Back to sign in
This is an informational translation. The legally binding version is the Turkish original.

Privacy Policy

Data Controller:
Alkazar Teknoloji A.Ş.
Version:
v1.0
Effective Date:
2026-05-04

UrClimate Tailor — Privacy Policy

Informational translation — the Turkish original (Gizlilik Politikası) governs.

Effective Date: 4 May 2026 Version: 1.0 Platform: https://tailor.urclimate.com Data Controller: Alkazar Teknoloji A.Ş. Contact: destek@urclimate.com

Notice: This Privacy Policy explains, in a holistic manner, the personal data processing activities of the UrClimate Tailor platform. A separate Disclosure Notice is available for the short and technical information required under Article 10 of Law No. 6698 (KVKK); this policy is complementary to it, and in the event of a conflict, the specific provisions of the Disclosure Notice shall prevail.


1. Introduction

1.1. Scope

This Privacy Policy covers all personal data processed on the UrClimate Tailor platform (tailor.urclimate.com) operated by Alkazar Teknoloji A.Ş. (hereinafter "we", "Alkazar", or "Service Provider"). The policy applies to:

1.2. Legal Basis

1.3. Data Controller

Alkazar Teknoloji A.Ş. acts in the capacity of Data Controller within the meaning of Article 3/1-ı of Law No. 6698 (KVKK). In scenarios where corporate customer companies enter into the Platform data belonging to their own personnel, Alkazar may acquire the capacity of data processor (Art. 3/1-ğ); this situation may be regulated by a separate Data Processing Agreement (VİS / DPA).


2. Information We Collect

2.1. Account Information (Registration Form)

We collect the following information during registration:

2.2. Usage Data

Information about your activities on the Platform:

2.3. Technical Data

2.4. Automatically Collected Information

2.5. Information We Do Not Collect


3. Purposes of Information Use

The collected information is processed for the following purposes:

3.1. Service Provision (Art. 5/2-c of KVKK, performance of a contract)

3.2. Communication (Art. 5/2-c and Art. 5/2-f of KVKK)

3.3. Service Improvement (Art. 5/2-f of KVKK, legitimate interest)

3.4. Legal Obligations (Art. 5/2-a of KVKK)

3.5. Marketing (With explicit consent — Art. 5/1 of KVKK and Art. 6 of ETK)

Only in cases where the User has given explicit consent:

Explicit consent can be withdrawn at any time; via the "unsubscribe" link in the e-mail or through destek@urclimate.com.


4. Sharing with Third Parties

We share your personal data only in the following cases. Under no circumstances do we sell your data to third parties.

4.1. Infrastructure Service Providers (Data Processors)

ProviderServiceLocationData Processed
SupabaseDatabase + authentication + file storageFrankfurt, EUAccount data, site definitions, audit log
VercelApplication hostingEU (Frankfurt region)Request logs, technical data
Brevo (Sendinblue)Bulk/transactional e-mail (daily newsletter, alert)EU (Paris)E-mail address, sending log, newsletter content
ResendBackup transactional e-mail (registration confirmation, password reset)EU (eu-west-1)E-mail address, sending log
OpenStreetMap (OSM)Homepage asset map tilesEU-based CDNNo personal data is sent (only anonymous coordinate query)

All infrastructure providers are located in the EU; transfers are made under standard contract and DPA safeguards within the scope of Article 9 of KVKK.

4.2. Legal Obligation

4.3. Business Transfer / Merger

In the event that Alkazar becomes the subject of a merger, demerger, acquisition, sale, or similar corporate transaction, personal data may be transferred to the acquiring company under the same confidentiality standards; in such a case, Users are informed by e-mail.

4.4. Anonymous/Aggregate Data

Aggregate statistics that do not contain identity identifiers (for example, "total number of registered sites on the platform in 2026 Q2", "most frequently used threshold type") may be shared with research institutions, the media, or in investor presentations.


5. Security Measures

The technical and administrative measures we take within the scope of Article 12 of KVKK:

5.1. Technical Measures

5.2. Administrative Measures

5.3. Data Breach Process

When a security breach is detected:

  1. The breach is immediately detected and contained.
  2. Notification is made to the KVKK Authority within 72 hours (Art. 12/5 of KVKK).
  3. Affected Users are informed by e-mail as soon as possible.
  4. An incident report is prepared and preventive measures are taken.

6. Cookies

The Platform uses cookies for the purposes of basic functionality, security, and preference storage. UrClimate Tailor currently does not use third-party analytics or marketing cookies; when analytics infrastructure is added, this text will be updated and the User's separate explicit consent will be obtained.

6.1. Cookies Used (Phase 1)

CookiePurposeTypeDurationLegal Basis
sb-access-token, sb-refresh-tokenSupabase session management (user authentication)MandatorySession durationArt. 5/2-c of KVKK (performance of a contract)
themeLight/dark theme preference (light/dark mode)Mandatory1 yearArt. 5/2-f of KVKK (legitimate interest — preserving user preference)
darkModeDark mode flag (persistent UI preference)Mandatory1 yearArt. 5/2-f of KVKK (legitimate interest — preserving user preference)
csrf-tokenCross-Site Request Forgery protectionMandatorySession durationArt. 5/2-c of KVKK (performance of a contract) + Art. 12 of KVKK (security measure)

6.2. Cookies Not Used

If the above three categories of cookies are implemented in the future, separate explicit consent will be obtained from the User and this text will be updated.

6.3. Cookie Management


7. Children and Age Limit

UrClimate Tailor is a B2B product not directed at users under the age of 18. If it is determined that a person under the age of 18 has opened an account, the account is immediately deleted. Employees of corporate customers are assumed to be adults and authorized to act on behalf of the company.


8. User Rights (Article 11 of KVKK)

Pursuant to Article 11 of KVKK, the User has the following rights:

  1. To learn whether their personal data is being processed.
  2. To request information if it has been processed.
  3. To learn the purpose of processing and whether it is used in accordance with its purpose.
  4. To know the third parties to whom it is transferred domestically or abroad.
  5. To request rectification if it has been processed incompletely or incorrectly.
  6. To request its erasure or destruction when the conditions are met (right to be forgotten).
  7. To request that rectification/erasure operations be notified to the third parties to whom the data has been transferred.
  8. To object to a result arising against the person as a consequence of analysis carried out through automated systems.
  9. To request compensation for damages in the event of suffering damage due to unlawful processing.

8.1. Application Method

To exercise your rights, you may submit your applications via:

In the application, for identity verification you must state your first name and last name, T.C. identity number or passport number (for foreigners), notification address, and the subject of the request.

8.2. Response Time

Applications are answered free of charge within a maximum of 30 days. If the request requires a special cost, the current tariff determined by the KVKK Board is applied.


9. Data Retention Periods

Data TypeRetention PeriodBasis
Account informationSubscription period + 90 daysPerformance of a contract
Site definitions and threshold settingsSubscription period + 90 days (then hard-delete)Performance of a contract + User request
Access logs6 monthsLaw No. 5651
Audit log3 yearsStatute of limitations under Art. 146 of TBK, legitimate interest
Invoice/accounting5 years (minimum), 10 years (Art. 82 of TTK)VUK 253, Art. 82 of TTK
Support correspondence3 yearsLegitimate interest (defense in disputes)
Backups30-day rolling windowTechnical requirement
KVKK consent recordUntil consent is withdrawn + 3 years for evidentiary purposesArt. 12 of KVKK, Art. 6 of ETK
Marketing explicit consentUntil consent is withdrawn + 3 years for evidentiary purposesArt. 6 of ETK

When the legal retention period expires, the data is automatically deleted or anonymized.


10. Changes

This Privacy Policy may be updated over time.

After each update, the User is deemed to have accepted the new policy by continuing to use the Platform. In the event of non-acceptance, the provisions of Article 10 (Termination) of the Terms of Use apply.


11. Contact and Complaints

11.1. First Step — Alkazar Support

For any questions, requests, and complaints regarding privacy, please contact us first:

Alkazar Teknoloji A.Ş. — Data Controller

11.2. Second Step — KVKK Authority

In the event that your application to Alkazar is rejected, you find the response provided insufficient, or you do not receive a response within 30 days:

Personal Data Protection Authority

you may file a complaint within 30 days from the date of application, within 60 days from the date you learned the subject of the complaint, and in any event within a maximum of 2 years (Art. 14 of KVKK).


Effective Date: 4 May 2026 Version: 1.0

This Privacy Policy has been prepared in accordance with KVKK, ETK, and all relevant legislation. It is updated in line with legislative changes. The current version is always available at https://tailor.urclimate.com/gizlilik-politikasi.