Cookie Policy
LiveRank uses minimal browser storage. Here is exactly what we store and why.
LAST UPDATED APRIL 19, 2026
01Why LiveRank Does Not Show a Cookie Banner
You may have noticed that LiveRank does not display a cookie consent banner. This is intentional, and it is legally correct.
Under GDPR (and equivalent regulations like CCPA), a consent banner is required only for non-essential tracking — advertising cookies, cross-site analytics, marketing trackers, and similar. LiveRank uses none of these.
Every item LiveRank stores in your browser is either:
- Technically necessary — without it, the core feature (authentication) cannot work.
- Functional / user-preference — you set it intentionally by activating a UI feature (the Community Lens).
These categories do not require consent under GDPR Recital 47 and the ePrivacy Directive. There is nothing to consent to.
02What LiveRank Stores
The following items are stored in your browser's localStorage or via server-side mechanisms:
access-token and refresh-token (localStorage)
Purpose: Authentication. These are JSON Web Tokens (JWTs) that identify you as a logged-in user. Without them, you cannot vote, comment, create rankings, or access any authenticated feature.
Lifespan: The access token expires after 30 minutes and is refreshed automatically. The refresh token expires after 7 days of inactivity. Tokens are cleared on logout.
Category: Technically necessary. No functional substitute exists.
Opt-out: If you do not want LiveRank to store a JWT in localStorage, the only option is to not log in. LiveRank is fully browsable without an account; voting and creating rankings require a logged-in session.
lr-active-community (localStorage)
Purpose: Community Lens state. When you activate a community from the header switcher, LiveRank stores your choice locally so the lens persists across page navigations within the same browser tab.
Lifespan: Persists until you click “Switch to global” in the header switcher, clear your browser storage, or log out.
Category: Functional / user-preference. You explicitly set this by choosing a community. It does not track you across sites.
Opt-out: Click “Switch to global” in the header community switcher at any time.
OAuth State Nonce (server-side Redis, not a browser cookie)
Purpose: Security. When you initiate a Google OAuth sign-in, a one-time nonce is stored server-side in Redis to prevent CSRF attacks during the OAuth callback. This is not a browser cookie — it lives on LiveRank's servers and is deleted immediately after the sign-in completes.
Category: Technically necessary for OAuth security.
Sentry Session (conditional)
Purpose: Error tracking. The Sentry frontend SDK may set a session identifier in localStorage to correlate error reports from the same browser session. This is used solely for diagnosing crashes and bugs — not for advertising or cross-site tracking.
Category: Functional / diagnostic. Present only when the Sentry frontend integration is active.
03What LiveRank Does NOT Store
As of the date of this policy, LiveRank does not set:
- Advertising or retargeting cookies.
- Third-party analytics cookies (e.g., Google Analytics).
- Social media tracking pixels (Facebook, Twitter, etc.).
- A/B testing cookies.
- Any cross-site tracking mechanism.
If we ever introduce any of these in the future, this policy will be updated, and a consent banner will be displayed as required by applicable law.
04Contact
Questions about our storage practices? Email [email protected].
See also our full Privacy Policy for how your data is handled more broadly.