Legal
Privacy Policy
Last updated April 29, 2026
1. Introduction
This Privacy Policy explains how Kodizm ("we," "us," or "our") collects, uses, discloses, and protects your personal data when you use our website (kodizm.com), services, and applications (collectively, the "Services").
We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK), and other applicable data protection laws.
By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
Kodizm
Operated by Anilcan Cakir, Izmir, Turkey
Contact: [email protected]
For data protection inquiries, please contact us at the email address above.
3. Personal Data We Collect
We collect personal data in the following ways:
3.1 Information You Provide Directly
| Category | Data Types | Purpose |
|---|---|---|
| Account Registration | Name, email address, password (encrypted) | To create and manage your user account |
| Profile Information | Avatar image, display name, locale, timezone | To personalize your experience |
| Team Membership | Team name, member roles, invitations | To enable shared workspaces across all Kodizm tools |
| Newsletter / Waitlist | Email address | To send product updates when a tool opens up |
| Contact Form | Name, email address, message content | To respond to your inquiries |
| Beta Applications | Motivation statement, application details | To evaluate beta program eligibility |
3.2 Information Collected Automatically
| Category | Data Types | Purpose |
|---|---|---|
| Device Information | IP address, browser type, operating system, device identifiers | Security, fraud prevention, and service optimization |
| Usage Data | Pages visited, features used, timestamps, request volumes | Service improvement and per-project usage tracking |
| Session Data | Session tokens, authentication tokens, two-factor confirmation timestamps | Authentication and security |
| Error Reports | Stack traces, request context (anonymized when possible) | Debugging and reliability |
3.3 Information from Third Parties
| Source | Data Types | Purpose |
|---|---|---|
| Social login providers (planned) | Name, email, profile picture | Account authentication |
| Sign in with Kodizm | OAuth client identifier, redirect URI, granted scopes | Cross-tool identity for Kodizm |
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6 GDPR:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and management | Performance of contract | Art. 6(1)(b) |
| Service delivery and support | Performance of contract | Art. 6(1)(b) |
| OAuth / sign-in | Performance of contract | Art. 6(1)(b) |
| Newsletter and product updates | Your consent | Art. 6(1)(a) |
| Beta program applications | Your consent | Art. 6(1)(a) |
| Contact form responses | Legitimate interest | Art. 6(1)(f) |
| Error tracking and reliability | Legitimate interest | Art. 6(1)(f) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
5. How We Use Your Data
We use your personal data for the following purposes:
- Service Provision: To operate, maintain, and improve our Services
- Account Management: To create, authenticate, and manage your account
- Cross-tool identity: To let you use every Kodizm tool with one account
- Communication: To respond to inquiries and send service-related notifications
- Updates: To send newsletters and product updates (with your consent)
- Beta Programs: To evaluate applications and manage early access programs
- Reliability: To track errors and improve service stability
- Security: To detect, prevent, and address fraud and security issues
- Legal Compliance: To comply with applicable laws and regulations
6. Data Sharing and Recipients
We may share your personal data with the following categories of recipients:
6.1 Service Providers
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Hosting infrastructure | Application and database hosting | EU | Standard Contractual Clauses where applicable |
| Sentry | Error tracking and performance monitoring | EU / US | EU-US Data Privacy Framework, SCCs |
| Email delivery | Transactional and marketing email | EU / US | EU-US Data Privacy Framework, SCCs |
| Kodizm tools | Cross-app identity and team membership | Same region as the hub | Internal data processing agreements |
6.2 Other Disclosures
We may also disclose your data:
- To comply with legal obligations or valid legal requests
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets (with notice to you)
- With your explicit consent
We do not sell your personal data to third parties.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), particularly the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework: For US-based providers certified under the framework
- Standard Contractual Clauses (SCCs): EU-approved contractual clauses
- Adequacy Decisions: Where the European Commission has determined adequate protection
8. Cookies and Tracking Technologies
8.1 Essential Cookies
We use essential cookies necessary for the operation of our Services. These do not require consent.
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication and security | Session |
| CSRF token | Security protection | Session |
| Locale preference | Remember your language choice | 1 year |
8.2 Analytics
Kodizm currently does not run third-party web analytics on public pages. If we add analytics in the future, we will update this policy and surface a consent banner where required.
9. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion |
| Session data | 30 days |
| OAuth access tokens | Until revocation or natural expiry |
| Contact form submissions | 90 days after resolution |
| Newsletter subscriptions | Until unsubscription |
| Beta applications | Duration of program + 12 months |
| Error reports | 90 days |
| Backup data | 30 days |
After the retention period, data is securely deleted or anonymized.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access (Art. 15) | Request a copy of your data | Email us or use account settings |
| Rectification (Art. 16) | Correct inaccurate data | Update in account settings |
| Erasure (Art. 17) | Request deletion of your data | Use "Delete Account" in settings |
| Restriction (Art. 18) | Limit how we use your data | Email us |
| Portability (Art. 20) | Receive your data in a portable format | Email us |
| Objection (Art. 21) | Object to certain processing | Email us |
| Withdraw Consent (Art. 7(3)) | Withdraw previously given consent | Email us or use unsubscribe links |
10.1 Account Deletion
You can delete your account at any time through your account settings. Upon deletion:
- Your personal data will be anonymized or deleted
- Connected social accounts will be unlinked
- All OAuth tokens will be revoked
- Your sessions will be terminated
- Anonymized data may be retained for legal or statistical purposes
10.2 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. Relevant authorities include:
- Turkey: Personal Data Protection Authority (KVKK), kvkk.gov.tr
- European Union: Your local data protection authority
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Passwords are hashed using industry-standard algorithms (bcrypt)
- Transport Security: All data transmitted via HTTPS/TLS
- Access Controls: Role-based access to personal data, audit logging on sensitive operations
- Two-Factor Authentication: Optional 2FA for every account
- Regular Updates: Timely security patches and dependency updates
While we strive to protect your data, no method of transmission over the Internet is 100% secure.
12. Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Updating the "Last Updated" date
- Sending an email notification for significant changes (if you have an account)
Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.
14. Contact Us
For any questions or concerns about this Privacy Policy or our data practices, please contact us:
Kodizm
Operated by Anilcan Cakir, Izmir, Turkey
Email: [email protected]
We will respond to your inquiry within 30 days.