Skip to content
Garisea

Cookie Policy

Last updated: May 18, 2026

1. Introduction

This Cookie Policy explains what cookies and similar tracking technologies Garisea uses, what each one does, how long they last, and how you can control them. It applies to the Garisea web surfaces ( garisea.com and dealer.garisea.com) and to the equivalent local storage used by the Garisea mobile apps for iOS and Android. For the broader picture of how we handle personal information, see our Privacy Policy.

2. What Are Cookies

A cookie is a small text file a website places on your device to remember something between visits — your login session, your preferred theme, your last-viewed location. The mobile app uses equivalent on-device storage mechanisms (Keychain, Keystore, SharedPreferences, Hive boxes) that serve the same purposes; we'll cover those in Section 7.

We group cookies into four categories: essential, preference, analytics, and third-party. You can manage every category except essential cookies through the cookie consent banner on first visit and from your browser settings at any time.

3. Essential Cookies

These cookies are strictly necessary for Garisea to work. Without them, you can't sign in, submit a form, or stay authenticated across pages. They cannot be disabled.

CookiePurposeLifetime
access_tokenAuthenticates your session for in-app requests. HttpOnly + Secure + SameSite=Lax.30 minutes
refresh_tokenAllows your session to be refreshed without re-entering your password. Rotated on every use.30 days
garisea_csrfCSRF protection token for state-changing requests.Session
cf_*Bot mitigation + DDoS protection tokens set by our security provider.30 minutes
cookie_consentRemembers your cookie preferences so the banner doesn't reappear.1 year

4. Preference Cookies

These remember choices you've made so we can present the experience the way you like it. You can clear them anytime from your browser; the only effect is that Garisea will reset to its defaults.

Cookie / StoragePurposeLifetime
themeLight / dark / system theme preference.1 year
last_locationYour last-selected browse location (e.g. Nairobi) so search defaults sensibly.90 days
currencyDisplay currency (KES default).1 year
languageUI language (currently English-only).1 year

5. Analytics Cookies

Analytics cookies help us understand how the marketplace is being used, which features drive engagement, and where users drop off. The aggregate insights help us prioritise improvements. We only set analytics cookies after you accept via the cookie consent banner.

Our analytics provider sets a small number of cookies on your browser to:

  • Distinguish unique visitors (a 2-year identifier).
  • Maintain per-property session state across page loads (also up to 2 years).
  • Aggregate daily unique-visitor counts (a short-lived 24-hour identifier).

The analytics provider is configured with IP anonymization on and data-sharing with its advertising ecosystem off. We do not use it for advertising remarketing or cross-app tracking.

6. Third-Party Cookies and Embedded Content

Some features depend on third-party services that set their own cookies in your browser. We don't control these cookies — they fall under each provider's privacy policy.

  • Bot mitigation / DDoS protection — security cookies set automatically when you load any garisea.com page; required for the site to function safely.
  • Image and video CDN — when vehicle photos and videos load, the media CDN may set minimal caching cookies. No personal data is shared with it.
  • Maps and location autocomplete — when a map renders (e.g. on the viewing-location picker), the maps provider sets its own cookies.
  • Payment processing— when a dealer is redirected to our payment provider's checkout page to top up the wallet, the provider sets its own session cookies. These cookies are scoped to the provider's domain and never reach garisea.com.

7. Mobile App Storage (iOS and Android)

The Garisea mobile app doesn't use HTTP cookies — those are a browser concept. Instead it uses on-device storage primitives that serve the same purposes. Here's the full inventory:

StoragePurposeEncrypted by OS?
iOS Keychain / Android KeystoreAuthentication tokens (access + refresh). Excluded from device backup.Yes (hardware-backed where available)
SharedPreferences / UserDefaultsUser preferences: theme, language, last-viewed location, notification toggles.No (sandboxed to the app)
Hive boxes (Flutter local DB)Recently-viewed vehicles, search history, saved-for-offline favourites.No (sandboxed to the app)
Image cacheCached vehicle photos for faster scrolling and offline browsing.No (excluded from cloud backup)
Push notification identifierPer-install identifier issued by the push notification provider so alerts reach your device.N/A (managed by the push provider)
Crash-monitoring breadcrumbsLast 100 in-app actions (taps, navigation) used to attach context to a crash if one occurs. Sent only if a crash is captured.No (in-memory until crash)

On iOS, the Advertising Identifier (IDFA) is collected only if you grant App Tracking Transparency consent on first launch. We default to off.

Clearing app data from your device's OS settings removes everything except the push-provider installation identifier (which regenerates on next launch). Uninstalling the app removes everything, including tokens — you'll need to sign in again next time you install.

8. Managing Your Preferences

You can change your cookie preferences in three places:

  • On Garisea— the cookie consent banner is shown on your first visit. You can toggle analytics on or off there. To change later, look for the “Cookie settings” link in the website footer.
  • In your browser— Chrome, Safari, Firefox, and Edge all let you view, block, and delete cookies per site. Search your browser's help for “manage cookies” — the exact path varies.
  • In the mobile app — go to Profile → Notification Preferences to manage push notification categories. For App Tracking Transparency (iOS only), use Settings → Privacy & Security → Tracking on your device.

Disabling essential cookies will break authentication and key features. Disabling analytics cookies has no functional impact — you'll just be less visible to us in aggregate metrics.

9. Do Not Track and Global Privacy Control

We respect the Global Privacy Control (GPC)signal sent by browsers that support it. When your browser sends a GPC header, we treat it as an explicit opt-out of analytics cookies for that session. We don't respond to the older “Do Not Track” header because it's been deprecated by every major browser; we rely on the consent banner instead.

10. Changes to This Cookie Policy

We may update this Cookie Policy as we add or remove third-party services, change retention periods, or align with new regulations. Material changes will be communicated via a banner on the website and an email to your account if you have one. The “Last updated” date reflects the most recent revision.

11. Contact

For cookie-related questions, contact [email protected].