Privacy Policy

• Personal data: Any information relating to an identified or identifiable natural person (for example, an IP address or device information).
• Processing: Any operation performed on data, including collection, recording, storage, and transfer.
• Data subject: The natural person whose data is processed — that is, you.
• Data controller: The party that determines the purposes and means of processing — SONSEQ.
• Data processor: A party that processes data on behalf of the controller (for example, PostHog or Cloudflare).
• Anonymization: Rendering data such that it can no longer be linked in any way to an identified or identifiable person.

You may send your requests and applications to the email address above; the application procedure is detailed in the “Your Rights” section.

In all processing activities we comply with the principles of KVKK Article 4: lawfulness and fairness; accuracy and being kept up to date; processing for specified, explicit, and legitimate purposes; being relevant, limited, and proportionate to the purpose (data minimization); and retention only for the period required by law or by the purpose of processing.

We process your data only on one of the following legal bases (the basis for each data point is stated in “Our Services and the Data We Collect”):

• Legitimate interest (KVKK Art. 5/2-f; GDPR Art. 6/1-f) — for site security, error detection, and aggregate (anonymous/pseudonymous) usage statistics, to an extent that does not harm your fundamental rights and freedoms.
• Performance of a contract (KVKK Art. 5/2-c; GDPR Art. 6/1-b) — to respond to your request when you contact us by email.
• Legal obligation (KVKK Art. 5/2-ç; GDPR Art. 6/1-c) — where a statutory retention or reporting obligation arises.
• Explicit consent (KVKK Art. 5/1; GDPR Art. 6/1-a) — only where none of the above applies and we separately request consent. We do not request consent for website analytics; we rely on legitimate interest and write no cookies to your device.

We do not sell, rent, or share your data with third parties for marketing purposes. Your data is shared only with the data processors strictly necessary to provide the service (hosting/security, analytics, error tracking, email); part of their infrastructure is located outside Türkiye.

International transfers.Data Processing Agreements (DPAs) incorporating the Standard Contractual Clauses (SCCs) issued by the European Commission are in place with our service providers. We carry out transfers on the basis of these appropriate safeguards and the minimal, pseudonymized (irreversibly hashed) nature of the data, limited to what is necessary. The specific providers, countries, and safeguards are listed in “Our Services and the Data We Collect”.

We retain personal data only for as long as required by the purpose of processing or by law. When the period expires or the reason for processing no longer exists, we delete, destroy, or anonymize the data. Concrete retention periods for each service are stated in “Our Services and the Data We Collect”.

Under KVKK Article 12, we take appropriate technical and organizational measures to prevent unlawful processing of and unlawful access to data: HTTPS/TLS encryption, a strict Content Security Policy (CSP), security headers, network security (WAF/DDoS protection), and data minimization. We also select our providers so that they can ensure these measures.

This site uses no cookies;no identifier is written to your browser localStorage or sessionStorage. Our analytics tool, PostHog, runs on EU (Frankfurt) servers in cookieless mode: user identity is constructed server-side by irreversibly hashing your IP and browser information with a daily-rotated salt; nothing is stored on your device and your IP address is not stored as-is. This is why you see no “cookie consent” banner — none is needed.

Under KVKK Article 11, by applying to the data controller you have the right to:

• learn whether your personal data is being processed;
• request information if it has been processed;
• learn the purpose of processing and whether it is used in line with that purpose;
• know the third parties to whom it is transferred, domestically or abroad;
• request rectification if it is incomplete or inaccurate;
• request erasure or destruction within the conditions of the law;
• request that rectification and erasure be notified to third parties to whom the data was transferred;
• object to a result against you arising from analysis solely by automated systems;
• claim compensation for damages arising from unlawful processing.

Application procedure. You may submit your requests in writing, or via registered electronic mail (KEP), secure electronic signature, mobile signature, or an email address previously notified to and registered with us, to destek@sonseq.com. We conclude your request within 30 days at no charge; if the operation entails an additional cost, we may charge the fee in the tariff set by the Board. If you find our response insufficient or receive no response within 30 days, you may lodge a complaint with the Personal Data Protection Board within 30 days of learning of it and in any case within 60 days of the application. Because cookieless mode keeps no identifier that resolves back to an individual, additional verification information may be required for an individual request.

If you are in the EU (GDPR):you have the rights of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection to processing, not being subject to automated decisions, and (where applicable) withdrawal of consent. You also have the right to lodge a complaint with the data protection supervisory authority in your country.

Our Website: sonseq.com

Our website is a promotional site; there is no membership, account, form, or payment. Site analytics is performed only through PostHog; no additional analytics tool is used.

We do not collect: name, phone number, location (GPS/GeoIP — server-side geo enrichment is disabled), special-category data, or advertising/marketing profiles. Session replay and automatic click capture (autocapture) are disabled.

Retention: the PostHog free-tier default (approximately 1 year); for Cloudflare and Google logs, the standard short-term policy of the relevant provider.

Our Applications

Marifetname: Coming soon. When the application is published, only the data that application collects will be added under this heading — in the table format above; the rest of the policy remains fully applicable.

We may update this policy when needed. When there is a significant change, we refresh the “Last updated” date at the top of the page. When a new application or service is added, the relevant data disclosures are added to “Our Services and the Data We Collect”.