Privacy Policy

DenkLabs ("we", "us", "our") is the data controller responsible for your personal data. You can reach us at [email protected] for any data-related requests.

Account data: email address, display name, and hashed password when you create an account.

Payment data: billing information processed by our payment provider (iyzico for Turkey, Lemon Squeezy for international). We do not store full credit card numbers.

Usage data: transcription counts, feature usage metrics, and subscription status required to enforce plan limits and improve the product.

Device data: a random device identifier, operating system, and app version for multi-device management and crash diagnostics.

Text data: the text you select for transcription is sent to our API for processing. Transcribed text is not permanently stored on our servers after the response is delivered, except for cached IPA results to improve response speed.

We process your data for the following purposes and legal bases under KVKK (Law No. 6698) and GDPR:

(a) Contract performance: providing the transcription service, managing your account, and processing payments.

(b) Legitimate interest: improving the product, preventing abuse, and ensuring service security.

(c) Legal obligation: retaining billing records as required by Turkish Commercial Code and tax regulations.

(d) Consent: sending marketing emails (only with your explicit opt-in, which you can withdraw at any time).

Account data is retained while your account is active and for 30 days after deletion to allow recovery.

Billing records are retained for the legally required period (10 years under Turkish Commercial Code).

Usage metrics are retained in aggregated, anonymized form indefinitely for product analytics.

Cached IPA transcription results do not contain personally identifiable information.

We share data only with service providers necessary to operate IPAtics: Supabase (database hosting, EU region), Cloudflare (CDN and audio cache), Google Cloud (text-to-speech), OpenAI (IPA transcription AI), iyzico (payment processing, Turkey), and Lemon Squeezy (international payments).

For transfers outside Turkey, we rely on standard contractual clauses or equivalent safeguards as required by KVKK Article 9.

We do not sell your personal data to third parties.

Under KVKK Article 11 and GDPR Articles 15–22, you have the right to:

(a) Learn whether your personal data is being processed.

(b) Request information about how your data is processed.

(c) Learn the purpose of processing and whether data is used in accordance with that purpose.

(d) Know the third parties to whom your data has been transferred.

(e) Request correction of incomplete or inaccurate data.

(f) Request deletion or destruction of your data (subject to legal retention requirements).

(g) Object to automated processing that produces a negative result concerning you.

(h) Request compensation for damages arising from unlawful processing.

To exercise these rights, email [email protected] or use the "Delete Account" and "Export Data" features in the app. We will respond within 30 days.

The IPAtics website uses essential cookies for authentication and session management. We use PostHog for anonymous product analytics (opt-out available in Settings).

The desktop application does not use cookies. It stores authentication tokens securely using OS-level encrypted storage (macOS Keychain / Windows Credential Manager).

We implement industry-standard security measures including HTTPS encryption, hashed passwords, encrypted token storage, IP-whitelisted payment webhooks with HMAC signature validation, and Content Security Policy headers.

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify active users via email for material changes.

Data Controller: DenkLabs

Email: [email protected]

For KVKK-specific requests, you may also submit a written application using the form prescribed by the Personal Data Protection Board.