Cookie Policy

This Cookie Policy explains how Leestays uses cookies and similar browser storage technologies across the guest-facing website and the internal admin system. We keep cookie usage narrow and primarily use it for authentication, session continuity, and operational preferences.

1. Essential Authentication Cookies

For guest accounts, Leestays uses authentication cookies such as sb-access-token and sb-refresh-token to keep users signed in, restore sessions, and protect account pages.

These cookies are set during login, registration, Google sign-in callback, token refresh, and cleared during logout.

These authentication cookies are configured with HttpOnly, SameSite=Lax, path=/, and secure delivery in production environments.

2. Admin Session Cookies

The admin dashboard uses a dedicated session cookie named leestays_admin_session to authenticate internal users and control access to admin routes.

This cookie is HttpOnly, SameSite=Lax, scoped to the site path, and currently uses a session lifetime of up to 7 days unless cleared earlier.

3. Preference and Operational Cookies

The admin system may store a preference cookie named leestays_seo_redirects to persist configured redirect rules used by the internal proxy layer.

This cookie is operational rather than advertising-related and is used to preserve redirect behavior chosen inside admin settings.

4. Local Browser Storage

In addition to cookies, Leestays uses browser localStorage for certain non-cookie data such as admin settings drafts, Google Sheets sync state, SEO script drafts, AI key preferences, and similar browser-side convenience data.

These items are stored on the device browser rather than as HTTP cookies, but they still act as browser storage and should be understood as part of our client-side persistence behavior.

5. Third-Party Services

When guests use embedded or loaded third-party services such as Google Maps or Razorpay Checkout, those providers may set or read their own cookies according to their own policies.

Leestays also uses embedded map and media surfaces that may connect the browser to external providers when those components are loaded.

6. What We Do Not Currently Use

Based on the current codebase, Leestays does not presently rely on a broad first-party advertising cookie stack or a generic sitewide analytics cookie banner flow.

If tracking, analytics, experimentation, or additional marketing tools are added later, this policy should be updated accordingly.

7. Managing Cookies

Users can clear cookies and local storage through their browser settings, although doing so may sign them out or remove saved preferences.

If you disable essential authentication cookies, account login and protected-area access may stop working correctly.

Cookie Policy

1. Essential Authentication Cookies

For guest accounts, Leestays uses authentication cookies such as sb-access-token and sb-refresh-token to keep users signed in, restore sessions, and protect account pages.

These cookies are set during login, registration, Google sign-in callback, token refresh, and cleared during logout.

These authentication cookies are configured with HttpOnly, SameSite=Lax, path=/, and secure delivery in production environments.

2. Admin Session Cookies

The admin dashboard uses a dedicated session cookie named leestays_admin_session to authenticate internal users and control access to admin routes.

This cookie is HttpOnly, SameSite=Lax, scoped to the site path, and currently uses a session lifetime of up to 7 days unless cleared earlier.

3. Preference and Operational Cookies

The admin system may store a preference cookie named leestays_seo_redirects to persist configured redirect rules used by the internal proxy layer.

This cookie is operational rather than advertising-related and is used to preserve redirect behavior chosen inside admin settings.

4. Local Browser Storage

These items are stored on the device browser rather than as HTTP cookies, but they still act as browser storage and should be understood as part of our client-side persistence behavior.

5. Third-Party Services

When guests use embedded or loaded third-party services such as Google Maps or Razorpay Checkout, those providers may set or read their own cookies according to their own policies.

Leestays also uses embedded map and media surfaces that may connect the browser to external providers when those components are loaded.

6. What We Do Not Currently Use

Based on the current codebase, Leestays does not presently rely on a broad first-party advertising cookie stack or a generic sitewide analytics cookie banner flow.

If tracking, analytics, experimentation, or additional marketing tools are added later, this policy should be updated accordingly.

7. Managing Cookies

Users can clear cookies and local storage through their browser settings, although doing so may sign them out or remove saved preferences.

If you disable essential authentication cookies, account login and protected-area access may stop working correctly.

Menu

Destinations

Cookie Policy

1. Essential Authentication Cookies

2. Admin Session Cookies

3. Preference and Operational Cookies

4. Local Browser Storage

5. Third-Party Services

6. What We Do Not Currently Use

7. Managing Cookies

Menu

Destinations

Cookie Policy

1. Essential Authentication Cookies

2. Admin Session Cookies

3. Preference and Operational Cookies

4. Local Browser Storage

5. Third-Party Services

6. What We Do Not Currently Use

7. Managing Cookies