behavioral advertising. Full details are on our Privacy Notice, including the Do Not Sell or Share section.
Changes to this notice
We will update this notice if we add or remove cookies. Material changes will be reflected in the "Last updated" date and, where appropriate, communicated by email or in-product.