Privacy Policy
1. Data Controller
This privacy policy explains how denetci.ai platform collects, processes, and protects personal data.
MVP Notice: denetci.ai is an AI-powered audit platform currently in its development stage. A formal legal entity has not yet been established. This policy applies to all platform operations.
Contact: info@denetci.ai
2. Personal Data Collected
| Category | Data Types |
|---|---|
| Identity Data | Full name, username, email address, phone number |
| Account Data | Password (stored as hash), role, company information |
| Technical Data | IP address, browser information (user agent), session data, last login date |
| Business Data | Audit engagements, uploaded documents, audit findings, AI query history |
3. Processing Purposes
- Providing and managing platform services
- Creating user accounts and authentication
- Managing and tracking audit processes
- Providing AI-powered analysis and recommendations
- Ensuring platform security and preventing misuse
- Fulfilling legal obligations
- Improving service quality
4. Legal Basis
Your personal data is processed under the Turkish Personal Data Protection Law (KVKK No. 6698) and in alignment with GDPR principles, based on the following legal grounds:
- Contract performance: Necessary for providing platform services (KVKK Art.5/2(c), GDPR Art.6(1)(b))
- Legal obligation: Required record-keeping under applicable laws (KVKK Art.5/2(d), GDPR Art.6(1)(c))
- Establishment of rights: Necessary for establishing, exercising, or defending legal claims (KVKK Art.5/2(e))
- Legitimate interest: Platform security and service improvement (KVKK Art.5/2(f), GDPR Art.6(1)(f))
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While account is active + 5 years after closure |
| Audit data | 10 years (per applicable regulations) |
| Access logs | 2 years |
| Cookie data | Session cookie: during session (1 hour) |
6. Data Transfers and Sub-Processors
Your personal data may be transferred to the following sub-processors for service delivery:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA |
| AI Analysis Service | AI analysis | USA |
| Embedding Service | Text embeddings | USA |
| Vector Database Service | Vector database (document search) | EU |
International transfers: Cross-border data transfers are conducted to countries with adequate protection or based on your explicit consent, in accordance with KVKK Art.9 and GDPR Chapter V.
7. Security Measures
- Passwords are hashed using the scrypt algorithm
- All communications are encrypted via HTTPS/TLS
- Session cookies are configured as HttpOnly, Secure, and SameSite=Lax
- Role-based access control (RBAC) is implemented
- All document accesses are logged (audit trail)
- API keys are protected with industry-standard encryption
8. Your Rights
Under KVKK Art.11 and GDPR Art.15-22, you have the following rights:
- Right to know whether your personal data is being processed
- Right to request information about the processing
- Right to know the purpose of processing and whether it is used accordingly
- Right to know third parties to whom data is transferred
- Right to request rectification of incomplete or inaccurate data
- Right to request erasure or destruction under KVKK Art.7
- Right to request notification of corrections/deletions to third parties
- Right to object to automated decision-making that produces adverse effects
How to apply: To exercise your rights, send a written request to info@denetci.ai. Your request will be answered within 30 days.
9. Policy Changes
This privacy policy may be updated as needed. Significant changes will be communicated through the platform and published with a new version number. The current version is always accessible on this page.