Gizlilik Politikası

Last updated: Ocak 16, 2026

Kişisel Veri Koruma Haklarınızı Gerçekleştirin

Bizim Veri İstek Portalından kişisel verilerinize erişim, değiştirme veya silme isteği gönderin.

İstek Gönder

1. Introduction

At Harmonist ("we," "our," or "us"), we are committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Data Controller

Harmonist acts as the data controller for personal data collected through our services. You can contact our Data Protection Officer at privacy@harmonytics.com.

3. Personal Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: name, username, title
  • Contact Data: email address, phone number, postal address
  • Technical Data: IP address, browser type, device information, cookies
  • Usage Data: service usage patterns, preferences, settings
  • Content Data: documents, messages, and other content you upload
  • Transaction Data: payment details, subscription information

4. AI and Machine Learning

Our AI systems process data under these safeguards:

  • Training data is anonymized and aggregated
  • User content is processed only for service delivery
  • No human review of individual user content unless required for support
  • Opt-out available for model training via account settings
  • Regular audits of AI decision-making processes

5. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Performance of our contract with you
  • Your consent
  • Our legitimate interests
  • Compliance with legal obligations
Data Type Processing Purpose Legal Basis
Identity Data Account Management Contractual Necessity

5. How We Use Your Data

We use your personal data to:

  • Provide and maintain our services
  • Process your transactions
  • Send service notifications and updates
  • Provide customer support
  • Improve and personalize our services
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

6. Data Retention

We retain your personal data for:

  • Active user accounts: Until account deletion request
  • Inactive accounts: 365 days after last activity
  • Transaction records: 7 years for tax compliance
  • Chat logs and usage data: 90 days
  • Backups containing personal data: 30 days
  • Or as required by applicable laws and regulations

7. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption of data at rest and in transit
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures
  • 72-hour breach notification protocol
  • Bi-annual penetration testing and vulnerability scans
  • Role-based access control with JIT provisioning
  • Change management procedures with 4-eye approval
  • Incident response plan tested quarterly
  • Third-party vendor risk assessments

We will notify you and relevant authorities of any data breach affecting your personal data within 72 hours of discovery.

8. Your Data Protection Rights

Under GDPR and KVKK, you have the right to:

  • Access your personal data in machine-readable format
  • Rectify inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Restrict or object to processing under certain conditions
  • Data portability to another service provider
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with a supervisory authority
  • Opt-out of automated decision-making including profiling
  • Submit requests through our DSAR Portal
  • Receive response within 30 days (15 days for KVKK requests)
  • Appeal decisions through our DPO

9. International Data Transfers

We may transfer your data to countries outside the EEA/UK. When we do, we ensure appropriate safeguards are in place through:

  • EU Standard Contractual Clauses with third-party processors (e.g., AWS, Stripe, Datastax, Hostinger)
  • Adequacy decisions for countries with equivalent protection
  • Binding Corporate Rules for intra-organization transfers
  • Explicit consent for specific processing activities

KVKK-specific: Transfers to Turkey follow Law No. 6698 Article 9 requirements.

10. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session
  • Remember your preferences
  • Analyze service usage
  • Enhance security

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes through our service or via email.

12. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at:

  • Data Protection Officer: privacy@harmonytics.com
  • Address: Ahtri 12, 10151, Tallinn, Estonia
  • KVKK Contact: kvkk@harmonytics.com (Turkish-specific requests)
  • Online Portal: Data Subject Access Request Form

9. Data Processors and Subcontractors

We engage with these categories of processors:

  • Cloud infrastructure providers
  • Payment processors
  • Customer support platforms
  • Analytics and monitoring services
  • AI model providers

All processors are bound by data processing agreements meeting GDPR requirements.

13. Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect data from children without parental consent. Parents/guardians may contact us to review or delete children's data.