This policy explains how Projenator ("we", "Service") collects, uses, and protects your personal data. By using the Service, you agree to this policy.
1. Data We Collect
Data you provide directly
- Account information: Name, email address, password (encrypted)
- Project content: Ideas, descriptions, tags, chat messages, questionnaire answers, score data, plan phases and tasks
- Deliverable contact details: Presenter name, title, organization, email, phone, website, logo URL, and call-to-action text that you enter when generating presentations or infographics
- Team information: Team name, member emails, roles
- Payment information: Required for billing (processed via payment provider — we do not store card data)
Automatically collected data
- Usage data: Pages visited, features used
- Technical data: IP address, browser type, device information
- AI usage logs: Request count, token consumption (for billing and quota purposes)
Data from third parties
- Social login: When you sign in with Google or Facebook, we receive your name, email, and profile photo.
2. How We Use Data
- Provide the Service, manage your account, and offer support
- Run AI models (Google Gemini and Anthropic Claude) on your behalf
- Generate deliverables such as presentations and infographics, and expose them via shareable links
- Process payments and generate invoices
- Security, fraud detection, and abuse prevention
- Anonymous analytics to improve the Service
- Meet legal obligations
3. AI and Third-Party Services
Projenator uses the Google Gemini API and the Anthropic Claude API for AI operations. Your chat messages, questionnaire answers, project content, and score/plan data are sent to either Google or Anthropic's API servers — depending on the engine you select — to generate AI responses. You choose the engine per deliverable via the "AI Engine" toggle on the Attachments screen. Providers process this data under their own privacy policies.
- Google Gemini: ai.google.dev/terms
- Anthropic Claude: anthropic.com/privacy
Payments use iyzico and (for mobile subscriptions) Google Play Billing; card data is sent directly to the provider's PCI-DSS compliant infrastructure — we do not store card data.
On the web UI, downloading the Gantt chart as PNG/PDF pulls the html2canvas and jsPDF libraries from jsDelivr CDN into your browser. The export runs entirely client-side; content is not sent outside Projenator.
3.1 Public Share Links
Each presentation and infographic you generate is reachable through a publicly accessible URL (/d/{token}) containing a random share token. Anyone who knows the URL can view and download the deliverable. Securing the URL is your responsibility.
The contact details you enter in Deliverable Settings (presenter name, title, organization, email, phone, website) are embedded in the generated presentation and infographic and will be visible to anyone who opens the share link. This is by design so you can send pitches to investors, grant committees, or customers. Do not include information you do not intend to share. To revoke access, delete the corresponding deliverable.
4. Data Sharing
We do not sell, rent, or share your personal data for advertising purposes. Data is shared with third parties only in these cases:
- Our service providers (Google Gemini, Anthropic Claude, iyzico, Google Play Billing, email service, jsDelivr CDN) — only to operate the Service
- Anyone you send a share link (
/d/{token}) to — content you have chosen to disclose - Legal requirements (court order, official request)
- Team members — people you add to your team can see your projects within the Service
5. Data Security
- All data is transmitted encrypted over HTTPS
- Passwords are stored hashed with bcrypt — no plaintext passwords
- Database backups are stored encrypted
- Two-factor authentication (2FA) is available
6. Data Retention
- Your account data is retained as long as your account is active
- Generated presentations and infographics remain stored alongside their project until you delete them; deleting a project cascades to its deliverables
- When you delete your account, all projects, deliverables, and contact details are immediately permanently deleted
- Invoice records are kept anonymously for 5 years as required by Turkish tax law
- System logs are retained for 30 days for security purposes
7. Your Rights (KVKK / GDPR)
Under the Turkish Personal Data Protection Law (KVKK) and applicable regulations, you have the right to:
- Learn whether your data is being processed
- Access your data and obtain a copy
- Request correction of inaccurate data
- Request deletion of your data
- Object to processing
To exercise your rights: privacy@projenator.com · Data deletion page
8. Cookies
We use essential cookies (session, CSRF protection) to operate the Service. We do not use advertising or tracking cookies.
9. Children's Privacy
The Service is not designed for children under 16. We do not knowingly collect data from children under 16.
10. Policy Changes
This policy may be updated. Significant changes will be communicated via email.
11. Contact
For privacy questions: privacy@projenator.com