Back to Home

Privacy Policy

Last Updated: January 21, 2026

ℹ️ Note: This privacy policy is compliant with GDPR (General Data Protection Regulation) and Turkey's KVKK (Personal Data Protection Law No. 6698).

1. Introduction

At cvpark ("we", "us", "our", or "Platform"), we greatly value your privacy. This Privacy Policy explains in detail how your personal information is collected, used, stored, and protected when you use our services.

Data Controller: Yazılımsallık

2. Personal Data We Collect

When you use our platform, we collect the following personal data:

2.1. Account and Identity Information

  • Username: For account creation and authentication
  • Email Address: For communication, notifications, and password reset
  • Password: For account security (stored hashed with bcrypt)
  • Full Name: For profile display (optional)

2.2. Profile and CV Information

  • Job Title: Professional identity
  • Biography: Personal introduction text
  • Skills: Professional competencies
  • Work Experience: Employment history (role, company, date, description)
  • Education: Academic background
  • Projects: Portfolio content (project name, link, description)
  • Social Media Links: LinkedIn, Twitter, GitHub, etc.
  • Profile Picture: Avatar image
  • Custom URL (Slug): Personalized profile address

2.3. Technical and Usage Data

  • IP Address: For security and rate limiting
  • Browser Information: User experience optimization
  • Device Information: Responsive design and compatibility
  • Session Information: Authentication and security
  • Cookies: Preferences and session management (see Cookie Policy)
  • Log Records: System security and error detection

3. How We Collect Data

  • Through registration forms (with your explicit consent)
  • From profile editing page (with your explicit consent)
  • Via contact forms
  • Automated systems (cookies, log files)
  • Through email communication

4. Purposes of Data Use

We use your personal data for the following purposes:

4.1. Service Provision

  • Account creation and management
  • CV/profile creation and display
  • User authentication
  • Profile URL customization

4.2. Communication and Notifications

  • Password reset emails
  • Account security notifications
  • Service updates (important changes)
  • Support requests

4.3. Security and Protection

  • Fraud and spam prevention
  • Account security
  • Abuse detection
  • Legal compliance

4.4. Platform Improvement

  • User experience analysis
  • Service quality enhancement
  • Error detection and correction
  • Performance optimization

5. Data Sharing and Transfer

5.1. Third-Party Service Providers

We may share your data with the following third-party services:

  • Google reCAPTCHA: For bot and spam protection (subject to Google's privacy policy)
  • Email Service Providers: To send notification emails
  • Hosting Service: Website hosting and database management

5.2. Legal Requirements

We may be required to share your data in the following situations:

  • Legal obligations (court order, subpoena)
  • Public safety or national security requirements
  • To protect our rights and property
  • To ensure user safety

5.3. Data Transfer Security

All data transfers are made through encrypted channels (HTTPS/SSL).

6. Data Retention Period

  • Active Accounts: All data is retained while your account is active
  • Account Deletion: All data is deleted within 30 days after account deletion
  • Backup Systems: Complete deletion from backup systems may take up to 90 days
  • Log Records: Retained for 1 year for security purposes
  • Legal Requirements: May be retained longer according to legal requirements

7. Data Security

We implement the following security measures to protect your personal data:

7.1. Technical Measures

  • Password hashing with bcrypt algorithm
  • HTTPS/SSL encryption
  • CSRF (Cross-Site Request Forgery) protection
  • XSS (Cross-Site Scripting) protection
  • SQL Injection protection (Prepared Statements)
  • Rate limiting (Brute-force attack protection)
  • Security headers (X-Frame-Options, X-XSS-Protection, etc.)

7.2. Administrative Measures

  • Limited access authorization
  • Regular security updates
  • Security incident response plan
  • Staff training

8. Your Rights

Under GDPR and KVKK, you have the following rights:

  • Right of Access: Learn what data is being processed
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data
  • Right to Object: Object to data processing
  • Right to Data Portability: Transfer your data to another platform
  • Right to Restriction: Request restriction of processing
  • Right to Automated Decision-Making: Object to automated profiling

To exercise these rights, please email info@yazilimsallik.com. Your request will be answered within 30 days.

9. Children's Privacy

Our platform is not intended for users under 18 years of age. We do not knowingly collect data from children under 18. If you are a parent or guardian and discover that your child has shared information, please contact us.

10. Cookies and Tracking Technologies

Our platform uses various cookies. For detailed information about our cookie usage, please see our Cookie Policy.

11. International Data Transfers

Some of our service providers (e.g., Google) are located in the USA. When your data is transferred internationally, we ensure the protection standards required by GDPR and KVKK are maintained.

12. Privacy Policy Changes

We may update this privacy policy from time to time. We will notify you by email of significant changes. The last update date is indicated at the top of the page.

13. Contact

For questions about our privacy policy or data processing practices:

  • Data Controller: Yazılımsallık
  • Email: info@yazilimsallik.com
  • Platform: cvpark

14. Related Policies

For more information, please review our other policies: