This Privacy Policy explains how Parantaj ("Platform", "We") collects, processes, stores, and protects your personal data.
This policy has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (KVKK) and the European Union General Data Protection Regulation (GDPR).
1. Data Controller
The data controller for your personal data is:
2. Personal Data Collected
2.1. Identity and Contact Information
- Name, surname
- Email address
- Phone number
- Company/business name (optional)
2.2. Account and Security Information
- Username and password (hashed)
- Login history
- IP address
- Device and browser information
2.3. Financial Data
- Income and expense records
- Financial account information (account names, balances)
- Category and tag information
- Reports and analyses
2.4. Payment Information
- Billing address
- Payment history
- Card information (processed only by our payment provider, not stored by us)
2.5. Usage Data
- Platform usage statistics
- Feature usage data
- Error reports
3. Purposes of Data Processing
Your personal data is processed for the following purposes:
- Service Provision: Providing and improving Platform features
- Account Management: Creating and managing your user account
- Communication: Service notifications, security alerts, and support requests
- Payment Processing: Processing subscription payments
- Security: Ensuring account security and preventing fraud
- Legal Obligations: Fulfilling tax and accounting obligations
- Analysis: Improving service quality (with anonymized data)
4. Legal Basis for Data Processing
Under GDPR Article 6 and KVKK Article 5, your data is processed based on the following legal grounds:
- Contract Performance: Necessary processing for fulfilling the service contract
- Legitimate Interest: Protecting Platform security and service quality
- Legal Obligation: Compliance with legal regulations
- Consent: Marketing communications (only with your consent)
5. Data Retention Period
- Account Data: While your account is active and 30 days after account closure
- Financial Records: For the legal retention period (5 years per tax regulations)
- Payment Records: 10 years (per commercial law)
- Log Records: 2 years
- Marketing Consents: Until consent is withdrawn
6. Data Sharing
6.1. Service Providers
Your data may be shared with the following service providers:
- Cloud Infrastructure: Data storage and processing (AWS/Google Cloud - EU data centers)
- Payment Processor: Secure payment processing (Stripe/iyzico)
- Email Service: Sending transactional emails
- Analytics: Anonymized usage analysis
6.2. Legal Disclosures
Your data may be shared with authorized public authorities when legally required:
- Upon court order or legal request
- Public safety or national security requirements
- Protection of legal rights
6.3. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA). In such cases:
- Standard Contractual Clauses (SCC) are applied
- Safeguards compliant with KVKK Article 9 are provided
- GDPR-compliant data protection measures are taken
7. Cookies and Tracking Technologies
7.1. Cookies We Use
- Essential Cookies: Necessary for Platform operation (session, security)
- Functional Cookies: To remember your preferences (language, theme)
- Analytics Cookies: Usage statistics (anonymized)
7.2. Cookie Preferences
You can control cookies other than essential cookies through your browser settings. Disabling cookies may cause some features to not work.
8. Data Security
We implement the following measures to protect your data:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest
- Access Control: Role-based access authorization
- Security Testing: Regular security audits and penetration tests
- Backup: Regular data backup and disaster recovery plans
- Monitoring: 24/7 security monitoring and anomaly detection
9. Your Rights
Under GDPR and KVKK Article 11, you have the following rights:
9.1. Right to Information
You have the right to know whether your personal data is being processed and to request information about it.
9.2. Right of Access
You have the right to access your processed personal data and request a copy of it.
9.3. Right to Rectification
You have the right to request correction of incomplete or inaccurate personal data.
9.4. Right to Erasure (Right to be Forgotten)
Under GDPR Article 17 and KVKK Article 7, you have the right to request deletion of your personal data under certain conditions.
9.5. Right to Restriction of Processing
You have the right to request restriction of processing of your personal data under certain conditions.
9.6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
9.7. Right to Object
You have the right to object to data processing based on legitimate interest.
9.8. Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal effects.
10. Exercising Your Rights
To exercise your rights above:
Your request will be responded to within 30 days. For complex requests, this period may be extended to 60 days.
11. Right to Complain
You can submit complaints about our data processing activities to the following authorities:
- Turkey: Personal Data Protection Authority (KVKK) - kvkk.gov.tr
- EU Citizens: Data Protection Authority in your country
- EU Online Dispute Resolution: https://ec.europa.eu/odr
12. Children's Privacy
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from individuals under 18. If such a situation is detected, the relevant data will be immediately deleted.
13. Policy Changes
We may update this Privacy Policy from time to time. Significant changes will be:
- Notified by email
- Announced on the Platform
- Effective date specified
14. Contact
For privacy-related questions:
