Cookie Policy
Last updated: December 1, 2025
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently and provide a better user experience.
This Cookie Policy explains what cookies we use, why we use them, and how you can control them.
Cookies We Use
Essential Cookies (Required)
These cookies are necessary for the website to function and cannot be disabled.
Authentication Session
Cookie: next-auth.session-token
Purpose: Keeps you logged in while using GuestLoop
Duration: 30 days or until logout
Provider: NextAuth.js (first-party)
CSRF Protection
Cookie: next-auth.csrf-token
Purpose: Protects against cross-site request forgery attacks
Duration: Session only
Provider: NextAuth.js (first-party)
Callback URL
Cookie: next-auth.callback-url
Purpose: Remembers where to redirect you after login
Duration: Session only
Provider: NextAuth.js (first-party)
Email Capture (Guest Guidebooks)
Cookie: booking_email_[token]
Purpose: Remembers that you've entered your email to view a guidebook
Duration: 1 year
Provider: GuestLoop (first-party)
Functional Cookies (Optional)
These cookies enhance functionality and personalization but are not essential.
Theme Preference
Cookie: theme
Purpose: Remembers your light/dark mode preference
Duration: 1 year
Provider: GuestLoop (first-party)
Language Preference
Cookie: locale
Purpose: Remembers your language selection
Duration: 1 year
Provider: GuestLoop (first-party)
Tour Dismissal
Cookie: [page]-tour-dismissed
Purpose: Remembers that you've completed or dismissed onboarding tours
Duration: 1 year
Provider: GuestLoop (first-party)
Analytics Cookies (Currently None)
We currently do not use third-party analytics cookies (e.g., Google Analytics). If we add them in the future, we will update this policy and provide an opt-out option.
Third-Party Cookies
We use limited third-party services that may set cookies:
Google OAuth (Optional Login Method)
Purpose: Allows you to sign in with your Google account
Cookies Set: Various Google authentication cookies
Duration: Varies
Control: Only used if you choose to sign in with Google
Privacy Policy: Google Privacy Policy
Stripe (Payment Processing)
Purpose: Securely processes subscription payments
Cookies Set: Stripe fraud detection cookies
Duration: Session or as specified by Stripe
Control: Required for payment processing
Privacy Policy: Stripe Privacy Policy
Vercel (Hosting Provider)
Purpose: Website hosting and performance
Cookies Set: Performance and security cookies
Duration: Varies
Control: Essential for website operation
Privacy Policy: Vercel Privacy Policy
Why We Use Cookies
- Authentication: Keep you securely logged in to your account
- Security: Protect against cross-site request forgery (CSRF) attacks
- User Experience: Remember your preferences (theme, language)
- Functionality: Enable core features like guidebook email capture
- Performance: Optimize page loading and reduce server requests
How to Control Cookies
Browser Settings
Most web browsers allow you to control cookies through their settings. You can:
- Block all cookies
- Block third-party cookies only
- Clear cookies when you close your browser
- Delete existing cookies
⚠️ Important Note:
If you disable or block essential cookies, you will not be able to log in to GuestLoop or use key features. The website may not function properly.
Browser-Specific Instructions
Chrome: Cookie settings in Chrome
Firefox: Cookie settings in Firefox
Safari: Cookie settings in Safari
Edge: Cookie settings in Edge
Cookie Duration
Session Cookies
These cookies are temporary and are deleted when you close your browser. We use session cookies for CSRF protection and temporary state management.
Persistent Cookies
These cookies remain on your device for a set period (e.g., 30 days, 1 year) or until you delete them. We use persistent cookies for authentication (30 days) and preferences (1 year).
First-Party vs. Third-Party Cookies
First-Party Cookies
These are set directly by GuestLoop and are used to provide core functionality. Examples: authentication, preferences, email capture tracking.
Third-Party Cookies
These are set by external services we use (Google OAuth, Stripe, Vercel). We have limited control over these cookies. See their respective privacy policies for details.
Do Not Track (DNT)
We do not currently respond to Do Not Track (DNT) browser signals because there is no industry-wide standard for DNT. However, we minimize our use of tracking cookies and do not use third-party analytics or advertising cookies.
Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will post the updated policy on this page with a new "Last Updated" date.
Questions About Cookies?
If you have questions about our use of cookies, please contact us:
Cookie Summary
| Type | Count | Can Disable? |
|---|---|---|
| Essential | 4 | No |
| Functional | 3 | Yes |
| Analytics | 0 | N/A |
| Third-Party | 3 services | Limited |