Cookies are small text files placed on your device. We also use similar technologies (localStorage/sessionStorage). They help with sign-in, security, preferences, and performance.
1) How we use cookies
- Essential: authentication/session (e.g., NextAuth), CSRF, load balancing. Required to log in, create/buy listings, and use the dashboard.
- Preferences: UI/theme choices and remembered filters.
- Analytics/Performance (optional): understand usage and improve reliability; configured to minimize identifiers where possible.
- Payments & Integrations: Stripe may set cookies during checkout/Connect onboarding; Google Maps may set identifiers for Autocomplete.
- OAuth flows: when you start Google Calendar sync we set a short-lived, HTTP-only state cookie so the
https://www.googleapis.com/auth/calendar.events permission flow stays secure against CSRF.
2) Examples
__Secure-next-auth.session-token (essential) — maintains your logged-in session.- Local storage for app preferences (e.g., theme, last used filter).
- Stripe checkout/Connect cookies during payment/payout flows.
- Google Maps Autocomplete cookies when entering addresses.
gcal_oauth_state (essential, expires in minutes) — stores a random nonce while you approve Google Calendar access so we can verify the callback.
PikaLead