Applicable jurisdiction
These documents are presented for the United States. KeyBrox is operated by a Turkish company (ASTRAL GAYRİMENKUL DANIŞMANLIK TİC. LTD. ŞTİ.); Turkish law governs the agreement, while your mandatory local data-protection and consumer rights remain reserved and unaffected.
Data-protection framework: CCPA / CPRA · Supervisory authority: the California Privacy Protection Agency or your State Attorney General
Cookie Policy
This policy explains how the KeyBrox platform (the “Platform”) uses cookies and similar technologies. The Platform is operated by ASTRAL GAYRİMENKUL DANIŞMANLIK TİCARET LİMİTED ŞİRKETİ. By using the Platform, you accept the use of cookies described in this policy.
1. What Is a Cookie?
Cookies are small text files placed on your browser by websites. They are used for purposes such as session management, remembering user preferences, and usage analytics. Cookies do not provide direct access to personal data; however, some cookies may indirectly identify you.
In addition to cookies, similar technologies such as local storage, session storage, and pixel tags may also be used for comparable purposes.
2. Types of Cookies We Use
2.1. Strictly Necessary Cookies
Purpose: Required to provide the core functions of the Platform. Without these cookies you cannot sign in or access secure pages.
Consent: Not required — legitimate/contractual basis (GDPR Article 6(1)(b)).
| Cookie Name | Purpose | Duration |
|---|---|---|
| `astra_session` | Encrypted session data (AES-256-GCM; JWT access + refresh token) | 30 days |
| `__vercel_no_redirect` | Vercel edge routing control | Session |
| `wordpress_logged_in_*` | Session authentication (secure sign-in) | 14 days |
| `wp_rest_nonce` | CSRF protection (REST API) | Session |
2.2. Preference Cookies
Purpose: Remembering user preferences and interface settings.
Consent: With explicit consent (cookie banner on first visit).
| Storage | Purpose | Duration |
|---|---|---|
| `astra_motiv_last` (localStorage) | Date the daily motivation modal was last shown | Persistent |
| `astra_notes` (localStorage) | User's quick notes (on-device) | Persistent |
| `astra_login_prompt_seen` (sessionStorage) | Preventing the sign-in modal from showing again | Session |
| `asist_tour_done` (localStorage) | Completion state of the Assist Chain tour guide | Persistent |
| `astra:*` (sessionStorage) | SWR cache (temporarily caches API responses) | Session (max 30 min TTL) |
2.3. Analytics Cookies
Purpose: Understanding Platform usage, identifying popular features, and improving the user experience.
Consent: With explicit consent (cookie banner acceptance).
| Cookie/Technology | Provider | Purpose | Duration |
|---|---|---|---|
| `_va` / `_vau` | Vercel Analytics | Page views, performance measurements | 1 year |
| `_ga` / `_gid` | Google Analytics 4 | User interaction analysis (if enabled) | 2 years / 24 hours |
Analytics data is collected in anonymized form. IP address masking (IP anonymization) is active. Individual users cannot be identified.
2.4. Marketing / Third-Party Cookies
Purpose: Targeted advertising or remarketing.
Consent: With explicit consent (cookie banner — separately confirmed).
KeyBrox does not currently use active marketing cookies. If marketing cookies are added in the future, this policy will be updated and explicit consent will be obtained again. Potential third parties:
- Google Ads / Google Tag Manager (not yet active)
- Meta (Facebook) Pixel (not yet active)
3. Third-Party Cookies
The following third-party service providers may set their own cookies or use similar technologies on the Platform:
3.1. OneSignal Inc. (USA)
Push notification infrastructure. Uses a Service Worker and IndexedDB to manage browser notification permission and subscription state. Data is processed in the USA (under Standard Contractual Clauses — SCC + DPA).
3.2. Vercel Inc. (USA)
Platform frontend hosting and CDN provider. Uses minimal cookies and analytics for edge routing and performance measurement. Processes data in the USA (SCC + SOC 2 Type II).
3.3. Google LLC — Firebase (FCM) (USA/EU)
Mobile push notification infrastructure (Firebase Cloud Messaging). Used for device token management. Subject to Google's privacy policy (SCC + ISO 27001).
3.4. Cloudflare Inc. (Global)
CDN, DNS, and security (WAF) provider. May use the `__cf_bm` cookie for bot protection and performance (session-based, 30 min). Transfer safeguard: SCC + ISO 27001 + SOC 2.
AI-powered features (Assist chat, listing text generation) run on Google LLC (Gemini) infrastructure; this service does not set cookies, but SCC + DPA safeguards apply to the data processed and data is not used for model training.
4. Managing Cookies
4.1. Browser Settings
Most modern browsers allow you to manage cookie settings. You can find how to reach cookie settings in the following browsers:
- Google Chrome: Settings > Privacy and Security > Cookies and other site data
- Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Microsoft Edge: Settings > Cookies and site permissions
4.2. Effects of Blocking Cookies
Warning: If you block strictly necessary cookies, you will not be able to sign in to the Platform and core features will not work. If you block preference cookies, some of your settings may not be remembered. Blocking analytics cookies does not affect your use of the Platform.
4.3. Mobile Application
In the KeyBrox mobile application (Android), cookies are managed within the Capacitor WebView. You can delete all on-device cookies by clearing the application data from your device settings.
5. Local Storage and Session Storage
In addition to cookies, the Platform uses browser local storage and session storage areas. These technologies:
- Are not sent to the server automatically (unlike cookies).
- Are stored locally on your device.
- Can be deleted by clearing your browser history.
- Session storage: Deleted automatically when the browser tab is closed.
- Local storage: Stored persistently (until the user deletes it).
6. Cookie Consent Management
On your first visit to the Platform, you will encounter a cookie banner. Through this banner you can:
- Accept all cookies.
- Accept only strictly necessary cookies.
- Make a category-by-category selection.
You can change your preferences at any time (the “Cookie Preferences” link in the footer).
CCPA — Do Not Sell or Share (California)
Under the California Consumer Privacy Act (CCPA/CPRA), KeyBrox does not sell your personal information and does not share it for cross-context behavioral advertising. As no active marketing/advertising cookies are currently in use, there is no data to be shared. Should such processing begin in the future, you may submit your request via the “Do Not Sell or Share My Personal Information” link in the footer.
7. Updates
This Cookie Policy may be updated in line with technical changes or legal requirements. For material changes:
- The updated text is published on this page.
- Consent is obtained again when new cookie categories are added.
- The “Last updated” date is revised.
8. Contact
For questions or requests regarding the use of cookies:
Data/Privacy: kvkk@keybrox.com
General Support: info@keybrox.com
Address: Aksoy Mahallesi Girne Caddesi 36/3 Zemin Kat, Karşıyaka/İzmir, Türkiye
