Privacy Policy
This document outlines the privacy policy applicable to user data, file uploads, analysis procedures, payment records, logging, retention periods, and user rights on the website.
Email: admin@smartarch.ai
Privacy Policy
This document outlines the privacy policy applicable to user data, file uploads, analysis procedures, payment records, logging, retention periods, and user rights on the website.
Categories of Personal Data Processed
If the website does not support user account creation, account information is not processed. However, the system may generate an anonymous or transaction-based customer/application ID for tracking transactions, payments, analysis results, returns, or support activities.
- Contact Information
- Billing or Company Contact Information
- Transaction and Service Usage Information
- File Upload Time
- Analysis Start Time
- Analysis End Time
- Analysis Duration
- Payment Initiation Time
- Payment Success/Failure Information
- Output Generation Time
- Output Download Time
- Refund Request Time
- Deletion Time
- User's Transaction Steps in the Service Flow
Technical Information
- IP Address
- Masked IP Information
- Approximate Country/City Information
- Browser Type
- Operating System
- Device Type
- User-Agent Information
- Session Logs
- Security Logs
- Error Logs
- Performance Logs
File and Analysis Information
- Uploaded File Name
- File Extension
- File Size
- File Upload Time
- Number of Pages/Images Analyzed
- Analysis Result Generated by the System
- Output File
- Technical Metadata Generated as a Result of the Transaction
The contents of uploaded files are processed exclusively to provide services, perform analyses, generate outputs, conduct debugging, and fulfill security and legal obligations.
Payment and Billing Information
- Payment Status
- Transaction Number
- Payment Provider Reference Number
- Billing Information
- Tax Information
- Return Information
Full card numbers, CVV, or payment card PINs are not stored directly by us; this information is handled by authorized payment institutions within their own systems.
Purposes of Processing Personal Data
Personal data may be processed for the following purposes:
- Website operation
- User account creation and management
- Authentication and session management
- Provision of file upload services
- Execution of AI-assisted analysis processes
- Provision of demo services
- Provision of paid analysis services
- Execution of payment transactions
- Invoicing and accounting activities
- Creation of output files
- User access to view or download results
- Provision of technical support
- Error detection and system enhancement
- Security, fraud prevention, and misuse deterrence
- Compliance with legal obligations
- Dispute resolution
- Service quality improvement
- Enhancement of user experience
- Maintenance of records and logs in accordance with legislation
- Fulfillment of authorized public institutions’ requests
- System performance monitoring and improvement
Log and Audit Records
Log records may be maintained to ensure secure website operation, facilitate transaction traceability, detect errors, and provide evidence in potential disputes. These logs may include:
- Login activity
- File uploads
- Payment initiations
- Payment success statuses
- Analysis commencement
- Analysis completion
- Output downloads
- Refund requests
- Error occurrences
- IP, device, and browser details
- Transaction timestamps
- Security events
Log records are retained only for the necessary duration and safeguarded to permit access exclusively by authorized personnel.
Cookies and Similar Technologies
The website may utilize cookies, pixel tags, local storage technologies, and related tools as follows:
Mandatory Cookies
Essential for website operation, session management, security, language preferences, and payment processing. Disabling these may impair certain service functionalities.
Performance and Analytical Cookies
Used to analyze website usage, measure error rates, enhance performance, and improve service quality.
Preference Cookies
Designed to remember language, region, appearance, and other user preferences.
Advertising and Marketing Cookies
Employed only with explicit user consent in jurisdictions where it is required.
Users can manage cookie preferences through browser settings or the cookie preference panel. Disabling certain cookies may restrict full website functionality.
Transfer of Personal Data
Personal data may be shared with the following categories of recipients:
- Hosting providers
- Cloud infrastructure providers
- Payment service providers
- Email and notification service providers
- Analytics and performance service providers
- Technical support providers
- Accounting and billing service providers
- Legal, audit, and consulting service providers
- Authorized public institutions and organizations
- Courts and enforcement authorities
- Security and fraud prevention service providers
Personal data will not be sold without explicit permission. Sharing with third parties occurs solely for service delivery, compliance with legal obligations, security purposes, or with user consent.
Children's Privacy
Our services are not intended for children. We do not knowingly collect data from individuals under 16 years of age. Users under 13 years are prohibited from using the system. If data from children is identified:
- It will be immediately deleted
- Processing will cease
Parental Rights
Parents may exercise their rights regarding data deletion, access, and objections.
Retention Periods
Personal data is retained only for the period necessary to fulfill the processing purposes. General retention guidelines include:
- Account Information: No account creation system in place
- Transaction Records: Retained for service completion and six months thereafter
- Payment and Invoice Records: Retained until the end of the fiscal year as mandated by tax and accounting legislation
- Uploaded Files: Retained for 72 hours following completion of analysis and output generation
- Output Files: Retained for the duration required for user access
- Log Records: Retained for security and auditing purposes as necessary
- Support Requests: Retained for the period required to resolve the request and address potential disputes
Data Transfer Abroad
Due to the technical infrastructure of the service, personal data may be transferred abroad through the following means:
- Cloud servers
- Artificial intelligence analysis systems
- Payment infrastructures
- Email services
- CDN and cache systems
- Log and error monitoring systems
Data transfers abroad are conducted in full compliance with applicable data protection legislation. In this regard, data transfer is executed within the framework of:
- Standard contractual clauses (SCC) or adequacy decisions for the European Union,
- Explicit consent, standard contracts, or appropriate assurance mechanisms for Turkey,
- IDTA or UK Addendum for the United Kingdom,
- Relevant local data transfer regulations for other countries.
Personal data may be processed on servers located either inside or outside the European Union, depending on the service’s technical infrastructure.
Third-Party Links and Services
Our website may include links to third-party websites, payment infrastructures, support tools, analysis tools, or cloud services. The privacy practices of these third parties are beyond our control. Users are advised to review the privacy policies of the respective third parties prior to using these services.
Policy Changes
This Privacy Policy may be revised periodically. Updates may be required due to legislative amendments, changes in technical infrastructure, introduction of new products or services, payment processes, security practices, or modifications in data processing activities.
The updated version will become effective upon publication on the website. When necessary, users will also be notified via email, in-account notification, or website announcement.
Last update date: [05.05.2026]
Contact
Should you have any questions regarding the processing of your personal data or wish to exercise your rights under this Privacy Policy, please contact us through the following channels:
Email: [email protected]
Support channel: [support link]
To facilitate prompt and secure handling of your requests, please provide verification details such as your name, account information, subject of the application, and, if available, the relevant processing date.
Legal Bases for Personal Data Processing
| Data Category | Processing Purpose | Legal Basis |
|---|---|---|
| User name / ID | service provision | performance of contract |
| Contact information | support, notifications | contract + legitimate interest |
| File data | AI analysis | contract |
| Technical data (IP, device) | security, logs | legitimate interest |
| Payment data | payment, invoice | legal obligation |
| Log records | security, evidence | legitimate interest |
| Cookies (strictly necessary) | system operation | legitimate interest |
| Cookies (analytics/advertising) | analysis/marketing | explicit consent |
Personal Data Events and Legal Time Limits Table
| Event | KVKK (Turkey) | GDPR (EU) | UK GDPR | USA (CCPA/CPRA) | Note |
|---|---|---|---|---|---|
| Response period for user request | 30 days | 1 month | 1 month | 45 days | In the USA: 45 days + 45-day extension |
| Time extension | none (exceptional) | +2 months | +2 months | +45 days | user must be notified |
| Fee request | free | free | free | free | a fee may be charged in case of abuse |
Data Breach
| Event | KVKK | GDPR | UK GDPR | USA | Note |
|---|---|---|---|---|---|
| Notification to authority | "as soon as possible" | 72 hours | 72 hours | varies by state | KVKK does not give a fixed period |
| Notification to user | if necessary | if necessary | if necessary | mandatory | required if there is risk |
| Internal record keeping | ✔ | ✔ | ✔ | ✔ | mandatory in all cases |
Data Deletion / Destruction
| Event | KVKK | GDPR | USA | Note |
|---|---|---|---|---|
| Response to deletion request | 30 days | 1 month | 45 days | |
| Deletion process | reasonable time | without delay | reasonable time | |
| If legal retention applies | not deleted | not deleted | not deleted | tax, etc. |
Log and Record Retention Periods (Practical Standard)
| Data | Recommended Period | Explanation |
|---|---|---|
| Log records | 6 months – 1 year | security |
| Transaction records | 6 months | appropriate for your system |
| Uploaded file | 72 hours | after analysis |
| Payment records | 5–10 years | tax obligation |
| Cookie data | 6–24 months | depending on cookie type |