A little background: how browsers and cookies work

← Back

What is local storage? {#local-storage}

Local storage is a small area inside your browser where websites can save data on your device. Think of it like a stack of sticky notes attached to your browser window — each website gets its own stack, and the notes stay there until something removes them.

Key facts:

• Stored entirely on your device — nothing is sent to any server
• Specific to the browser and device you are using
• Survives closing the browser tab, and even restarting your computer
• Can be cleared by you (browser settings → clear site data), or automatically by the browser itself

Why does Safari clear it automatically? Apple introduced a feature called Intelligent Tracking Prevention (ITP) to protect privacy by limiting how long websites can track you. An unintended side effect is that Safari removes local storage data after a period of inactivity — typically around seven days if you haven't visited the site recently. This can make your lists disappear from the home page, even though the lists themselves still exist on our server.

What is a cookie? {#cookie}

A cookie is a tiny piece of information that a website asks your browser to store and send back on every future visit. Think of it like a numbered bracelet you receive at a coat check — the number identifies your coat, and you hand it back every time you want to retrieve something.

Our cookie (device_key):

• Contains a randomly generated code, e.g. a3f7c2b8e1... (64 hex characters)
• Is stored only in your browser, on this device
• Expires after 2 years
• Is marked HTTP-only, meaning no JavaScript on the page can read it — only the server sees it
• Has no tracking or advertising purpose — it is purely functional

How to remove it: Open your browser settings, find the section for cookies or site data, search for shared-lists.com, and delete the device_key entry.

What is a random ID?

A random ID is just a very long string of characters generated by a computer with no connection to who you are. Ours look like: a3f7c2b8e19d4f06...

Think of it like a locker number at the gym: the number unlocks your locker, but it tells no one your name, address, or anything else about you. If someone found the number on a piece of paper, they would know nothing about the person it belongs to.

That is exactly how your device key works: it links your browser to your list records on our server, but the link is meaningless without your browser. Even we cannot connect it to you as a person.

Why does this matter for your privacy?

When you use shared-lists.com without opting into the server backup:

• We store your lists (so you can share them via link)
• We have no idea who created them or who is viewing them

When you opt into the server backup:

• We additionally store a small record linking your list IDs to your device key
• We still have no idea who you are

The only scenario in which we could learn something personal about you is if you wrote personal information into a list title or item — for example, "My shopping list — John" or a list containing your home address. We can read that text. We just cannot connect it to a real person unless you told us who you are.