Cookie Policy
Last updated: TBD
We use a small set of cookies and equivalent storage. This page explains what each one does and how to change your preferences. Under PECR / UK-GDPR, only strictly-necessary cookies are loaded without your consent.
Strictly necessary
| Name | Purpose | Lifetime |
|---|---|---|
| next-auth.session-token | Sign-in session | Session cookie · 30 days |
| next-auth.csrf-token | Cross-site request forgery protection | Session cookie |
Preferences (consent required)
| Name | Purpose | Lifetime |
|---|---|---|
| lh_currency | Remembers your selected display currency | localStorage · until you clear it |
| lh_cookie_consent | Stores your cookie choices on this very page | localStorage · until you clear it |
| lh_view | Remembers grid vs map view on the home page | localStorage · until you clear it |
| lh_last_search | Remembers your last home-page search (city, check-in, check-out, guests) so a fresh visit lands on the same query | localStorage · until you clear it |
| lh_last_location | Legacy: city only — superseded by lh_last_search but kept for older tabs | localStorage · until you clear it |
| lh_booking_resume_v1 | Saves your mid-booking rate selection if you redirect to buy a pass mid-flow | sessionStorage · 30 minutes or until tab closed |
Payment (set by Stripe during checkout)
When you buy a pass or book a hotel, Stripe-hosted Checkout sets its own cookies on the stripe.com domain for fraud prevention and to keep your session alive on their form. These are set by Stripe, not by us; see Stripe's cookie policy for the full list.
Analytics (consent required)
We don't currently load any analytics cookies. If we add a provider in future (e.g. Plausible or PostHog), this section will list each cookie and you'll be asked to opt-in via the banner.
How to change your mind
Click "Open cookie preferences" above, or reset preferences in your browser. Strictly-necessary cookies will always be loaded if you want to stay signed in.