Cookies and storage

NearID Cookie Policy

This Cookie Policy explains the first-party cookies and browser storage NearID uses on the website, staff and org console routes, and partner panel. It is tied to the audited implementation in our current web apps rather than placeholder legal language.

Document details

Effective date:

April 14, 2026

Last updated:

April 14, 2026

Scope

NearID website, admin console public and authenticated routes, partner panel public and authenticated routes, and browser-based auth flows.

Primary audience

Website visitors, invited staff users, customer organization users, and partner-panel users.

Data requests contact

privacy@nearid.com

1. Cookie and storage classification summary

NearID currently uses browser storage for first-party consent persistence, authentication, CSRF protection, and user interface preferences. In the audited website, admin-console, and partner-panel code, we did not find active marketing cookies or active analytics identifiers being written to browser storage.

Strictly necessary items keep sign-in secure, maintain authenticated sessions, and carry one-time auth state through browser flows.
Preferences items remember display and workflow settings such as theme, time formatting, dismissed prompts, and saved filters.
Analytics items are not currently written by audited client code on these surfaces.
Marketing items are not currently written by audited client code on these surfaces.

2. Website consent and storage inventory

The public website now stores a first-party consent record for the active browser session so visitors can accept, reject, or customize non-essential categories. That consent record is treated as strictly necessary because it prevents optional categories from running before consent where opt-in is required.

Item	Storage	Classification	Provider	Duration	Purpose
nearid_cookie_consent_v1	sessionStorage	Strictly necessary	NearID app running in the user browser	Current browser session only; cleared when the browser session ends.	Persists cookie-consent choices so non-essential categories remain disabled until the user changes them.
nearid_cookie_consent_events_v1	sessionStorage	Strictly necessary	NearID app running in the user browser	Current browser session only; rolling in-session history limited to the most recent consent events.	Stores a minimal consent event trail so support and engineering can verify banner display and consent updates.

3. Strictly necessary auth cookies

These cookies are first-party NearID security controls used for browser-based authentication and request protection. They are not used to infer GPS location or to build marketing profiles.

Item	Storage	Classification	Provider	Duration	Purpose
nearid_session	Cookie	Strictly necessary	NearID first-party backend	15 minutes by default; configurable via auth access-token TTL settings.	Authenticates browser requests after sign-in.
nearid_refresh	Cookie	Strictly necessary	NearID first-party backend	7 days by default; configurable via auth refresh-token TTL settings.	Refreshes authenticated browser sessions without forcing a full re-login on every request.
nearid_csrf	Cookie	Strictly necessary	NearID first-party backend	7 days by default, aligned to refresh session lifetime unless runtime settings override it.	Protects state-changing browser requests against CSRF attacks.

4. Admin console storage inventory

The admin console uses first-party localStorage and sessionStorage for authenticated bootstrapping, saved operator preferences, and queue/workflow persistence.

Item	Storage	Classification	Provider	Duration	Purpose
nearid_admin_session	localStorage	Strictly necessary	NearID app running in the user browser	Persists until logout, session replacement, or manual browser clearing.	Caches authenticated admin/org session context so the console can bootstrap protected routes.
nearid_partner_access_token (admin-hosted partner login bridge)	localStorage	Strictly necessary	NearID app running in the user browser	Persists until logout, token replacement, or manual browser clearing.	Bridges partner login initiated from NearID public auth routes.
nearid_org_config_cache	localStorage	Strictly necessary	NearID app running in the user browser	Persists until refreshed by a newer org config payload or manual browser clearing.	Caches org configuration needed to render correct modules and plan-gated UI during auth bootstrap.
nearid_partner_auth_notice	sessionStorage	Strictly necessary	NearID app running in the user browser	Current tab or browser session only.	Carries a one-time session-expired notice through partner auth redirects.
nearid_display_tz, nearid_date_format, nearid_time_format, nearid_timezone_pref:*	localStorage	Preferences	NearID app running in the user browser	Persists until the user changes display settings or clears browser storage.	Remembers timezone and date/time formatting preferences.
nearid_theme_mode	localStorage	Preferences	NearID app running in the user browser	Persists until the user changes theme mode or clears browser storage.	Remembers light or dark theme preference.
nearid_notify_prefs	localStorage	Preferences	NearID app running in the user browser	Persists until the user updates account notification preferences or clears browser storage.	Stores local UI notification toggles for the account screen.
nearid_onboarding_dismissed	localStorage	Preferences	NearID app running in the user browser	Persists until browser storage is cleared.	Remembers dismissal of the onboarding checklist.
platform_partner_queue_filters:* and saved filter preset keys	localStorage	Preferences	NearID app running in the user browser	Persists until the user changes queue/search presets or clears browser storage.	Saves staff queue filters, search state, and reusable filter presets.
nearid_staff_docs_recent	localStorage	Preferences	NearID app running in the user browser	Persists until overwritten or browser storage is cleared.	Remembers recently opened staff docs.
nearid:invoice-ready:<orgId>:<invoiceId>	sessionStorage	Preferences	NearID app running in the user browser	Current tab or browser session only.	Suppresses duplicate invoice-ready prompts within the same session.

5. Partner panel storage inventory

The partner panel uses first-party browser storage for authenticated partner sessions and a transient session-expired notice. The public partner auth routes link back to this policy from the shared legal footer.

Item	Storage	Classification	Provider	Duration	Purpose
nearid_partner_access_token	localStorage	Strictly necessary	NearID app running in the user browser	Persists until logout, token replacement, or manual browser clearing.	Authenticates partner-panel API requests.
nearid_partner_session	localStorage	Strictly necessary	NearID app running in the user browser	Persists until logout, session replacement, or manual browser clearing.	Caches partner, user, and status context for authenticated partner-panel bootstrapping.
nearid_partner_auth_notice	sessionStorage	Strictly necessary	NearID app running in the user browser	Current tab or browser session only.	Carries a transient session-expired notice across partner auth transitions.

6. Analytics and marketing status

No active analytics or marketing cookies were identified in the audited website, admin-console, or partner-panel client code as of April 14, 2026.

Some web security policies allow connections to common analytics domains for future operational use, but allowlisted endpoints are not the same thing as active browser identifiers. This policy classifies actual storage behavior, not hypothetical future integrations.

7. Managing cookies and storage

You can clear cookies and browser storage through your browser settings. Blocking or deleting strictly necessary items may break sign-in, session refresh, CSRF protection, invite acceptance, or support and partner workflows.

Preference items can usually be recreated by using the app again, but you may lose saved filter state, theme settings, docs recents, or time-format preferences.

8. Contact and updates

Cookie, privacy, and data rights requests: privacy@nearid.com

General support: support@nearid.com

Source-of-truth inventory: docs/legal/cookie-inventory.md