Cookie Policy
Effective date: May 12, 2026 Last updated: May 12, 2026
This Cookie Policy explains how Mesh Yazılım Teknoloji Limited Şirketi ("Nexus Dijital", "we") uses cookies and similar technologies on https://nexusdijital.com and https://app.nexusdijital.com (the "Service").
This policy works alongside our Privacy Policy.
1. What cookies are
Cookies are small text files placed on your device by your browser when you visit a website. They store information such as preferences, session state, or authentication tokens. We also use similar technologies like localStorage and service workers for the same purposes.
2. Categories of cookies we use
We use the minimum necessary for the Service to work. We do not use third-party advertising or tracking cookies.
2.1 Strictly necessary (cannot be disabled)
| Name | Purpose | Lifetime | Set by |
|---|---|---|---|
nexus_refresh |
Authentication refresh token (httpOnly, Secure, SameSite=Strict) | 30 days | First-party |
nexus_csrf |
CSRF protection token for sensitive admin actions | session | First-party |
nexus_locale |
Your selected interface language | 1 year | First-party |
__cf_bm |
Cloudflare bot management (security) | 30 min | Cloudflare |
cf_clearance |
Cloudflare challenge verification | 30 min | Cloudflare |
These cookies are essential for security, authentication, and basic site function. They cannot be turned off without breaking the Service.
2.2 Functional (you choose)
| Name | Purpose | Lifetime |
|---|---|---|
nexus_ui_prefs |
Remember your sidebar / theme / view preferences | 1 year |
nexus_consent |
Records your cookie consent choices | 1 year |
These cookies make the site nicer but aren't essential. You can disable them via the consent banner.
2.3 Analytics (you choose)
We use a privacy-respecting analytics tool (PostHog in cookieless mode where possible). When fully enabled with consent:
| Name | Purpose | Lifetime |
|---|---|---|
ph_<project>_posthog |
Aggregate product usage metrics; no cross-site tracking; no advertising IDs | 1 year |
These are off by default until you accept via the consent banner. We use them only to improve the product.
2.4 We do NOT use
- Advertising cookies (Google Ads, Meta Pixel, etc.)
- Cross-site tracking cookies
- Third-party social-media share-button trackers
- Re-marketing pixels
3. Local storage and service worker
We use browser localStorage to cache: - Your selected workspace and brand - Recent dashboard view state (collapsed sidebars, last-viewed tab)
We use a service worker to: - Cache static assets (the SPA bundle, fonts, images) for faster loading and offline tolerance - Receive web-push notifications you've opted into (e.g., "your post has been published")
You can clear localStorage and unregister the service worker via your browser settings.
4. Your choices
4.1 Cookie consent banner
The first time you visit, you'll see a consent banner where you can: - Accept all — strictly necessary + functional + analytics - Reject non-essential — only strictly necessary cookies are set - Customize — fine-grained control per category
You can change your choices anytime via the "Cookie Settings" link in our website footer or Settings → Privacy → Cookies in the app.
4.2 Browser controls
You can also block or delete cookies through your browser: - Chrome: Settings → Privacy and security → Cookies and other site data - Firefox: Settings → Privacy & Security → Cookies and Site Data - Safari: Preferences → Privacy → Cookies and website data - Edge: Settings → Cookies and site permissions
Disabling strictly necessary cookies will prevent you from logging in or using the Service.
4.3 Do Not Track
Our Service respects the Global Privacy Control (GPC) signal. If your browser sends GPC, we automatically apply your refusal to all non-essential cookies.
5. Cookies set by sub-processors
When you connect a social platform, that platform may set its cookies in the OAuth flow window. We do not control those cookies; they are governed by the platform's own policy:
- Facebook / Instagram: https://www.facebook.com/policies/cookies/
- LinkedIn: https://www.linkedin.com/legal/cookie-policy
- Telegram: https://telegram.org/privacy
When you make payments, our payment processor sets cookies on its own checkout page: - iyzico: https://www.iyzico.com/cerez-politikasi - Stripe: https://stripe.com/cookies-policy/legal
6. Updates
We may update this policy. Material changes will be announced 30 days in advance via email and in-app banner. The "Last updated" date at the top shows the current revision.
7. Contact
- Email:
[email protected] - DPO:
[email protected]