Cookie policy

Last updated: 20 June 2026

RoomSwapping uses cookies and similar technologies to operate the platform securely, keep you signed in, remember your language preference, process payments and support essential functionality — and, only with your consent, to measure our advertising. This policy lists exactly what we use.

1. What are cookies?

Cookies are small text files stored on your device by websites you visit. They allow the platform to recognise your browser, maintain secure sessions, and remember certain preferences. We may also use similar technologies such as local storage where appropriate.

2. Cookies and storage technologies we use

RoomSwapping uses a small number of cookies and storage technologies. They fall into two groups:

  • Strictly necessary — always active. Required for login, security, language and online payment. They cannot be switched off because the platform would not work without them.
  • Marketing — optional and off by default. Only set after you accept marketing cookies, to measure our advertising (see section 5).

When you first visit, a consent banner lets you Accept all, Reject all, or choose categories and Save choices. Your decision is kept for 180 days, after which we ask again. You can change or withdraw it at any time via the Manage cookies link in the footer.

3. Strictly necessary cookies

  • __Host-rs_session (named rs_session in development) — authentication session cookie used for login, account access, API requests and WebSocket connections. HttpOnly, Secure in production, SameSite=Lax, expires after about 24 hours or at logout. It cannot be read by browser JavaScript.
  • rs_marketing_consent — records your marketing-cookie choice so our servers know whether server-side advertising measurement is allowed. Kept for 180 days, Secure over HTTPS, SameSite=Lax. It stores only your consent state, not an advertising identifier.
  • __stripe_mid / __stripe_sid — set by Stripe on its hosted checkout pages (checkout.stripe.com) when you pay. They are strictly necessary for Stripe to process the payment and prevent fraud, and are governed by Stripe's own cookie and privacy policies.

4. Functional storage and preferences

Cookie

  • NEXT_LOCALE — remembers your language preference so the platform reopens in your chosen language (kept for about one year).

Browser local storage — kept on your device until you clear it or until it is used, and never sent automatically to advertisers:

  • cookieConsent — your cookie decision (the marketing flag, a version number and a timestamp), used to apply the 180-day consent logic.
  • rs.partnerCode — a partner attribution code, kept until it is applied to your account.
  • rs.hostReferralToken — a host-referral token, kept until it is applied.
  • welcome-completed, student-onboarding-dismissed, profile-banner-dismissed, matches-explainer-open — interface preferences so we don't repeat onboarding steps or banners.

Browser session storage — cleared when you close the tab:

  • welcome-trigger, post-auth-redirect, listing-import — short-lived values used to complete onboarding, return you to the right page after login, and carry an in-progress listing import.

5. Advertising & measurement cookies (with your consent)

RoomSwapping uses advertising and measurement cookies from Meta Platforms (the “Meta Pixel”) only after you accept marketing cookies. The Meta Pixel runs in your browser and is not loaded at all until you consent. If you reject — or later withdraw — consent, these cookies are not set and no advertising data is sent to Meta.

With your consent, cookies such as _fbp (kept up to 90 days) and _fbc (set when you arrive from a Meta ad carrying a click identifier, kept up to 90 days) let us measure how our campaigns perform — for example which ads lead to viewing a room, registering, or publishing a listing. In parallel, a server-side copy of these events is sent to Meta through its Conversions API; this server-side sending also happens only after you consent. We minimise what is shared: identifiers such as your email address or user ID are hashed before sending, and we never send sensitive data, message content, documents or payment details. We do not enable Meta Advanced Matching in your browser, and we do not use fingerprinting for advertising.

Choosing Reject all disables all marketing tracking, both in the browser and server-side. You can change or withdraw your choice at any time via the Manage cookies link in the footer.

6. Managing your choices

You control optional cookies through our consent banner and the Manage cookies link in the footer, which is available on every page. From there you can Accept all, Reject all, or toggle the Marketing category and Save choices. Strictly necessary cookies are always on and cannot be switched off. Your choice is remembered for 180 days, after which we ask again; you may withdraw or change it at any time, and you can also manage or delete cookies through your browser settings.

For clarity, RoomSwapping currently does not use:

  • Google Analytics or any general web-analytics cookies;
  • Sentry or similar error-monitoring in production;
  • newsletter or marketing-email sign-ups;
  • any third-party chat or support widget.

Blocking strictly necessary cookies may affect authentication, payment, session management or other platform functionality. External uptime monitoring is used to check that the site is reachable; it does not set cookies on your device.

7. Changes to this policy

We may update this Cookie policy from time to time to reflect legal, technical, or operational changes. The "Last updated" date reflects the current version.

8. Contact

For questions regarding cookies or privacy, contact [email protected] or use the Contact page.