Locateflow
Legal

Cookie Policy

This page explains how LocateFlow uses cookies, browser storage, consent records, analytics tags, and similar technologies.

Last updated: May 1, 2026

Necessary storage

Session, auth, locale, security, CSRF, and consent storage keep the site and app working.

Security storage

Temporary tokens, session controls, rate-limit signals, and request validation help protect accounts and APIs.

Preferences

Local storage may remember theme, onboarding, consent, language, install prompts, and user-facing preferences.

Analytics

Web analytics is consent-gated; mobile analytics is controlled separately through in-app consent.

Categories of storage

  • Necessary: sign-in, session, locale, security, CSRF, rate-limit, consent, and app routing storage.
  • Preferences: theme, onboarding state, language, remembered product preferences, and install-prompt state.
  • Analytics: Google Analytics or Google Tag Manager tags when configured and accepted, plus consent-gated internal signed-in usage events.
  • Marketing: LocateFlow does not currently load advertising cookies through the public cookie banner. If marketing tags are added later, this policy and consent UI should be updated before use.

Consent behavior

The public cookie banner lets visitors accept analytics or decline non-essential analytics storage. The browser stores the choice in local storage under locateflow_cookie_consent and mirrors it to a first-party cookie_consent cookie for server-side consent checks.

If you decline, Google analytics storage is denied and internal analytics tracking is disabled. Necessary cookies and storage may still be used because the service cannot operate securely without them.

Current browser choice: not set

Google Analytics and Google Tag Manager

LocateFlow supports Google Analytics 4 and Google Tag Manager when configured. These tags should not load until analytics consent is accepted. Ad storage, ad user data, and ad personalization are set to denied by default in the current implementation.

Web analytics events are designed to avoid raw email, phone, address, name, provider account ID, Stripe ID, OAuth ID, token, support message, budget detail, and raw search query values.

Mobile analytics

Mobile analytics is controlled through in-app consent and does not use the web cookie banner. Mobile apps may send screen views, taps, errors, feature use, and aggregate search metadata when analytics consent is enabled.

CCPA opt-out relationship

California opt-out requests may be recorded separately through account settings or the California privacy endpoint. Anonymous opt-out state may use a first-party ccpa_opt_out cookie. See the California Privacy Notice.

Managing cookies and storage

You can use the controls above, browser settings, or device settings to clear or block storage. Blocking necessary storage may prevent sign-in, checkout, security checks, preferences, or app features from working.

Questions can be sent to [email protected].