Privacy Policy

This policy explains how Projenator ("we", "Service") collects, uses, and protects your personal data. By using the Service, you agree to this policy.

1. Data We Collect

Data you provide directly

• Account information: Name, email address, password (encrypted)
• Project content: Ideas, descriptions, tags, chat messages
• Team information: Team name, member emails, roles
• Payment information: Required for billing (processed via payment provider — we do not store card data)

Automatically collected data

• Usage data: Pages visited, features used
• Technical data: IP address, browser type, device information
• AI usage logs: Request count, token consumption (for billing and quota purposes)

Data from third parties

• Social login: When you sign in with Google or Facebook, we receive your name, email, and profile photo.

2. How We Use Data

• Provide the Service, manage your account, and offer support
• Run the AI model (Google Gemini) on your behalf
• Process payments and generate invoices
• Security, fraud detection, and abuse prevention
• Anonymous analytics to improve the Service
• Meet legal obligations

3. AI and Third-Party Services

Projenator uses the Google Gemini API for AI operations. Your chat messages and project data are sent to Google's API servers to generate AI responses. Google processes this data under its own AI privacy policy. Details: ai.google.dev/terms

Payment processing uses iyzico; your card data is sent directly to iyzico's PCI-DSS compliant infrastructure — we do not store card data.

4. Data Sharing

We do not sell, rent, or share your personal data for advertising purposes. Data is shared with third parties only in these cases:

• Our service providers (Gemini, iyzico, email service) — only to operate the Service
• Legal requirements (court order, official request)
• Team members — people you add to your team can see your projects within the Service

5. Data Security

• All data is transmitted encrypted over HTTPS
• Passwords are stored hashed with bcrypt — no plaintext passwords
• Database backups are stored encrypted
• Two-factor authentication (2FA) is available

6. Data Retention

• Your account data is retained as long as your account is active
• When you delete your account, content is immediately permanently deleted
• Invoice records are kept anonymously for 5 years as required by Turkish tax law
• System logs are retained for 30 days for security purposes

7. Your Rights (KVKK / GDPR)

Under the Turkish Personal Data Protection Law (KVKK) and applicable regulations, you have the right to:

• Learn whether your data is being processed
• Access your data and obtain a copy
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing

To exercise your rights: privacy@projenator.com · Data deletion page

8. Cookies

We use essential cookies (session, CSRF protection) to operate the Service. We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not designed for children under 16. We do not knowingly collect data from children under 16.

10. Policy Changes

This policy may be updated. Significant changes will be communicated via email.

11. Contact

For privacy questions: privacy@projenator.com