Skip to content
Luckiest.co

Cookies

Crumbs, not
surveillance.

Every cookie we set, why it's there, and how to turn it off.

Effective

Mar 1, 2026

Last Updated

Apr 2, 2026

Version

2.0.1

Jurisdiction

California, USA

Reading Time

5 min

Summary

The version
in human words.

  1. 01We use 6 cookies total. Three are strictly necessary, three are optional.
  2. 02We don't use third-party advertising cookies. We don't have any to begin with.
  3. 03Analytics is privacy-friendly, first-party only, and you can switch it off at the banner.
  4. 04Your choice is stored for 12 months, then we ask again.
  5. 05Block cookies in your browser if you prefer the nuclear option — the site still works, mostly.

01/The Primer

What a cookie is

A cookie is a small text file your browser stores when you visit a site. The site can read its own cookies on subsequent visits. We also use a couple of related technologies — local storage and session storage — and we lump them all together as "cookies" in this document for clarity.

02/Full Inventory

Every cookie we set

The complete list. If we add a cookie, we update this section and ask for consent again where required.

Strictly necessary — always on

lk_session
Authentication token. Expires when you log out or after 30 days of inactivity.
lk_csrf
Cross-site request forgery defense. Session-only, cleared on tab close.
lk_consent
Your cookie preferences. 12 months. Always required to remember 'no thanks.'

Optional — off until you opt in

lk_locale
Preferred language / currency on the marketplace. 12 months. Saves you a click.
lk_seen
Listings you've viewed, used to power 'recently browsed.' 30 days.
lk_metric
Anonymous analytics ID (Plausible-style). No fingerprinting, no cross-site tracking.

03/Outside Code

Third-party cookies

We don't set third-party advertising or social cookies. We don't run Google Tag Manager. We don't run Facebook Pixel. We don't run any of the usual suspects.

Two operational exceptions: Stripe sets cookies during checkout to prevent payment fraud, and Cloudflare may set a security cookie (__cf_bm) to distinguish browsers from bots. Both are scoped to specific actions and lifetimes; both are covered by their respective providers' policies, which we link to in our subprocessor list.

04/Your Switches

Your controls

You have three layers of control. Each one is stronger than the last; all three are honored.

Banner
On first visit, you can accept all, reject all, or pick by category. Stored for 12 months.
Footer
A 'Cookie preferences' link in the footer reopens the same dialog at any time.
Browser
Browser-level blocking. We respect Global Privacy Control automatically.

Do Not Track & Global Privacy Control

We honor the Global Privacy Control (GPC) signal as a binding opt-out of optional cookies. Browsers that send a Do Not Track header are treated identically. You don't need to do anything else.

05/Change Log

Changes

If we add or change a cookie, we update this page and re-prompt for consent on the affected categories. Material changes are also announced by email to active accounts.

Related Documents

Questions, takedowns, requests

Tweak your cookie choice any time.

The cookie preferences panel lives in the footer of every page. You can also email us — the privacy desk and the cookie desk are the same desk.

get+privacy@luckiest.co