Privacy Policy
Last updated: 28 May 2026
Privacy Policy
This Privacy Policy explains how iTahmin.com ("iTahmin", "we", "us") collects, uses, shares and protects users' personal data. It is prepared in line with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law No. 6698 (KVKK).
1. Data Controller
- Data Controller: iTahmin.com
- Contact: destek@itahmin.com
- Web: https://itahmin.com
2. Data We Collect
2.1 Account Data
- Name or username, email address
- Password (stored using a one-way hash algorithm — never stored in plain text)
- Year of birth (for age verification, optional)
- Phone number (for SMS verification, optional)
2.2 Usage Data
- IP address, browser type, device information and language preference
- Page views, session length, interaction events (for analytics; may be anonymised)
- Error logs and performance metrics (for service stability)
2.3 Payment Data
Subscriptions are processed through Paddle.com Market Limited. Full payment details (card number, expiry, etc.) are collected directly by Paddle; iTahmin never sees, receives or stores card details. Only the following limited data is kept on our side:
- Subscription status, start/end dates and plan
- Billing country (for tax compliance)
- Anonymous transaction identifier issued by Paddle (subscription_id / transaction_id)
2.4 Communication Data
Support tickets, email correspondence and messages sent via the contact form.
3. Purposes and Legal Bases
| Purpose | Legal Basis (GDPR Art. 6 / KVKK Art. 5) |
|---|---|
| Account creation and session management | Performance of a contract |
| Subscription provisioning and billing | Performance of a contract |
| Service security and fraud prevention | Legitimate interest |
| Compliance with legal obligations (tax, KVKK, GDPR) | Legal obligation |
| Marketing communications (email, push) | Explicit consent |
| Analytics and service improvement | Legitimate interest |
4. Data Sharing
We do not sell your personal data. Data is shared only in the following limited cases:
- Paddle.com Market Limited — as Merchant of Record and payment processor for subscription collection, invoicing and tax processing. Paddle's privacy policy: https://www.paddle.com/legal/privacy
- Infrastructure providers — hosting, email delivery, error monitoring and backup. They act as contractual data processors with limited access.
- Public authorities — only where required by law, court order or legitimate request from competent authorities, limited to the requested scope.
5. Cookies
The Platform uses the following types of cookies:
- Strictly necessary: login, security, CSRF protection. No consent required.
- Preference: language and theme, table view preferences.
- Analytics: page usage, collected anonymously (not per-user).
You may change your cookie preferences via your browser settings at any time.
6. Retention Periods
- Active account data: until the account is deleted
- After account deletion: data is kept until applicable statutory retention periods (tax law: 10 years; KVKK-related litigation) expire, then deleted or anonymised.
- Anonymous analytics data: up to 26 months.
- Server error logs: 90 days.
7. Your Rights
Under GDPR Articles 15–22 and KVKK Article 11 you have the right to:
- Access your data
- Request correction
- Request deletion (subject to retention obligations — see section 6)
- Object to processing
- Data portability (in a machine-readable format)
- Information about automated decision-making and the right to human intervention
- Withdraw any consent you previously gave
To exercise these rights: destek@itahmin.com. We respond to requests within 30 days at the latest.
8. Security
- All traffic is encrypted with HTTPS/TLS
- Passwords are stored using a one-way hash algorithm (bcrypt)
- Access control, audit logs and regular security reviews are in place
- In the event of a data breach, supervisory authorities are notified within 72 hours and affected users are informed directly
9. Children's Data
The Platform is not directed to persons under the age of 18. If we become aware that a child's data has been collected, please contact us — we will delete the data.
10. International Data Transfers
Paddle is based in the EU but operates a global payment flow. Some of our infrastructure providers may host servers outside the EU/EEA. In such cases, additional safeguards are applied through Standard Contractual Clauses (SCCs) or an adequacy decision.
11. Changes to This Policy
This Policy may be updated. Material changes will be notified by email or via the Platform; the effective date is always shown at the top of the page.
12. Contact
For all data protection matters:
- Email: destek@itahmin.com
- Web: https://itahmin.com/contact