TroveStays All legal documents

Version 1.0 · Effective 2026-06-11 · Operated by Kindleye Limited (Hong Kong)

TroveStays — Cookie and Tracking Notice

Hong Kong does not require a consent-banner-style cookie notice. This notice is published because we believe in being open about what we store on your device. It is part of our Privacy Policy (02-privacy-policy.md).

TroveStays is delivered to you as a mobile app (iOS and Android) and a website (desktop and mobile web). On the mobile app, "cookies" in the browser sense do not apply; instead we use the device's secure storage. On the website we use ordinary browser storage and a small number of strictly necessary cookies. This notice covers both.


1. What we store on your device

Where it lives What it is Why
Expo SecureStore / browser HTTP-only cookie or local-storage Your TroveStays authentication session — a token that proves you are signed in Keep you signed in between visits without you having to re-enter your password each time
AsyncStorage (mobile) / localStorage (web) Your preference settings (preferred currency, language, dark/light mode if applicable) and a small cache of hotel rates so the app is faster Performance and continuity of preferences
In-memory Your active checkout state, the post you are currently scrolling, your impression buffer (which posts you have seen for more than ~2.5 seconds) Operating the current screen and feeding the impression upload that runs when you change tab or close the app
Server-side, tied to your account, not your device Your record of seen posts Avoiding showing you the same post twice; ranking the Discover feed

On the web, the only cookies we set are strictly necessary ones — the authentication cookie above, and a session-balance cookie. We do not set advertising cookies and we do not allow third-party advertising trackers on our pages.


2. What we do not do


3. Third-party storage incidental to features you use

The following third-party services we integrate with may set their own cookies or use their own storage on your device when you use the feature they support. They do so under their own privacy policies, which apply between you and them.

Provider When What for
LiteAPI / Stripe payment iframe When you are on the checkout screen entering card details To operate the secure payment widget — required for PCI compliance
Mux video player When you watch a video on a post To play the video and to report basic playback telemetry to Mux
Google Maps (Android only) When you view a map within the app To render map tiles and (with your permission) show your position
OpenStreetMap (iOS / web) When you view a map To render map tiles

We require these providers by contract to handle personal data in line with their published privacy policies and applicable law.


4. Your controls


5. Changes

We may update this notice from time to time. The change procedure in clause 15 of the Terms applies.


Version history

Version Date Notes
1.0 2026-06-11 Initial public version.