Privacy Policy — Yeni Dünya İnsanı
Last updated: {{date}}
This privacy policy describes how Yeni Dünya İnsanı Programı ("we", "us") collects, uses, and protects your personal data when you use our platform.
1. Data Controller
- Controller: Serhat Bıçakçı (AfterFaang × Yeni Dünya İnsanı Programı)
- Contact: serhat@afterfaang.com
2. Data We Collect
| Category | Data |
|---|---|
| Identity | Full name, email, phone |
| Account | Password (bcrypt hashed), login timestamps |
| Program activity | Cohort assignment, week completion, test answers/scores, forum posts |
| Video access | References to private Drive videos linked to your sessions |
| Optional public | LinkedIn URL, short bio (only if you add them on your profile, then shown on public Alumni page) |
| Technical | IP (security only), browser info, session cookies |
3. How We Use Data
- Run the program (account, content access, video authorization)
- Communicate with you (notifications, password reset)
- Recognize program completion and feature you in Alumni network if you opt in by adding your LinkedIn URL
4. Legal Basis
- Consent (KVKK Art. 5/1, GDPR Art. 6(1)(a)) — KVKK consent at signup
5. Data Sharing
Data is shared only with these processors strictly for service delivery:
| Processor | Purpose | Region |
|---|---|---|
| Railway | App + DB hosting | EU |
| Google Drive (Service Account) | Video content storage | US |
| Resend | Transactional email | US |
Cross-border transfers comply with KVKK Art. 9 and SCCs.
We do not sell, rent, or share your data for advertising with third parties.
6. Retention
- Active account: as long as you remain enrolled
- After deletion request: 30 days, then permanent deletion
- Email logs: 12 months
- Alumni profile: indefinitely unless you request removal
7. Your Rights (KVKK Art. 11 + GDPR Art. 15-22)
- Access, rectification, erasure
- Restriction of processing
- Data portability (request your full data export as JSON)
- Object to processing
- Withdraw consent (account deletion)
To exercise: email serhat@afterfaang.com
8. Cookies
Session-only cookies for authentication. No tracking, analytics, or third-party cookies.
9. Security
- Passwords: bcrypt with cost factor 12
- Database: encrypted at rest (Railway managed Postgres)
- Video access: signed proxy stream, never public links
- TLS for all traffic
10. Changes
We may update this policy. Material changes will be notified via email.
Contact: serhat@afterfaang.com Türkçe sürüm: /kvkk