When you use the MyPedigre platform, we may collect the following categories of personal data:

We use the data we collect for the following lawful purposes:

• To create, verify and manage your account
• To deliver and improve MyPedigre services
• To create and store your pedigree records
• To manage subscriptions and payments
• To provide technical support and customer service
• To ensure platform security and prevent fraud
• To comply with our legal obligations
• To send service updates and announcements where you have opted in

We apply industry-standard technical and organisational safeguards to keep your data secure:

• SSL/TLS Encryption: All data transmission is encrypted over HTTPS
• Bcrypt Password Hashing: Passwords are stored using a one-way hash algorithm
• Firewall: Our servers are protected by a multi-layered firewall
• Regular Backups: Your data is backed up on a regular schedule
• Session Security: Brute-force protection and session locking mechanisms are active
• Access Control: Only authorised personnel can access your data

Our platform uses various cookies to improve your experience:

• Essential Cookies: Required for session management and security. Cannot be disabled.
• Functional Cookies: Used to remember your preferences (language, theme).
• Analytics Cookies: Help us understand platform performance and usage statistics. (Requires consent)

You can manage cookies from your browser settings and disable optional cookies. Disabling essential cookies may prevent the platform from working properly.

In the following limited cases we may share your data with third parties:

• Service Providers: Business partners providing services such as email delivery, hosting and payment processing (acting as data processors under KVKK)
• Legal Obligations: Pursuant to a court order or a request from a competent authority
• Business Transfers: In the event of a merger or acquisition, data may be transferred under this policy

Under Turkey's Personal Data Protection Law No. 6698 (KVKK) and the GDPR, you have the following rights:

• Right to Information: To learn whether your personal data is being processed
• Right of Access: To request access to data being processed
• Right to Rectification: To request correction of inaccurate or incomplete data
• Right to Erasure: To request deletion or destruction of your data
• Right to Object: To object to decisions made against you by automated systems
• Right to Data Portability: To receive your data in a structured format
• Right to Restrict Processing: To request restriction of processing under certain conditions

We retain your personal data only for as long as necessary:

• Account Data: For the lifetime of your account + 3 years
• Transaction Records: Payment and subscription records kept for 10 years (legal requirement)
• Session Logs: 90 days
• Support Tickets: 2 years after closure
• Marketing Consent: Until consent is withdrawn

Data whose retention period has expired is securely destroyed or anonymised.

We may update this privacy policy from time to time. When material changes are made:

• We publish a visible notice on the platform
• We send a notification to your registered email address
• We update the "Last updated" date at the top of the page

Continuing to use the platform after changes means you accept the updated policy.