Privacy Policy

The data controller responsible for your personal data is:

We collect the following categories of personal data:

2.1. Account Information: Name, email address, password (hashed), company name, job title, and profile preferences.

2.2. Usage Data: Task history, queries submitted, outputs generated, feature usage patterns, session duration, and interaction logs.

2.3. Payment Data: Billing address, payment method type, and transaction history. Full payment card details are processed and stored exclusively by our third-party payment processors and are never stored on our servers.

2.4. Technical Data: IP address, browser type and version, operating system, device identifiers, referring URLs, and access timestamps.

2.5. Communication Data: Information you provide when contacting our support team, including email correspondence and feedback submissions.

2.6. Cookie Data: Information collected through cookies and similar tracking technologies as described in our Cookie Policy.

We process your personal data for the following purposes:

3.1. To provide, maintain, and improve the Service, including processing your AI-generated task requests.

3.2. To create and manage your account.

3.3. To process payments and send transaction-related communications.

3.4. To communicate with you about updates, security alerts, and support inquiries.

3.5. To analyze usage patterns and improve the performance, security, and user experience of the Service.

3.6. To comply with legal obligations and enforce our Terms.

3.7. To detect, prevent, and address fraud, abuse, and security incidents.

We process your personal data based on the following legal grounds:

4.1. Contractual Necessity: Processing necessary to perform our contract with you (providing the Service).

4.2. Legitimate Interest: Processing necessary for our legitimate business interests, such as improving the Service, fraud prevention, and analytics, provided these interests are not overridden by your rights.

4.3. Consent: Where you have given explicit consent for specific processing activities, such as marketing communications or optional analytics.

4.4. Legal Obligation: Processing necessary to comply with applicable laws and regulations.

We share your data with the following categories of third parties, strictly as necessary to provide the Service:

5.1. AI Service Providers: Your task inputs are transmitted to AI providers to generate outputs. These providers include:

• Anthropic (Claude) -- United States
• Google (Gemini) -- United States
• OpenAI (GPT) -- United States
• Perplexity -- United States

Each provider processes data in accordance with their own privacy policies and data processing agreements. We maintain Data Processing Agreements with each provider.

5.2. Payment Processors: Third-party payment services that process your transactions securely.

5.3. Infrastructure Providers: Cloud hosting and CDN providers necessary to operate and deliver the Service.

5.4. Analytics Providers: Services that help us understand usage patterns and improve the Service.

5.5. We do not sell your personal data to third parties.

6.1. Your data may be transferred to and processed in countries outside of Turkey and the European Economic Area, including the United States, where our AI providers are located.

6.2. For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards as required by GDPR.

6.3. For transfers outside Turkey, we comply with the requirements of the KVKK and obtain necessary approvals from the Turkish Personal Data Protection Authority where required.

7.1. Account data is retained for the duration of your active account and for a period of 24 months following account closure.

7.2. Task history and generated outputs are retained for 12 months to enable you to access previous work, unless you request earlier deletion.

7.3. Payment records are retained for the period required by applicable tax and financial regulations (minimum 5 years in Turkey).

7.4. Technical and analytics data is retained for up to 12 months in aggregated or anonymized form.

Under GDPR, KVKK, and other applicable laws, you have the following rights:

8.1. Right of Access: Request a copy of the personal data we hold about you.

8.2. Right to Rectification: Request correction of inaccurate or incomplete personal data.

8.3. Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.

8.4. Right to Restriction: Request restriction of processing of your personal data in certain circumstances.

8.5. Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.

8.6. Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

8.7. Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting the lawfulness of processing prior to withdrawal.

8.8. To exercise any of these rights, contact us at legal@oneyventures.com. We will respond within 30 days (GDPR) or 30 days (KVKK) of receiving your request.

We use cookies and similar technologies to operate the Service. For detailed information about the cookies we use and how to manage your preferences, please refer to our Cookie Policy.

10.1. We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, regular security audits, and incident response procedures.

10.2. While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such data promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice on the Service at least 30 days before they take effect. Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes.

If you believe that our processing of your personal data infringes applicable law, you have the right to lodge a complaint with:

Turkey: Turkish Personal Data Protection Authority (Kisisel Verileri Koruma Kurumu -- KVKK)

EU: The supervisory authority in your EU member state of residence.

For privacy-related inquiries or to exercise your data rights, contact us at: