Privacy Policy
⚠️ Important Disclaimer: denetci.ai is not an audit firm and holds no independent audit authority under Turkish or international law (SPK, KGK, IFAC). This platform is solely an AI technology tool developed to facilitate the workflows of licensed auditors and audit firms. denetci.ai does not provide audit services to any individual or legal entity, and currently operates no such activity.
1. Data Controller
This privacy policy explains how denetci.ai collects, processes, and protects personal data.
Platform Status: denetci.ai is an AI-powered audit assistance platform currently in its development stage. A formal legal entity has not yet been established. This policy applies to all platform operations.
Contact: info@denetci.ai
2. Personal Data Collected
| Category | Data Types |
|---|---|
| Identity Data | Full name, username, email address, phone number |
| Account Data | Password (scrypt hash), role, company information |
| Technical Data | IP address, browser info, session data, last login date |
| Business Data | Audit engagements, uploaded documents, findings, AI query history |
3. Processing Purposes
- Providing and managing platform services
- User account creation and authentication
- Managing and tracking audit workflows
- Providing AI-powered analysis and recommendations
- Platform security and misuse prevention
- Fulfilling legal obligations
4. Legal Basis
- Contract performance: Providing platform services (KVKK Art.5/2(c), GDPR Art.6(1)(b))
- Legal obligation: Required record-keeping (KVKK Art.5/2(d), GDPR Art.6(1)(c))
- Establishment of rights: KVKK Art.5/2(e)
- Legitimate interest: Platform security (KVKK Art.5/2(f), GDPR Art.6(1)(f))
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While active + 5 years after closure |
| Audit data | 10 years (per applicable regulations) |
| Access logs | 2 years |
| Cookie data | Session duration (1 hour) |
6. Data Transfers and Sub-Processors
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA |
| Anthropic (Claude API) | AI analysis | USA |
| HuggingFace | Text embeddings | USA |
| Qdrant | Vector database | EU |
International transfers: Cross-border data transfers are conducted to countries with adequate protection or based on your explicit consent (KVKK Art.9, GDPR Chapter V).
7. Security Measures
- Passwords hashed with scrypt algorithm
- All communications encrypted via HTTPS/TLS
- PII fields (name, phone, email) protected with Fernet encryption
- Role-based access control (RBAC)
- All document accesses logged (audit trail)
- 2FA (TOTP) support available
8. Your Rights (KVKK Art.11 / GDPR Art.15-22)
- Right to know whether your personal data is processed
- Right to request information about processing
- Right to rectification of inaccurate data
- Right to erasure (KVKK Art.7 / GDPR Art.17)
- Right to object to automated decision-making
How to apply: Send a written request to info@denetci.ai. Responses within 30 days.
9. Policy Changes
This policy may be updated as needed. Significant changes will be communicated through the platform and published with a new version number.