Cookies are small text files placed on your device when you visit a website. They allow the website to remember information about your visit, such as your login status and preferences, to improve your experience on subsequent visits.
In addition to traditional cookies, we also use related storage technologies such as localStorage and sessionStorage in your browser, and HTTP-only session cookies for authentication. This policy covers all of these technologies collectively.
RentaKoto uses the following categories of cookies and local storage:
2.1 Strictly Necessary Cookies
These cookies are essential for the Platform to function. They cannot be disabled without breaking core functionality.
| Cookie / Key | Purpose | Provider | Expires |
|---|---|---|---|
next-auth.session-token (or __Secure-next-auth.session-token on HTTPS) |
Authenticates your logged-in session. Set by NextAuth.js after sign-in. | RentaKoto (NextAuth.js) | Session / 30 days |
next-auth.csrf-token |
Protects against cross-site request forgery attacks. | RentaKoto (NextAuth.js) | Session |
next-auth.callback-url |
Stores the URL to redirect to after sign-in completes. | RentaKoto (NextAuth.js) | Session |
rk_role (or similar role cookie) |
Remembers your active role (Renter, Landlord, or Service Provider) across page loads. | RentaKoto | 30 days |
2.2 Functional Cookies & Local Storage
These are used to remember your preferences and improve your experience, but the Platform can still function if they are cleared.
| Key | Purpose | Storage Type | Expires |
|---|---|---|---|
| Notification / settings preferences | Remembers your notification and display preferences set in the Platform settings. | localStorage / API (server-side) | Persistent until changed |
| Push notification subscription | Stores your browser push notification endpoint so we can deliver notifications to your device. | Server-side (database) | Until revoked |
2.3 Third-Party Cookies
Some features of the Platform load resources from third-party services that may set their own cookies on your device. These are governed by the respective provider's privacy and cookie policies.
| Provider | Purpose | Their Policy |
|---|---|---|
| Google (Sign-In & Maps) | Google OAuth sets cookies to manage your Google sign-in state. Google Maps / Places API may set cookies when the map or address autocomplete is loaded. | Google Privacy Policy |
| Stripe | When you use Stripe's payment elements (card setup or checkout), Stripe may set cookies for fraud prevention, session tracking, and payment security. | Stripe Privacy Policy |
| Xendit / NovusX | When you are redirected to Xendit-powered payment pages (for GCash, Maya, bank transfers), Xendit may set cookies on those pages. | Xendit Privacy Policy |
You can control and manage cookies in your browser settings. Most browsers allow you to:
Please note that disabling strictly necessary cookies (Section 2.1) will prevent you from logging in and using most Platform features. Disabling third-party cookies may affect the address autocomplete and payment features.
Links to cookie management instructions for common browsers:
Push Notifications: You can revoke push notification permission at any time in your browser's site settings (look for "Notifications" under the RentaKoto site permissions). You can also manage notification preferences within the Platform's Settings page.
We may update this Cookie Policy as our use of cookies or third-party services changes. When we make material changes, we will update the "Effective Date" above and notify you through the Platform's Terms acceptance screen. Continued use of the Platform after changes take effect constitutes your acceptance of the updated policy.
If you have questions about our use of cookies or this Cookie Policy, please contact us: