diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte
index ad302c55..e2216906 100644
--- a/src/routes/idaa/(idaa)/+layout.svelte
+++ b/src/routes/idaa/(idaa)/+layout.svelte
@@ -148,7 +148,13 @@ $effect(() => {
                 novi_verifying = false;
                 return;
             }
-            // Case 1: no UUID, no cached session — non-Novi path, deny normally.
+            // Case 3: no UUID, no cached Novi session, but user has trusted/manager access.
+            // They are legitimately authenticated via a non-Novi path — do NOT purge.
+            if ($ae_loc.trusted_access) {
+                novi_verifying = false;
+                return;
+            }
+            // Case 1: no UUID, no cached session, no elevated access — anonymous user.
             // Purge any IDAA data that may have been cached from a previous session.
             $idaa_loc.novi_verified = false;
             novi_verifying = false;
diff --git a/src/routes/idaa/(idaa)/bb/+page.svelte b/src/routes/idaa/(idaa)/bb/+page.svelte
index a5224ef9..d3a8a14c 100644
--- a/src/routes/idaa/(idaa)/bb/+page.svelte
+++ b/src/routes/idaa/(idaa)/bb/+page.svelte
@@ -119,7 +119,7 @@ let lq__post_obj_li = $derived.by(() => {
 // link prefetch (hover), causing private IDAA data to be written to IDB before auth runs.
 // $effect only runs post-mount, after the layout has completed Novi verification.
 $effect(() => {
-    if (!$idaa_loc.novi_verified) return;
+    if (!$idaa_loc.novi_verified && !$ae_loc.trusted_access) return;
     untrack(() => {
         posts_func.load_ae_obj_li__post({
             api_cfg: $ae_api,