Arsigo

Privacy Policy

Arsigo processes your personal data in line with KVKK and GDPR. Below we explain what we collect, how we use it, and what rights you have.

Last updated: April 2026

1. Data controller

Personal data covered by this policy is processed by Arsigo as data controller. For details: kvkk@arsigo.com

2. What we collect

What you provide: name, email, phone, company information, billing details.

Automatically collected: IP address, browser type, pages visited, session cookies.

Payment data: your card details are never stored on our servers. Payments are processed through PCI-DSS certified providers — Iyzico, Moka, PayTR, Stripe, PayPal.

3. Processing purposes

  • Providing the service and managing accounts
  • Billing and payment
  • Customer support
  • Service improvement and security
  • Meeting legal obligations
  • Marketing communication, with your explicit consent

4. Lawful basis (KVKK Art. 5)

Performance of a contract, legal obligation, legitimate interest, and (for marketing) explicit consent.

5. Sub-processors

To provide the service, we have signed data processing agreements (DPAs) with:

  • Supabase — database, auth, storage (EU / Frankfurt)
  • Vercel — application hosting (EU / Global Edge)
  • Cloudflare — DNS, CDN, DDoS protection
  • Anthropic (Claude) — AI message processing (data is anonymized)
  • Iyzico, Moka, PayTR, Stripe, PayPal — payment processing
  • Brevo — transactional email

6. International transfers (KVKK Art. 9)

Secured by EU Standard Contractual Clauses (SCCs). Data sent to Anthropic is anonymized; identifying information is not used for AI model training.

7. Data retention periods

  • Account information: active membership + 30 days
  • Conversation logs: 90 days (Free/Starter), 365 days (Pro/Business)
  • Invoice records: 10 years (Turkish Tax Procedure Law Art. 253)
  • IP logs: 1 year (Turkish Law no. 5651)
  • Support conversations: 2 years

8. Data security

TLS 1.3 (in transit), AES-256 (at rest), bcrypt (passwords), Row-Level Security (data isolation). Daily backups, 7-day point-in-time recovery.

9. Automated decision-making (KVKK Art. 11/g)

Arsigo does not run automated decision-making processes that significantly affect you.

10. Your rights (KVKK Art. 11)

As a data subject, you have the right to:

  • Learn whether your data is being processed
  • Right of access
  • Right to correction
  • Right to erasure ("right to be forgotten")
  • Right to be notified of transfers
  • Right to object
  • Right to claim damages

11. How to apply

Email kvkk@arsigo.com. Your request is answered free of charge within 30 days at the latest.

12. Complaints authority

If your request is not answered, you may file a complaint with the Personal Data Protection Authority of Türkiye: kvkk.gov.tr

13. Children's data

Our services are not intended for children under 18.

14. Cookies

Our website uses cookies for session management, preference storage, and anonymous analytics. Details: Cookie Policy

15. Policy changes

Material changes are notified at least 30 days in advance by email.

16. Contact

Privacy: kvkk@arsigo.com
General support: destek@arsigo.com
Security vulnerability: security@arsigo.com