Legal · Synaltix LLC
Cookie Policy
Cookies and similar technologies used on synaltix.io.
Last updated: 2026-05-29 · Version: 1.0
1. What cookies are
A cookie is a small text file that a website places on your device. We also use related techniques (localStorage, sessionStorage). For brevity all of these are called "cookies" below.
2. Categories we use
Strictly necessary (always active)
These cookies keep the site secure and functional. They cannot be disabled and do not require consent.
| Name | Provider | Purpose | Lifetime |
|---|---|---|---|
| NEXT_LOCALE | Synaltix | Remember your selected language | 1 year |
| synaltix_cookie_consent | Synaltix | Store your cookie preference (localStorage) | 13 months |
| __cf_bm | Cloudflare | Bot detection / security | 30 minutes |
| cf_clearance | Cloudflare | Bypass passed challenge | Up to 30 days |
Analytics (only with your consent)
We do not currently load analytics or marketing cookies at all. If we add them in the future, they will only fire once you consent through the banner. The banner offers granular per-category opt-in and the "Reject all" button has equal visual weight to "Accept all".
Marketing (not used)
We do not currently use marketing or advertising cookies.
3. Managing your choice
The cookie banner appears on your first visit and whenever the policy version changes. You can change your decision at any time via the Cookie Preferences link in the footer or through your browser settings. Withdrawal is as easy as giving consent (GDPR Art. 7(3); KVKK md. 5).
4. Evidence and accountability
Each consent decision is mirrored to /api/consent/log with a per-day hashed device fingerprint, so we can demonstrate compliance with GDPR Art. 7(1) and KVKK md. 5. We do not log raw IPs or User-Agents.
5. Cross-border transfers
Cloudflare and Vercel may process the cookies above in the United States. Transfers rely on EU Standard Contractual Clauses 2021/914 plus supplementary technical measures (EDPB Recommendations 01/2020).
6. Legal basis (jurisdiction summary)
- EU/EEA: ePrivacy Directive 2002/58 Art. 5(3); GDPR Art. 6(1)(a) and 7.
- UK: PECR Reg. 6; UK GDPR Art. 6(1)(a).
- Türkiye: KVKK md. 5/1 and md. 5/2(f); KVK Kurulu Çerez Rehberi (June 2022).
- California: CCPA/CPRA — we treat Global Privacy Control as a binding opt-out signal.