Legal review required
This is a starter template. It must be reviewed by qualified legal counsel before the site goes live. Company registration details, registered address, and any jurisdiction-specific obligations must be completed.
Privacy Policy
This Privacy Policy explains how Airomeda Bilgi Teknolojileri ("Airomeda", "we", "our", or "us") collects, uses, and protects your personal data when you visit airomeda.com or submit a form on our website.
For users in Turkey this policy is supplemented by our KVKK Aydınlatma Metni. For users in the European Economic Area or United Kingdom, GDPR (EU 2016/679) applies.
1. Data Controller
Airomeda Bilgi Teknolojileri (Company registration number, registered address, and tax identification to be added here.)
Contact: hello@airomeda.com
2. Personal Data We Collect
We collect only the personal data you actively provide or that is generated automatically by your use of the site:
- Contact, demo, and career application forms: Full name, email address, phone number (optional, career form only), LinkedIn profile URL (optional, career form only), company name (optional), the message you write, and CV file (PDF or DOCX, career form only). Submitted form data is both emailed to our internal team and stored in our SQLite database on our hosting server (Hostinger VPS, EU / Lithuania).
- Server and access logs: IP address, browser user-agent string, request timestamps, and pages visited. These are generated automatically by our hosting infrastructure.
- Cookies and local storage: Language preference cookie (
NEXT_LOCALE), Cloudflare Turnstile security cookies, andairomeda-consent-v1(a local-storage record of your cookie preference). See our Cookie Policy for details. - Consent-based analytics (optional): If you accept "Analytics" cookies in our cookie banner, anonymous page-view statistics are collected via Plausible Analytics. Plausible uses no identifying cookies; IP addresses are not retained and no session trail is kept.
- Consent-based error tracking (optional): When Sentry is active, technical records of application errors (error message, stack trace, anonymous session identifier) are stored. PII fields such as form contents are locally masked before transmission.
We do not use advertising pixels or third-party tracking for ad targeting.
3. How We Use Your Data
| Purpose | Lawful Basis (GDPR Art. 6) |
|---|---|
| Responding to your contact or demo request | Legitimate interests (Art. 6(1)(f)) / Pre-contractual steps (Art. 6(1)(b)) |
| Evaluating career applications | Pre-contractual steps (Art. 6(1)(b)) |
| Website security — preventing spam, bot attacks | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Third-Party Recipients
We share your data only with the following processors, to the minimum extent necessary:
| Recipient | Country | Purpose | Safeguard |
|---|---|---|---|
| Hostinger International Ltd. | Lithuania, European Union | Web hosting, infrastructure, and SMTP-based delivery of form notification emails | EU adequacy / GDPR Art. 28 DPA |
| Cloudflare, Inc. | United States (global CDN) | Bot and spam protection via Turnstile widget on forms | SCCs / Cloudflare DPA |
| Plausible Analytics (optional) | Germany / European Union | Cookieless, anonymous page-view statistics (only loaded with your "Analytics" consent) | EU adequacy / GDPR Art. 28 DPA |
| Functional Software, Inc. (Sentry) (optional) | United States | Production error tracking — with PII masked before transmission | Standard Contractual Clauses (SCCs) / Sentry DPA |
We do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes.
Transfers to Third Countries
Transfers of personal data to the United States (Resend, Cloudflare) are carried out under the Standard Contractual Clauses approved by the European Commission pursuant to GDPR Art. 46(2)(c). Copies of the relevant clauses are available on request.
5. Retention
We retain personal data only as long as necessary for the stated purpose or as required by law:
- Contact and demo messages: 2 years from the date of last correspondence.
- Career applications (unsuccessful candidates): 6 months from the date of application.
- Career applications (successful candidates): Duration of the employment relationship, subject to applicable statutory obligations.
- Server access logs: 14 days (rotated via logrotate).
- Error-tracking records (Sentry): 90 days.
- Analytics data (Plausible): Aggregated statistics retained indefinitely; no per-user records kept.
6. Your Rights
Under GDPR Articles 15–22 you have the right to:
- Access (Art. 15): obtain a copy of your personal data we hold.
- Rectification (Art. 16): correct inaccurate or incomplete data.
- Erasure (Art. 17): request deletion of your data where there is no longer a legal basis to retain it.
- Restriction (Art. 18): ask us to restrict processing in certain circumstances.
- Portability (Art. 20): receive your data in a structured, machine-readable format.
- Object (Art. 21): object to processing based on legitimate interests.
- Withdraw consent (Art. 7(3)): where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at hello@airomeda.com. We will respond within one month (extendable by two further months for complex requests, with notice).
You also have the right to lodge a complaint with the supervisory authority in your country of residence. In Turkey this is the Kişisel Verileri Koruma Kurumu (KVKK); in the EU it is your national data protection authority.
7. Security
We apply technical and organisational measures proportionate to the risk, including encrypted connections (HTTPS/TLS), access controls, and limited data retention periods.
8. Changes to This Policy
We will publish material changes on this page and update the "Last updated" date. We encourage you to review this policy periodically.
9. Last Updated
Last updated: 18 May 2026