Cookies are small text files stored on your device by your web browser. They allow a site to remember your actions and preferences so you do not have to re-enter them each visit.
Showrooms.pk also uses localStorage — a browser storage mechanism similar to cookies but which stays entirely on your device and is never sent to our servers in HTTP headers. We use it for authentication state, saved favourites, search history, and view deduplication.
Every cookie and localStorage key used by Showrooms.pk, what it does, how long it lasts, and its category.
| Name | Purpose | Duration | Type |
|---|---|---|---|
access_token | JWT access token for authenticated API requests. | 15 minutes | Essential |
refresh_token | JWT refresh token to obtain new access tokens without re-login. | 7 days | Essential |
auth_user | Authenticated user/dealer profile object for session persistence. | Persistent (until logout) | Essential |
cookie_consent | Records whether you accepted the cookie consent banner. | 1 year | Essential |
theme | Dark/light mode preference, synced with system appearance on first visit. | Persistent | Functional |
favorites_cars | IDs of cars you have saved/favourited. | Persistent (until cleared) | Functional |
favorites_dealers | IDs of dealers you have saved/favourited. | Persistent (until cleared) | Functional |
spk_searches | Recent search queries powering trending and "Hot Searches" features. | Persistent (until cleared) | Functional |
lead_view_car_{id} | 24-hour dedup timestamp preventing the same car view from counting twice. | 24 hours | Analytics |
lead_{type}_car_{id} | 24-hour dedup for car interactions (call, WhatsApp, share, favourite). | 24 hours | Analytics |
lead_view_dealer_{id} | 24-hour dedup timestamp for dealer profile views. | 24 hours | Analytics |
lead_{type}_dealer_{id} | 24-hour dedup for dealer interactions (call, WhatsApp, inquiry). | 24 hours | Analytics |
Most data is stored in your browser's localStorage rather than traditional cookies. This means data stays on your device and is never automatically sent in request headers.
access_token / refresh_token — JWT tokens for authentication. Access expires after 15 min, refresh after 7 days. Both cleared on logout.auth_user — JSON profile object (name, email, role, avatar). Persists your session across reloads without re-fetching.favorites_cars / favorites_dealers — Arrays of saved IDs. Persist even without an account.spk_searches — Search history and seed flag powering the trending feature on the home page.lead_* — Dedup timestamps (e.g. lead_view_car_42) preventing the same interaction from counting more than once in 24 hours.None of this data is shared with third parties. localStorage data never leaves your browser unless explicitly sent via an API call you initiate (such as logging in or tracking a car view).
Showrooms.pk makes requests to a limited number of external services. These may set their own cookies or receive your IP address as part of standard HTTP requests:
api.dicebear.com. No tracking cookies are set, but their server receives your IP address and user-agent.io) to maintain the session. This is first-party infrastructure.You can control or delete cookies and localStorage data through your browser settings:
What breaks if you disable storage
We may update this policy to reflect changes in our practices or for legal and regulatory reasons. When we make material changes, we will update the effective date at the top. We encourage you to review this page periodically.
Questions about this policy or how your data is stored? Reach us at hello@showrooms.pk
Related Policies