This text is a draft. It is not binding until reviewed by a Turkish fintech lawyer and GDPR/KVKK counsel. The effective date will be set after final approval.
Legal · EN
Cookie Policy
Which cookies we use, which are strictly necessary, which you can decline, and how to manage them from your browser.
Last updated: TBD
1. What is a Cookie?
Cookies are small text files placed in your browser when you visit a website. They are used to keep your session open, remember your language preference, and run the site securely.
2. Strictly Necessary Cookies
Without these the platform does not function; they cannot be declined (the law itself exempts them). They are used for:
- Supabase session cookie (sb-...): remembers that the user is signed in. Lifetime: session / 30-day rolling. HttpOnly + Secure + SameSite=Lax.
- CSRF token: forgery protection on form submissions.
- Load balancer / hosting route cookie: keeps a request session pinned to the same server.
3. Functional Cookies
- Language preference (locale): EN / TR selection.
- Theme preference (dark / light), notification preference, and grid/sort preference as UX helpers.
You may delete these from your browser settings; defaults will be applied on the next visit.
4. Analytics Cookies
At launch there are NO third-party analytics cookies. In a later phase (Phase 7+) we may add privacy-friendly usage analytics via self-hosted PostHog: in that case cookie use will be gated on opt-in consent and this page will be updated accordingly.
5. Advertising Cookies
6. Managing Cookies in Your Browser
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Firefox: Settings → Privacy & Security → Cookies and Site Data.
- Safari: Preferences → Privacy → Manage Website Data.
- Edge: Settings → Cookies and site permissions.
If you decline the strictly necessary cookies, sign-in and checkout flows will not function.
7. Changes
If a new cookie category is added (e.g. analytics), this page is updated and a fresh consent dialog will appear on the next visit.