Review our terms and compliance documents
Operator: Lining Pro LLC, United States. Contact: help@liningpro.com. Governing law: State of Florida.
This policy describes how liningpro.com uses HTTP cookies, localStorage, and sessionStorage. The authoritative per-key catalogue—each name or pattern with mechanism, lifespan, purpose, category, audience, notice posture before persistence, and engineering source files—is rendered as the LiningPro technical storage inventory table at the bottom of this page. That table is generated from application source on every page load so it stays aligned with deployed code.
Visitors in the United States may disable new first-party analytics POSTs using Cookie choices (desktop footer or mobile legal bar). Opting out does not by itself delete historical server logs. For deletion or access requests, use Do Not Sell or Share / privacy requests or email help@liningpro.com.
Processor categories are summarized in our Privacy Policy. If you embed a third-party script or widget via Admin → Legal, that vendor’s own cookies or storage may apply—review their documentation.
We update the technical inventory when product behavior changes; narrative copy may evolve with Privacy Policy revisions.
Generated from application source (lib/admin-user-capabilities-storage-ledger.ts). Entries cover HTTP cookies plus localStorage and sessionStorage keys observed in deployed code—not third-party-hosted policy text managed outside this repository.
| Name / pattern | Mechanism | Lifespan | Purpose | Category | Audience | Notice | Source (engineering) |
|---|---|---|---|---|---|---|---|
admin_sessionADMIN_COOKIE (lib/admin-auth.ts) | HTTP cookie | 12 hours | Signed admin JWT, scope-limited to admin email; required for `requireAdmin()` checks in admin routes.Attributes: httpOnly; secure (prod); sameSite=lax; path=/; maxAge=43200 | Security / auth | Administration | Admin-only pathway | lib/admin-auth.ts (`setAdminCookie`) |
advertiser_session | HTTP cookie | 7 days (rolling on auto-login) | Authenticated advertiser session JWT — required for advertiser dashboard, inquiries, and billing.Attributes: httpOnly; secure (prod); sameSite=lax; path=/; maxAge=604800Set only after the advertiser terms checkbox is accepted and persisted server-side. | Strictly necessary | Advertisers | Server-persisted checkbox before write | app/api/advertiser/login/route.ts; app/api/advertiser/auto-login/route.ts |
contractor_session | HTTP cookie | 7 days (rolling on auto-login) | Authenticated contractor session JWT — required for contractor dashboard, inbox, billing, and tools.Attributes: httpOnly; secure (prod); sameSite=lax; path=/; maxAge=604800Set only after the contractor terms checkbox (DisclaimerBlock audience: contractor) is accepted and persisted server-side. | Strictly necessary | Contractors | Server-persisted checkbox before write | app/api/contractor/login/route.ts; app/api/contractor/auto-login/route.ts |
sb-* (Supabase auth/refresh) | HTTP cookie | Per Supabase Auth config (refresh/access split) | Supabase-managed authentication and refresh tokens for SSR session continuity.Attributes: httpOnly + secure attributes set by `@supabase/ssr` per environmentTouches every audience because the SSR helper hydrates per request — values only persist on authenticated users. | Strictly necessary | Administration; Advertisers; Contractors; Visitors / directory | Strictly necessary (exempt from consent) | lib/supabase/server.ts; lib/supabase/middleware.ts |
sewer_lead_tokenLEAD_TOKEN_COOKIE (lib/app-context.tsx) | HTTP cookie | 7 days (rolling) | Stores the anonymous homeowner lead access token set in the browser so quote requests resume after reload (track view, continuation links). Written from client JavaScript—not HttpOnly.Attributes: path=/; SameSite=Lax; ~7-day Expires via document.cookieCleared when the user clears the active request or submits a new intake per app logic; not readable by SSR first-party middleware as HttpOnly=false. | Strictly necessary | Homeowner intake & tracker; Visitors / directory | Strictly necessary (exempt from consent) | lib/app-context.tsx (`setTokenCookie` / `clearTokenCookie`) |
sidebar_stateSIDEBAR_COOKIE_NAME / SIDEBAR_COOKIE_MAX_AGE (components/ui/sidebar.tsx) | HTTP cookie | 7 days | Remembers collapsed vs expanded sidebar layout for dashboards using the sidebar shell component (non-HttpOnly UI preference cookie).Attributes: path=/; max-age=604800 (~7 days) | Functional / preference | Administration; Advertisers; Contractors | No prior notice today | components/ui/sidebar.tsx (`SidebarProvider` setOpen persistence) |
liningpro_admin_sessionADMIN_SESSION_KEY | localStorage | Until the admin signs out or clears site data | Client-side mirror of admin login state so the admin shell can render without an extra round-trip.The HTTP-only `admin_session` cookie remains the source of truth — this flag is informational for the SPA only. | Functional / preference | Administration | Admin-only pathway | components/admin-login-dialog.tsx (line 17); lib/app-context.tsx (line 143); components/footer.tsx |
liningpro_invite_pendingINVITE_STORAGE_KEY (lib/app-context.tsx:85) | localStorage | 30 days | Persist contractor invite payload across page refreshes / login so the user is not bounced out of the invite acceptance flow.Written when an admin-issued invite link is opened. Cleared on success or after expiry. | Functional / preference | Contractors; Visitors / directory | No prior notice today | lib/app-context.tsx (line 99) |
liningpro_talk_sidebar_seen_v1STORAGE_KEY (lib/talk/sidebar-seen.ts:8) | localStorage | Until cleared by the user | Tracks which Contractor Talk categories / topics the contractor has already viewed so the sidebar can hide "new" pips. | Functional / preference | Contractors | No prior notice today | lib/talk/sidebar-seen.ts (line 50) |
liningpro-themeTHEME_STORAGE_KEY (components/theme-provider.tsx:16) | localStorage | Until cleared by the user | Stores the user-selected light / dark / system theme so the preference survives reloads.Generally accepted as functional / preference under EDPB guidance — minimal data, no profiling. | Functional / preference | Administration; Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | components/theme-provider.tsx (line 91) |
lp_admin_contractor_seenSEEN_KEY (components/admin-analytics-left-panel.tsx:16) | localStorage | Until cleared by the admin | Admin-only "last viewed" timestamp map for contractor analytics rows so the admin can see which contractors they have already reviewed. | Functional / preference | Administration | Admin-only pathway | components/admin-analytics-left-panel.tsx (line 25) |
lp_analytics_anon_idANON_ID_KEY (lib/analytics-tracker.ts:10) | localStorage | Persistent until the user clears site data | Stable random UUID identifying the device for product analytics joins (page views, session continuity).Generated on first analytics-enabled page load. U.S. visitors may opt out via Cookie choices; banner + preferences UI document the write in-app. | Analytics (consent territory) | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/analytics-tracker.ts (`getAnonymousId` line 25) |
lp_analytics_opt_out_v1privacyConsentKeys.analyticsOptOut (lib/privacy-consent.ts) | localStorage | Until cleared by user | Stores the user preference to disable new first-party analytics events from this browser (USA opt-out model).Written via Privacy preferences UI; governs gates in lib/analytics-tracker.ts. | Functional / preference | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | Browser-only modal acknowledgement | lib/privacy-consent.ts |
lp_analytics_session_expirySESSION_EXPIRY_KEY (lib/analytics-tracker.ts:12) | localStorage | 30-minute sliding window of activity | Tracks the end of the analytics session so the next event after 30m of idle generates a new session id. | Analytics (consent territory) | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/analytics-tracker.ts (lines 43, 47) |
lp_consent_recorded_at_v1privacyConsentKeys.consentRecordedAt (lib/privacy-consent.ts) | localStorage | Until cleared | ISO timestamp of the last banner / preference-change event for UX display and audits. | Functional / preference | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | Browser-only modal acknowledgement | lib/privacy-consent.ts |
lp_contractor_platform_disclaimer_ack_v1CONTRACTOR_PLATFORM_DISCLAIMER_STORAGE_KEY (lib/contractor-platform-disclaimer.ts:5) | localStorage | Until the contractor clears site data | Optional UX cache after the contractor dismisses the dashboard platform-features modal; eligibility remains governed by platform_features_disclaimer_* plus disclaimer_acceptances rows.Server audit: POST /api/contractor/acknowledge-platform-disclaimer → contractor_platform_features ledger rows (see docs/ADMIN_LEGAL_PRIVACY_COMPLIANCE.md). If site data is cleared, the modal may reappear until server-side generation still matches. | Functional / preference | Contractors | Browser-only modal acknowledgement | lib/contractor-platform-disclaimer.ts (line 22) |
lp_cookie_notice_dismissed_v1privacyConsentKeys.cookieNoticeDismissed (lib/privacy-consent.ts) | localStorage | Until cleared | Remembers that the informational cookie/analytics banner was dismissed so it is not reshown every visit.Dismissal is not persisted server-side; clearing storage may reshow the banner. | Functional / preference | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/privacy-consent.ts; components/cookie-notice-banner.tsx |
auto_nav_shown_<leadId> | sessionStorage | Browser tab session | Per-request gate so mobile lead tracker UX auto-opens the assignments pane exactly once during the lifecycle of `currentLead`.Dynamic suffix is the homeowner lead UUID/identifier from state — not enumerated ahead of creation. | Functional / preference | Homeowner intake & tracker; Visitors / directory | No prior notice today | components/lead-tracker.tsx (sessionStorage prefix `auto_nav_shown_${currentLead.id}`) |
liningpro_pending_review | sessionStorage | Browser tab session | Bridging flag from SSR profile wrapper → client SPA so reviewer UI can open reliably when `?review=true` lands on contractor profile routes. | Functional / preference | Visitors / directory | No prior notice today | components/contractor-profile-wrapper.tsx (set); components/contractor-profile.tsx (consumes/remove) |
lp_admin_pending_deep_linkADMIN_PENDING_DEEP_LINK_KEY (lib/admin-url-params.ts) | sessionStorage | Browser tab session | Caches admin URL-derived payload before auth completes so the shell can hydrate the correct dashboard section/listing row after MFA sign-in.Structured JSON serialized as a string payload. | Security / auth | Administration | Admin-only pathway | lib/app-context.tsx; components/admin-login-dialog.tsx |
lp_analytics_session_idSESSION_ID_KEY (lib/analytics-tracker.ts:11) | sessionStorage | Tab session (cleared when the tab closes) | Per-tab session identifier so behavioral analytics can group page views. | Analytics (consent territory) | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/analytics-tracker.ts (`setSessionId` line 42) |
lp_pending_contractor_classified_navLP_PENDING_CONTRACTOR_CLASSIFIED_NAV (lib/app-context.tsx) | sessionStorage | Browser tab session | Signals that an equipment-classifieds user tapped inquiries on mobile before auth so the SPA can open contractor classified inquiries once after session restore on `/`. | Functional / preference | Contractors; Visitors / directory | No prior notice today | components/mobile-nav.tsx; lib/app-context.tsx (consumption helper) |
lp_session_source | sessionStorage | Tab session | Keeps normalized traffic source attribution on the analytics session_join payload for session_init events.Written only alongside analytics bootstrap when not opted out. | Analytics (consent territory) | Advertisers; Contractors; Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/analytics-tracker.ts (`initAnalyticsSession`) |
sewer_lead_clearedLEAD_CLEARED_KEY (lib/app-context.tsx) | sessionStorage | Browser tab session | One-shot marker so navigating home after intentionally clearing an active residential lead does not immediately pull the old token cookie back onto the resumed session shell. | Functional / preference | Homeowner intake & tracker; Visitors / directory | No prior notice today | lib/app-context.tsx (hydration bootstrap + CLEAR_LEAD path) |