Skip to content

Privacy Policy

Last updated: 5 June 2026

This policy explains how SONSEQ processes your personal data when you use our website (sonseq.com) and our mobile applications — for what purposes, on what legal basis, with whom it is shared, and what your rights are.

We process your data in accordance with the Personal Data Protection Law of Türkiye (Law No. 6698, “KVKK”) and its secondary legislation. For users located in the European Union, we additionally observe the principles of the General Data Protection Regulation (GDPR).

In all processing activities we comply with the principles of KVKK Article 4: lawfulness and fairness; accuracy and being kept up to date; processing for specified, explicit, and legitimate purposes; being relevant, limited, and proportionate to the purpose (data minimization); and retention only for as long as necessary. We process your data only for the purposes stated in this policy; data sharing is limited to the data processors we use to provide the service and to cases required by law. Your data is not used to build marketing profiles.

The general framework (who we are, our principles, your rights) is set out in the upper sections; the concrete data each service (website, applications) collects, its cookie use, transfers, and retention periods are described in that service's own section.

Definitions

  • Personal data: Any information relating to an identified or identifiable natural person (for example, an IP address or device information).
  • Processing: Any operation performed on data, including collection, recording, storage, and transfer.
  • Data subject: The natural person whose data is processed — that is, you.
  • Data controller: The party that determines the purposes and means of processing — SONSEQ.
  • Data processor: A party that processes data on behalf of the controller (for example, PostHog or Cloudflare).
  • Anonymization: Rendering data such that it can no longer be linked in any way to an identified or identifiable person.

Data Controller

Data controller: SONSEQ
Erzurum, Türkiye
Contact: destek@sonseq.com

You may send your requests and applications to the email address above; the application procedure is detailed in the “Your Rights” section.

Your Rights

Under KVKK Article 11, by applying to the data controller you have the right to:

  • learn whether your personal data is being processed;
  • request information if it has been processed;
  • learn the purpose of processing and whether it is used in line with that purpose;
  • know the third parties to whom it is transferred, domestically or abroad;
  • request rectification if it is incomplete or inaccurate;
  • request erasure or destruction within the conditions of the law;
  • request that rectification and erasure be notified to third parties to whom the data was transferred;
  • object to a result against you arising from analysis solely by automated systems;
  • claim compensation for damages arising from unlawful processing.

Application procedure. You may submit your requests in writing, or via registered electronic mail (KEP), secure electronic signature, mobile signature, or an email address previously notified to and registered with us, to destek@sonseq.com. We conclude your request within 30 days at no charge; if the operation entails an additional cost, a fee set by the Board may apply. Where an application is rejected, the response is found insufficient, or no response is provided within the period, the Law (Art. 14) provides for an application to the Personal Data Protection Board, within 30 days of learning of it and in any case within 60 days of the application. Because cookieless mode keeps no identifier that resolves back to an individual, additional verification information may be required for an individual request.

If you are in the EU (GDPR):you have the rights of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection to processing, not being subject to automated decisions, and (where applicable) withdrawal of consent. Applicable law also reserves your right to apply to the data protection supervisory authority in your country.

Our Website

sonseq.com is a promotional site; there is no membership, account, form, or payment. Site analytics is performed only through PostHog; no additional analytics tool is used.

DataPurposeLegal basisRecipient / Transfer
Page views, dead clicks (sampled), web performance metrics (sampled), browser/OS information (User-Agent)Measure site usage, improve qualityLegitimate interestPostHog — EU/Frankfurt, cookieless, DPA+SCC
Error records (error message, technical details)Detect and fix errorsLegitimate interestPostHog — EU/Frankfurt, DPA+SCC
IP address and technical request data (transient)Hosting, attack/DDoS protection (WAF), fast deliveryLegitimate interestCloudflare — global infrastructure (abroad), DPA+SCC, short-term logs
Your email address and message content (only if you write to us)Respond to your requestPerformance of a contractGoogle (Google Workspace) — abroad, CDPA+SCC

The legal basis for the processing above is principally legitimate interest (KVKK Art. 5/2-f; GDPR Art. 6/1-f). If you contact us by email, the processing falls under the establishment or performance of a contract (KVKK Art. 5/2-c; GDPR Art. 6/1-b). We do not request consent for site analytics; we rely on legitimate interest.

Cookies and local storage

This site does not currently use cookies;no identifier is written to your browser localStorage or sessionStorage. PostHog runs on EU (Frankfurt) servers in cookieless mode: user identity is constructed server-side by irreversibly hashing your IP and browser information with a daily-rotated salt. Under this design, no identifier is stored on your device, and your IP address is not retained as-is by PostHog (it is hashed). For hosting and security (WAF/DDoS protection), Cloudflare processes your IP address for a short time; this is a technical necessity and is not used for advertising or profiling. Because the site uses no cookies or similar identifiers, you see no “cookie consent” banner.

International transfers

Some site data is processed by service providers located abroad (PostHog — EU; Cloudflare — global infrastructure; Google — email). These transfers are carried out under Data Processing Agreements (DPAs) incorporating the European Commission Standard Contractual Clauses (SCCs), with regard to the minimal, pseudonymized nature of the data, and limited to what is necessary (KVKK Art. 9).

Retention

The PostHog free-tier default (approximately 1 year); for Cloudflare and Google logs, the standard short-term policy of the relevant provider. When the period expires or the reason for processing no longer exists, data is deleted, destroyed, or anonymized.

Security

Appropriate technical measures are taken at the site level (KVKK Art. 12): HTTPS/TLS encryption, a strict Content Security Policy (CSP), security headers, and WAF/DDoS protection.

Data not collected:name, phone number, location (GPS/GeoIP — server-side geo enrichment is disabled), special-category data, advertising/marketing profiles. Session replay and automatic capture of all clicks (autocapture) are not used; the sampled “dead click” signal noted in the table above is the only exception.

Our Applications

Marifetname:Coming soon. When the application is published, only the data that application collects — in the same format as the “Our Website” section above (what data, purpose, legal basis, transfer, retention) — will be added under this heading as a separate block; the rest of the policy remains fully applicable.

Updates

We may update this policy when needed. When there is a significant change, we refresh the “Last updated” date at the top of the page. When a new application or service is added, the relevant data disclosures are added as their own section.