Last updated: 2026-04-17 · Effective: 2026-04-17
This policy documents every cookie and browser-storage key used on blokusa.com. Everything is first-party. Nothing is sold, shared, or sent to any advertising network. You can see your full stored state — and clear any or all of it — using the ⚙ preferences button in the bottom-right of every page.
blokusa.com, not by any third-party domain.Sec-GPC: 1) as a valid CCPA / CPRA opt-out signal. Since we don't sell or share personal information, the practical effect is that we auto-suppress the cookie notice banner.Required for the site to function. We do not ask consent because the site cannot work without them.
| Name | What it stores | Duration | Type |
|---|---|---|---|
lnb.sid SESSION | Signed session identifier for authenticated users. Keeps you signed in and protects your account. Server-side; your email is not stored in the cookie itself, only a random ID that indexes into our server-side session store. | 8 hours (rolling) | First-party, HttpOnly, Secure, SameSite=Lax |
lnb.csrf SESSION | Cross-site request-forgery token for state-changing forms (login, password change, investor approvals). | Session | First-party, Secure, SameSite=Strict |
lnb_consent_v1 NOTICE | Records your acknowledgement of this cookie notice so we don't show the banner on every page load. | 12 months | First-party, SameSite=Lax + localStorage mirror |
Set by you via the ⚙ preferences panel. Applied on every page so the site looks and behaves the way you want.
| Key | What it stores | Duration |
|---|---|---|
lnb_pref_font_size PREF | Text-size preference: sm / (default) / lg. | 12 months |
lnb_pref_reduced_motion PREF | Disables transitions + animations beyond your OS-level preference. | 12 months |
lnb_pref_high_contrast PREF | Boosts contrast for easier reading. | 12 months |
If you are mid-way through a long form (estimator, home builder, mortgage calculator) and the tab crashes, you close the browser, or your laptop dies — we restore your draft when you return. Stored only in your browser. Never sent to us unless you actually submit the form.
| Key | What it stores | Duration |
|---|---|---|
lnb_draft_estimator DRAFT | Auto-saved project estimator inputs (project type, sqft, story count, hurricane spec, contact fields). | 30 days, or until cleared |
lnb_draft_builder DRAFT | Auto-saved home-builder inputs (bedrooms, bathrooms, block color, roof, foundation, smart-home options). | 30 days, or until cleared |
lnb_draft_mortgage DRAFT | Auto-saved mortgage-calculator inputs (price, down payment, rate, term). | 30 days, or until cleared |
Each draft is saved 500ms after you stop typing and also when you close the tab. Open any of those pages later and a banner appears at the top offering to restore — or you can click "Start fresh" to wipe the draft.
Small signals that help us make the site feel responsive and warn you before surprises.
| Key | What it stores | Duration |
|---|---|---|
lnb_visits UX | Count of your visits, first-visit timestamp, and last-visit timestamp. Used only to show a subtle "welcome back" greeting on visit #3 and beyond. Capped: we only increment once per 30 minutes. | 12 months |
lnb_visit_toast_dismissed UX | Session-only flag so the welcome toast doesn't re-appear if you dismiss it. | Session (tab close) |
lnb_ui_prefs UX | Non-sensitive UI layout preferences (admin sidebar collapsed state, last-viewed tab). | Until cleared |
The first time you visit, we capture your referring site (e.g., news.ycombinator.com) and any utm_* parameters in the URL. This is first-touch only — we never overwrite it on later visits, and we never track you around the web after.
The purpose is internal marketing analytics: "Did our Product Hunt launch work? Did the investor newsletter drive signups?" We never use this for ad-retargeting.
| Key | What it stores | Duration |
|---|---|---|
lnb_first_touch ATTR | First-visit timestamp, entry path, referring host (never the full URL), and UTM parameters if any. Example: { ts: 1712924800000, path: "/", ref: "news.ycombinator.com", utm: { utm_source: "hn" } }. | 90 days |
When you sign up or sign in, we send this one-time payload to /api/attribution/me (over HTTPS) so admins can see where a lead came from. After that, we don't send it again. You can clear it from the preferences panel anytime.
Bottom-right of every page. Opens a modal that shows every cookie + storage key we have stored in your browser, in plain English, with individual and bulk clear buttons:
Every major browser lets you delete cookies, block cookies from specific sites, or block all cookies. Instructions: Chrome · Firefox · Safari · Edge.
If your browser sends the Sec-GPC: 1 header (Firefox, Brave, DuckDuckGo Privacy Essentials extension), we treat it as a valid CCPA/CPRA "Do Not Sell or Share" signal. Since we don't sell or share in the first place, the visible effect is that we auto-record the notice as acknowledged — no banner.
Because we do not run cross-site tracking, the Do-Not-Track header has no extra effect on our site. We still respect it.
If you're signed in and go idle, we show a polite reminder ~5 minutes before your 8-hour session expires. This uses only in-memory state (no extra cookies). You can click "Stay signed in" to refresh, or "Sign out" to end the session immediately.
lnb.sid cookie is mandatory for authentication).If we add any new cookie or storage key, we will update this policy and (for anything beyond strictly necessary) show a consent banner before it is set. Material changes are announced by email to active accounts.
Cookie questions: info@blokusa.com.