Privacy Policy & GDPR Notice

Data Controller under the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the EU General Data Protection Regulation ("GDPR"): Elanext Email: support@elanext.com Web: https://elanext.com For all questions, requests, and complaints regarding your personal data, please use the contact information above.

The following data is processed during Platform use: ▸ IDENTITY & CONTACT: Name, email address (for account creation and communication) ▸ ACCOUNT DATA: Username, encrypted password, subscription status, token balance ▸ PAYMENT DATA: Payment confirmation references. Card or bank details are not stored in Elanext systems; processed by our payment provider's secure infrastructure. ▸ USAGE DATA: Session durations, features used, error logs, IP address ▸ UPLOADED FILES (Pro Tier Only): Excel/CSV files uploaded for processing. These files are permanently deleted within 24 hours. ▸ BROWSER & DEVICE INFO: Browser type, operating system, language preference (for service optimization) FREE TOOL NOTE: In the free browser-based cleaning tool, no files are transmitted to our servers. All processing occurs on the user's device.

Your data is processed within the legal bases under KVKK Article 5 and GDPR Article 6: ▸ CONTRACT PERFORMANCE (KVKK Art.5/2-c / GDPR Art.6(1)(b)): Account management, service delivery, subscription processing, technical support ▸ LEGAL OBLIGATION (KVKK Art.5/2-ç / GDPR Art.6(1)(c)): Tax legislation, e-commerce law, anti-money laundering obligations ▸ LEGITIMATE INTEREST (KVKK Art.5/2-f / GDPR Art.6(1)(f)): Platform security, fraud prevention, service quality improvement, technical troubleshooting ▸ EXPLICIT CONSENT (KVKK Art.5/1 / GDPR Art.6(1)(a)): Marketing emails and optional analytics (only if you provide consent) Your data is not used for purposes other than those specified and is not sold to third parties for commercial purposes.

Our service infrastructure covers servers in the United States and European Union. Transfers to the US are made under Standard Contractual Clauses (SCCs), Data Processing Agreements, and/or safeguards under GDPR Articles 45-46. For KVKK purposes: International transfers are made with necessary measures under KVKK Article 9. Countries receiving transfers may not have an adequate level of protection; in such cases, safeguards determined by the Board are applied.

Your personal data is retained only as long as necessary: ▸ Account information (email, subscription, tokens): While account is active + permanently deleted 7 days after account closure request ▸ Cleaning job metadata (date, sector, record count — not file content): While account is active + 7 days after account closure ▸ Uploaded raw files (Pro tier only): 24 hours after processing — file content is not stored long-term ▸ Payment records: 10 years as required by Turkish tax legislation ▸ Security log records: 90 days ▸ Marketing preferences: Until consent is withdrawn At the end of retention periods, your data is securely and irreversibly deleted.

Under Article 11 of KVKK No. 6698, you have the following rights: ✓ Right to learn whether your personal data is being processed ✓ Right to request information if your personal data has been processed ✓ Right to learn the purpose of processing and whether it is used in accordance with its purpose ✓ Right to know third parties to whom your data is transferred domestically or abroad ✓ Right to request correction if your data is incomplete or inaccurately processed ✓ Right to request deletion or destruction within the conditions set out in KVKK Article 7 ✓ Right to object to results arising from automated processing ✓ Right to request compensation if you suffer damage due to unlawful processing You may submit your application to support@elanext.com. Your request will be answered within 30 days. Your right to file a complaint with the Personal Data Protection Authority (kvkk.gov.tr) is reserved.

Users residing in the European Union or European Economic Area have the following additional rights: ✓ RIGHT OF ACCESS (Art. 15): You may request a copy of your processed personal data. ✓ RIGHT TO RECTIFICATION (Art. 16): You may request correction of inaccurate data. ✓ RIGHT TO ERASURE — "RIGHT TO BE FORGOTTEN" (Art. 17): Under certain conditions, you may request deletion of your data. ✓ RIGHT TO RESTRICTION OF PROCESSING (Art. 18): Under certain conditions, you may restrict data processing. ✓ RIGHT TO DATA PORTABILITY (Art. 20): You may request your data in a structured, machine-readable format. ✓ RIGHT TO OBJECT (Art. 21): You may object to processing based on legitimate interest. ✓ RIGHT TO OBJECT TO AUTOMATED DECISION-MAKING (Art. 22): You may object to decisions based solely on automated processing. Your right to lodge a complaint with the Data Protection Authority of the relevant EU member state is also reserved.

The Platform uses the following cookie categories: ▸ ESSENTIAL COOKIES (No consent required): Session management, authentication, security. The service cannot function without these. ▸ PERFORMANCE / ANALYTICS COOKIES (Consent required): Measurement of visitor numbers and behavior via Google Analytics. You can disable these in your browser settings. ▸ PREFERENCE COOKIES: Used to remember your language and theme selections. You can manage cookies through your browser settings. Disabling essential cookies may cause the service to malfunction.

Technical and administrative measures are taken to ensure the security of your personal data: ▸ TLS 1.3 encryption for data in transit ▸ Bcrypt algorithm for encrypted password storage ▸ Role-based access control (RBAC) ▸ Regular security audits ▸ Limited staff access (need-to-know principle) ▸ Supabase Row Level Security (RLS) policies However, no method of internet transmission or electronic storage can provide absolute security. In the event of a detected security breach, notification will be made to competent authorities within 72 hours under KVKK Article 12/5 and GDPR Article 33.

The Platform is not directed at persons under 18 and does not knowingly collect data from such persons. Accounts of users we believe to be under 18 may be closed without notice. Parents who believe their child's information is in our system should contact support@elanext.com.

This Privacy Policy may be revised due to legislative changes, new features, or service updates. Material changes will be notified to your registered email address at least 15 days before the effective date or announced on the Platform. We recommend reviewing policy changes regularly. Continued use of the Platform after a change constitutes acceptance of the updated policy.

For all questions and applications regarding the Privacy Policy or your personal data: Email: support@elanext.com Response time: 30 business days For KVKK applications, written application with information verifying your identity is required. Personal Data Protection Authority: kvkk.gov.tr EU Users: You may apply to your country's data protection authority. Last Updated: June 15, 2026 Effective Date: June 15, 2026