Privacy Policy

• **Data Controller:** Markty AI • **Contact:** info@markty.ai • **Address:** Barbaros Mah. Şebboy Sokak No:4/1 İç Kapı No:1 Ataşehir/İstanbul • **Company Registration No:** 0612180103300001 You can submit your requests under KVKK/GDPR to our address in writing or to our registered email address or **info@markty.ai**. Requests will be processed within **30 days at the latest** in accordance with applicable law.

• **Personal Data:** Any information relating to an identified or identifiable natural person. • **Special Category Personal Data:** Health data etc. under KVKK/GDPR provisions. (We do not process this data as a general rule.) • **Usage Data / Device Data:** IP, browser type, device information, cookie identifiers, session records, error logs, click flow, etc. • **Content/Prompt Data:** Text, visual, video, command, prompt and output data you provide within the scope of Services. • **Pseudonymization/Anonymization:** Processes to prevent identity determination.

• **Identity and Contact:** Name, surname, email, phone, company/title, position. • **Account and Transaction:** Login information, account settings, notification preferences, support requests. • **Billing/Payment:** Invoice title, tax information, address; payment transactions are processed by **payment service providers** (e.g., Stripe etc.). We do not access card data. • **Usage and Device:** IP, device/operating system, browser information, language, timestamps, performance/error logs. • **Cookies and Similar Technologies:** Session cookies, preference cookies, analytics and marketing cookies (see Cookies). • **Content/Prompt and Outputs:** Uploads, prompts, outputs you generate; project/brand configurations; integration settings. • **Marketing and Interaction:** Newsletter subscription, campaign participation, event forms, survey responses, references/reviews.

• **Service Provision and Contract Performance:** Account creation, identity verification, content generation, integrations, customer support. (**KVKK Art. 5/2-c**; **GDPR Art. 6/1-b**) • **Development, Security and Debugging:** Performance measurement, log analysis, fraud/abuse detection. (**KVKK Art. 5/2-f** legitimate interest; **GDPR Art. 6/1-f**) • **Marketing Communications:** Product updates, newsletters, campaigns (according to your preferences). (**Explicit consent** or **legitimate interest**) • **Legal Obligations:** Finance and tax legislation, responses to requests and audits. (**KVKK Art. 5/2-c**; **GDPR Art. 6/1-c**) • **Establishment, Exercise or Defense of Legal Claims:** Dispute management. (**KVKK Art. 5/2-e**; **GDPR Art. 6/1-f**) • **Personalization and Analytics:** Experience customization, measurement. • **Model and Product Improvement:** In accordance with the AI section below and **with explicit consent if required**. **Explicit Consent:** Where necessary, your explicit consent is requested and you can withdraw your consent at any time (withdrawal does not affect the lawfulness of previous processing).

• Your prompts and outputs may be processed to **provide Services**, improve security and quality, and prevent misuse. • We do not use your personal data for **general-purpose model training** **without your explicit consent**. • Limited **human review** may be applied when necessary (e.g., debugging, security); access is **role-based** and logged. • We may use multiple **LLM/model providers** (e.g., OpenAI, Anthropic, Google, etc.) and infrastructure/analytics providers; data may be transferred to these providers **under processor instructions**. • For privacy-sensitive content, **cropping/masking**, **minimization** and **retention period shortening** principles are applied. • Prompt/output retention periods are determined according to account activity, legal obligations and legitimate interest requirements. • You can manage your AI processing preferences (e.g., opting out of human review, training/improvement consent) through **settings** or by requesting via **info@markty.ai**.

• **Essential Cookies:** Session, security and basic functions. • **Functional Cookies:** Remembering preferences. • **Performance/Analytics:** Traffic and usage statistics (e.g., GA4 or equivalent solutions). • **Advertising/Marketing:** Behavioral advertising and retargeting (if any). You can manage your cookie preferences through browser settings and/or **cookie banner/settings**. Rejecting cookies may limit some functions.

• **Payment Service Providers:** Payment processing and billing. • **Hosting and Cloud:** Server, storage, CDN. • **LLM/Model Providers and Integrations:** Processing of prompts/outputs. • **Analytics, Debugging and Monitoring:** Performance, logging, security. • **Communication/CRM and Support Tools:** Newsletter, support and customer communication. • **Consultants and Legal Representatives:** In dispute or audit processes. • **Public Authorities/Competent Authorities:** Within the scope of legal obligations. • **Affiliates and Business Transfer:** In case of merger/acquisition/restructuring. Sharing is done with **data processor agreements** and appropriate security measures for limited purposes.

Your data may be transferred to countries outside your jurisdiction. In such cases, in accordance with **KVKK Art. 9** and relevant board decisions and **GDPR Art. 44-49**: • Transfer to countries with **adequate protection**, • If there is no adequate protection, transfer within the framework of **commitments/SCCs**, **explicit consent** or **legal exceptions**, • Technical and organizational security measures (encryption, access control, audit) are applied.

Personal data is retained for the **period necessary** for processing purposes and/or as required by **legal obligations** (e.g., tax/finance). When the period expires, data is **deleted**, **anonymized** or **destroyed**. Example: support records and logs for reasonable periods; billing records for **at least 10 years** according to relevant legislation.

We implement appropriate **technical and organizational** measures (encryption, transmission security, access control, network security, backup, logging, employee authorization). However, 100% security of transmissions over the internet cannot be guaranteed.

KVKK Rights (Art. 11) • Right to be informed about whether your personal data is processed, • Right to request information about processing, • Right to learn about appropriate use, • Right to know third parties to whom data is transferred domestically/internationally, • Right to request correction if processed incompletely/incorrectly, • Right to request deletion/destruction, • Right to restrict processing/object, • Right to request compensation if you suffer damage. You can submit your requests to **info@markty.ai**. GDPR/UK GDPR Rights (EEA/UK Users) • Access, rectification, erasure, restriction, objection, portability, • Withdrawal of consent, • Right to complain to local supervisory authority.

Services are for users **aged 18 and over**. We do not knowingly collect data from children under 18. If such a situation is detected, necessary steps are taken to delete the data.

The Platform may contain links to third-party websites/services. We are not responsible for the content and practices of these sites. We recommend reviewing the privacy policies of relevant sites before visiting.

This Policy may be updated from time to time. Changes take effect as soon as they are published on the Platform. We will provide reasonable notice of significant changes. Your continued use of the Services means you accept the changes.

For your questions and rights requests: **info@markty.ai**
Email: info@markty.ai