GDPR / KVKK
Your data rights under European and Turkish law.
“MisanpAIge complies with both GDPR (EU) and KVKK (Turkey). Your document content is never stored. Account data is held in the EU. Exercise your rights any time by emailing info@misanpaige.com.”
Overview
This statement describes how MisanpAIge meets its obligations under:
- Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR), applicable to users in the EU and EEA.
- Law No. 6698 — the Personal Data Protection Law (KVKK), applicable to users in Turkey.
This statement supplements our Privacy Policy. Where they conflict, this statement takes precedence for GDPR and KVKK purposes.
Data Controller
For GDPR and KVKK purposes, the data controller is:
MisanpAIge · Ordu, Turkey · info@misanpaige.com
MisanpAIge processes EU personal data under Article 3(2) GDPR (extra-territorial scope) on the basis that it offers services to individuals in the EU.
Legal Bases — GDPR
We process personal data only where we have a valid legal basis under Article 6 GDPR:
- Contract (Art. 6(1)(b)): Processing your email and account data to provide the service.
- Legitimate interests (Art. 6(1)(f)): Anonymised analytics and fraud prevention.
- Legal obligation (Art. 6(1)(c)): Retaining billing records as required by tax law.
- Consent (Art. 6(1)(a)): Non-essential analytics cookies, where obtained via cookie notice.
We do not process special categories of personal data (Art. 9) and make no solely automated decisions with legal effects (Art. 22).
Legal Bases — KVKK
Under KVKK Article 5:
- Performance of contract (Art. 5(2)(c)): Processing account data to provide the platform.
- Legitimate interest (Art. 5(2)(f)): Analytics and security monitoring.
- Legal obligation (Art. 5(2)(ç)): Retention of billing records under Turkish commercial and tax law.
- Explicit consent (Art. 5(1)): Non-essential cookies and optional marketing communications.
We have registered with VERBİS as required for controllers above the threshold set by the KVKK Board.
International Data Transfers
Personal data may be transferred to countries outside the EU/EEA and Turkey:
- Supabase (EU-central-1, Frankfurt): Data remains in the EU — no transfer.
- Anthropic (USA): API calls are made directly from your browser under your own account.
- Google Analytics (USA): Google LLC participates in the EU–US Data Privacy Framework.
- Stripe (USA): Standard Contractual Clauses (SCCs) under Commission Decision 2021/914.
For KVKK: transfers to non-adequate countries are made under explicit consent or written data transfer undertakings.
Your Rights — EU / EEA
Under Chapter III GDPR:
- Access (Art. 15): Obtain a copy of your personal data.
- Rectification (Art. 16): Have inaccurate data corrected.
- Erasure (Art. 17): Have data deleted where grounds apply.
- Restriction (Art. 18): Limit processing in certain circumstances.
- Portability (Art. 20): Receive data in a machine-readable format.
- Object (Art. 21): Object to processing based on legitimate interests.
- Withdraw consent (Art. 7(3)): At any time, without affecting prior processing.
Email info@misanpaige.com. We respond within one month.
Your Rights — Turkey (KVKK)
Under KVKK Article 11:
- Learn whether your personal data is being processed.
- Request information about processing purposes.
- Know third parties to whom data is transferred.
- Request rectification of incomplete or inaccurate data.
- Request erasure or destruction where grounds under Art. 7 apply.
- Object to automated processing that works against you.
- Claim compensation for damages arising from unlawful processing.
Email info@misanpaige.com with subject "KVKK Başvurusu". Response within 30 days.
Data Retention
- Account data: Until account deletion, then purged within 30 days.
- Billing records: 10 years (Turkish tax law / VUK and applicable EU law).
- Analytics data: 14 months (GA4 maximum configured).
- Security logs: 90 days.
Document content you process is never stored on our servers.
Supervisory Authorities
If you believe your rights have been violated:
- EU/EEA: Lodge a complaint with your local supervisory authority — edpb.europa.eu
- Turkey: Contact Kişisel Verileri Koruma Kurumu at kvkk.gov.tr
We ask that you contact us first — we will make every effort to resolve your concern.
Contact
For all GDPR and KVKK enquiries:
- Email: info@misanpaige.com
- Subject: "GDPR Request" or "KVKK Başvurusu"
- Response: Within 30 days