KVKK DISCLOSURE

Personal Data Protection Disclosure

Under Turkish Law no. 6698 (KVKK), we inform BulkPro users about the data controller, processing purposes and their rights.

1. Data controller

Within this disclosure, the 'Data Controller' is Bilgetek, developer and provider of BulkPro. Contact: privacy@bilgetek.com (Istanbul, Türkiye).

2. Categories of personal data processed

BulkPro is a local-first application. Only the following minimum data is processed for it to function:

  • Device hash: irreversible SHA-256 of a hardware signature. Not tied to user identity.
  • App version number and language preference.
  • Periodic heartbeat request timestamp (at most once a day).

Name, email and message content you share via the contact form, license activation or KVKK request are processed as long as you give explicit consent.

3. Processing purposes

  • Ensuring the license stays active on a single device at a time.
  • Effective distribution of security updates.
  • Version-based aggregated usage measurement.
  • Responding to user requests (via the contact form).

4. Legal basis

Processing is carried out under KVKK art.5/2-(c) necessity for performance of contract, art.5/2-(f) legitimate interest, and explicit consent (for information shared via the contact form).

5. Transfer

Processed personal data is not shared with third parties. Infrastructure providers like Cloudflare (CDN) and GitHub Releases (distribution) only keep standard connection metadata, which does not include personal info. Cross-border transfer can only occur due to these infrastructure providers' servers.

6. Retention period

Heartbeat data is retained for at most 12 months. Contact-form correspondence is kept for 3 years after the request is resolved, then deleted or anonymized.

7. Your rights under KVKK Article 11

  • Learn whether personal data is being processed.
  • If so, request information about it.
  • Learn the processing purpose and whether it's used in line with that purpose.
  • Know the third parties to whom data is transferred domestically/abroad.
  • Request correction if processing is incomplete/incorrect.
  • Request deletion or destruction.
  • Request that corrections/deletions/destructions be notified to third parties to whom data was transferred.
  • Object to results arising from analysis through automated systems.
  • Request compensation for damage caused by processing in violation of the law.

8. How to apply

Send your written application for the rights above to privacy@bilgetek.com. We respond within 30 days at the latest. Under the Communiqué on the Procedures and Principles for Application to the Data Controller, written applications may require identity-verifying documents.

KVKK application

privacy@bilgetek.com · we respond within 30 days.

Contact