Approval-gated legal draft
Cookie Policy
Draft for Brandon/counsel review. Do not publish as final legal advice or a legal commitment until approved.
Template version: legal-pages/v1
Product: StoneQuarries.net
Contact: privacy@stonequarries.net
Review gate
This page adapts the EXC-279 cookie policy and consent standard for StoneQuarries.net. It documents the current cookie/provider inventory found in the codebase, but final legal publication and any new tracking provider remain approval-gated.
EXC-279 consent categories
Necessary
Category key: necessary
Always enabled for site operation, security, authentication, abuse prevention, consent storage, CMS/admin access, and approved account/billing workflows.
Preferences
Category key: preferences
Optional settings that remember non-essential user choices. Current code uses local storage for cookie preferences; no separate optional preferences provider is approved.
Analytics
Category key: analytics
Optional site measurement. Google Analytics is present in the codebase and should load only after analytics consent.
Marketing
Category key: marketing
Optional advertising, retargeting, campaign attribution, affiliate pixels, or cross-site tracking. No marketing cookie provider is currently approved.
Current cookie and provider inventory
| Cookie or technology | Provider | Category | Purpose | Duration |
|---|---|---|---|---|
| sq-cookie-consent | StoneQuarries.net | necessary | Stores the visitor's cookie category choices locally so the banner does not reappear on every page load. | Until local storage is cleared or the consent revision changes. |
| Google Analytics cookies such as _ga and _ga_* | Google Analytics | analytics | Measure aggregate site usage and page views after the visitor grants analytics consent. | Set by Google Analytics configuration, commonly up to 2 years. |
| Google Maps embed requests and related Google cookies | Google Maps / Google | necessary | Render quarry map embeds and nearby-location context on public directory pages. | Set by Google for Maps/embed services. |
| Google reCAPTCHA cookies and device/application data | Google reCAPTCHA | necessary | Protect forms such as contact, claim, quote, or sourcing-help submissions from automated abuse when configured. | Set by Google reCAPTCHA configuration. |
| Clerk session/client cookies | Clerk | necessary | Authenticate users and maintain account/listing-owner sessions where Clerk is configured. | Set by Clerk configuration/session lifetime. |
| Payload CMS/admin cookies and CSRF/session state | Payload CMS / app | necessary | Support authenticated CMS/admin/editor access and security controls. | Session or configured Payload lifetime. |
| Stripe checkout, billing portal, and fraud-prevention cookies | Stripe | necessary | Support approved checkout, subscription, billing portal, and fraud-prevention workflows if commercial features are activated. | Set by Stripe. |
| Vercel platform logs and request metadata | Vercel | necessary | Hosting, security, troubleshooting, and reliability logs. Not a browser marketing cookie controlled by the banner. | Per Vercel/project log retention configuration. |
| Sentry diagnostics cookies/local storage where configured | Sentry | necessary | Error monitoring and reliability diagnostics when Sentry is configured for the app. | Set by Sentry/project configuration. |
Managing choices
Use the cookie banner or the footer cookie preferences control to choose necessary-only mode or save category preferences. Necessary cookies stay enabled because the app cannot provide site operation, security, abuse prevention, maps, consent storage, authentication, CMS/admin access, or approved account/billing flows without them.