Privacy Policy

This privacy policy sets out the principles governing the processing of personal data collected through the Düzenal platform operated by yasinburak.com ("Company"), in accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the EU General Data Protection Regulation ("GDPR"). Data Controller: yasinburak.com Email: [email protected] Address: Ankara, Turkey

The following personal data may be collected through our platform: • Identity information: First name, last name • Contact information: Email address, phone number • Account information: Username, password (hashed), preferred language • Transaction data: Subscription plan, payment history, billing information • Usage data: Session duration, click data, chatbot conversation logs • Technical data: IP address, browser type, device information, cookie data • Business information: Company name, industry, employee count (during onboarding)

Your personal data is processed for the following purposes: • Providing and improving platform services • Account creation, authentication, and security • Processing subscription and payment transactions • Personalizing AI chatbot services • Customer support and communication • Fulfilling legal obligations • Statistical analysis and platform development • Marketing communications (with your explicit consent)

Your personal data is processed under the following legal bases in accordance with KVKK Articles 5–6 and GDPR Article 6: • Performance of a contract (subscription agreement) • Legal obligation (tax regulations, e-commerce regulations) • Legitimate interest (platform security, service improvement) • Explicit consent (marketing communications, cookies)

Your personal data is retained for as long as the processing purpose requires: • Account data: Until account deletion + 1 year • Payment/billing data: 10 years (tax regulations) • Chatbot conversation logs: 2 years • Cookie data: Maximum 13 months • Marketing data: Until consent is withdrawn • Log data: 6 months

Our platform uses the following cookies: • Essential cookies: Session management, security (cookie_consent, session) • Functional cookies: Language preference, theme setting • Analytics cookies: Usage statistics (anonymized) You can manage your cookie preferences through your browser settings or the cookie banner displayed on our site. Disabling essential cookies may affect service quality.

Your personal data may be shared with third parties in the following cases: • Stripe: Secure payment processing (PCI DSS compliant) • Hosting providers: Service infrastructure (Turkey or EU servers) • AI model providers: Anonymized data processing for chatbot responses • Legal authorities: When required by law Your data is never sold or rented to third parties for advertising purposes under any circumstances.

The following technical and administrative measures are in place to protect your personal data: • SSL/TLS 256-bit encryption (A+ certificate) • Password hashing with bcrypt • Rate limiting and DDoS protection • Regular security audits • Access control and authorization • Security headers (HSTS, CSP, X-Frame-Options) • Regular backups and disaster recovery plan

Under KVKK Article 11 and GDPR Articles 15–22, you have the following rights: • Right to know whether your personal data is being processed • Right to request information if your data has been processed • Right to know the purpose of processing and whether it is used accordingly • Right to know third parties to whom your data has been transferred • Right to request correction of incomplete or inaccurate data • Right to request deletion or destruction under KVKK Article 7 / GDPR Article 17 • Right to request notification of correction/deletion to third parties • Right to object to automated decision-making that produces adverse effects • Right to claim compensation for damages caused by unlawful processing • Right to data portability (GDPR Article 20) You can submit your requests to [email protected] or through our /dsr page.

Due to our service infrastructure, your personal data may be transferred to countries with adequate protection or with appropriate safeguards under KVKK Article 9 and GDPR Chapter V. These transfers are carried out only when necessary for service delivery and with all required security measures in place.

This privacy policy was last updated on May 28, 2026. Significant changes to the policy will be communicated to your registered email address. You can always view the current version on this page.