LegalX Yapay Zeka Teknolojileri A.Ş. ("Harmonity", "we", "us")
APY Tekmer, Ataşehir Bulvarı, Atatürk, Ertuğrul Gazi Sk. D:2 Blok No:13, 34758 Ataşehir/İstanbul, Türkiye
This Privacy Policy explains how we collect, use, share, and protect Personal Data. By using our websites and services, you acknowledge our data practices as described here.
| The Legal Text | In Plain English |
|---|---|
| 1.1 Scope. This Privacy Policy explains how we collect and use Personal Data relating to (i) visitors to our websites and digital properties, (ii) our business contacts (including prospects, customer contacts, and partners), and (iii) individuals whose Personal Data is processed in connection with our services, where we act as a processor on behalf of our customers. | This policy covers website visitors + business contacts. If you use Harmonity through your employer/customer account, they control most of the data and we process it for them. |
| 1.2 Personal Data. "Personal Data" means any information relating to an identified or identifiable natural person, directly or indirectly (e.g., name, business email, phone number, IP address, device identifiers). | "Personal Data" is info that can identify you directly or indirectly. |
| 1.3 Applicable law. We process Personal Data in accordance with applicable privacy laws, including the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK"). Where the GDPR or UK GDPR applies, we also comply with those requirements for the relevant processing. | We follow KVKK. If GDPR/UK GDPR applies for some activities, we follow those too. |
| The Legal Text | In Plain English |
|---|---|
| 2.1 Controller activities. For the processing described in Sections 3 and 4 (website, marketing, sales, business relationship management), we act as the data controller. | For website + sales/marketing + relationship management, we decide how/why data is used. |
| 2.2 Processor activities. When customers use Harmonity and upload or process content (including contracts and related personal data) within the service, we generally act as a data processor on behalf of the customer (the controller). | If you use Harmonity through your company, your company usually controls that data; we process it to provide the service. |
| 2.3 Customer instructions. Where we act as a processor, we process Personal Data only on the customer's documented instructions and as set out in our Data Processing Agreement ("DPA"). | For customer data, we follow the customer's instructions and the DPA. |
| The Legal Text | In Plain English |
|---|---|
| 3.1 Sources. We collect Personal Data: (i) directly from you (forms, emails, calls, meetings); (ii) from your organization (admins, billing contacts, invitations); (iii) automatically (cookies, logs, device data, usage data); (iv) from integrations you enable; and (v) from partners (where permitted). | We get data from you, your company, your device/browser, integrations, and sometimes partners. |
| 3.2 External platforms. If you interact with our pages on third-party platforms (e.g., social networks), we may receive Personal Data such as your profile information and messages/comments you choose to share. | If you comment/message us on social media, we may process that info. |
| The Legal Text | In Plain English |
|---|---|
| 4.1 Website functionality and analytics. We process technical data (e.g., IP address, device/browser info, logs, cookie identifiers, page interactions) to operate, secure, and improve our websites, and to understand how visitors interact with them. Legal basis: legitimate interests (and consent for non-essential cookies where required). | We use basic technical info to run and protect the site, and (where allowed) to learn what's working. Non-essential cookies require consent where required. |
| 4.2 Contact and demo requests. If you submit a contact form or request a demo, we process identifiers and professional info (e.g., name, business email, phone, company, role) and the content of your message to respond and manage the request. Legal basis: legitimate interests and/or steps prior to entering into a contract. | If you ask for a demo/help, we use your contact info to respond. |
| 4.3 Marketing communications. We may send business communications about our services. Legal basis: legitimate interests or consent where required; you may opt out at any time. | We may email you about Harmonity; you can unsubscribe. |
| The Legal Text | In Plain English |
|---|---|
| 4.4 Relationship management. We process business contact data (name, business email, phone, company, title, notes of interactions) to establish, administer, and maintain our business relationship. Legal basis: legitimate interests and/or contract. | We keep basic contact + relationship notes to manage our business relationship. |
| 4.5 Account, billing, and compliance. We process billing and transactional data, and limited identity/verification information where necessary, to manage subscriptions, invoices, payments, and to meet legal obligations (e.g., accounting, tax). Legal basis: contract and legal obligation. | We process billing/payment data and keep records required by law. |
| 4.6 Recorded sales/support meetings and calls. We may record online meetings or calls with customer/prospect representatives with notice, for internal note-taking, training, quality assurance, and to improve customer support and service delivery. Legal basis: legitimate interests (and consent where required by law). You may object to such recordings as described in Section 9. | Sometimes we record calls/meetings (we'll tell you). It helps us take notes, train, and improve support. You can object. |
| The Legal Text | In Plain English |
|---|---|
| 4.7 Customer content and service operation. When acting as a processor, we process personal data contained in customer content (e.g., contracts, counterparties, signatories, email threads) and service metadata (user IDs, audit logs) to provide, secure, and maintain the service. Legal basis: as determined by the customer (controller); we rely on our contract/DPA with the customer. | We handle contract-related personal data inside the product so the product works for the customer. |
| 4.8 No training on customer content. We do not use customer content (including contracts and related personal data) to train general-purpose AI models for the benefit of other customers. | We don't train "public/general" AI on your private contracts. |
| The Legal Text | In Plain English |
|---|---|
| 7.1 Cross-border transfers. Personal Data may be processed in Türkiye and may be transferred to other countries depending on our vendors and customer configurations. Where required, we implement appropriate legal and technical safeguards for cross-border transfers. | Data might be processed outside Türkiye depending on vendors; we use safeguards when needed. |
| 7.2 External platforms. If you interact with us on third-party platforms, those platforms may process data outside your country under their own terms. | Social platforms may store/process data globally. |
| The Legal Text | In Plain English |
|---|---|
| 8.1 Security measures. We use reasonable administrative, technical, and organizational measures designed to protect Personal Data (e.g., access controls, logging, encryption in transit where applicable). | We take standard security precautions to protect data. |
| 8.2 No absolute security. No method of transmission or storage is 100% secure. | We work hard on security, but nobody can guarantee perfection. |
| The Legal Text | In Plain English |
|---|---|
| 9.1 General rule. We retain Personal Data only as long as necessary for the purposes described, unless a longer period is required by law or needed to establish, exercise, or defend legal claims. | We keep data only as long as needed (or as required by law). |
| 9.2 Website support enquiries. Personal Data processed for customer service enquiries via website forms or email is retained for up to 365 days. | Support inquiries: up to 1 year. |
| 9.3 Demo requests. Personal Data processed for demo requests is retained for up to 365 days. | Demo requests: up to 1 year. |
| 9.4 External platforms. Messages/comments/reactions on external platforms are retained until you delete them (or we remove them if necessary for legal compliance or platform moderation). | Social comments stay until deleted (or removed if needed). |
| 9.5 Sales/support call recordings. Recordings of online meetings/calls are retained only as long as necessary for the stated purposes, and for a maximum of 365 days. | Call recordings: up to 1 year. |
| 9.6 B2B relations. We process Personal Data about business contacts for as long as we have an active business relationship and thereafter for up to 365 days (or earlier if you are replaced as a contact person or request deletion where applicable), except where longer retention is required by law (e.g., tax/accounting). | Business contacts: during relationship + up to 1 year after. |
| 9.7 Customer service data in the product. When we act as processor, retention for customer content is governed by the customer's instructions and our DPA/contract. Certain metadata (e.g., security logs) may be retained for limited periods for security and compliance. | For in-product customer data, the customer decides retention (via DPA). |
| The Legal Text | In Plain English |
|---|---|
| 10.1 KVKK rights. Subject to applicable law, you may have rights including: to learn whether Personal Data is processed; request information; request correction; request deletion or anonymization under conditions; object to unlawful processing; and request compensation for damages where permitted by law. | KVKK gives you rights like access, correction, deletion (when applicable), and objection. |
| 10.2 GDPR/UK GDPR rights (where applicable). Where GDPR/UK GDPR applies, you may have additional rights (access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where relevant), and the right to lodge a complaint with a supervisory authority. | In some cases (EU/UK), you may have extra rights and can complain to an authority. |
| 10.3 Exercising rights. To exercise your rights, contact us at support@harmonity.ai with the subject "Privacy". We may request verification to protect you and others. | Email us with "Privacy" in the subject and we'll handle it. |
| 10.4 Processor requests. If your Personal Data is processed in the service under a customer account (e.g., your employer), please direct requests to the relevant customer (controller). We will assist the customer as required under our DPA. | If your employer controls the account, ask them first; we support them via the DPA. |
| 10.5 Objection to recordings. You may object to recorded meetings/calls. If you object, we will offer a reasonable alternative (e.g., proceeding without recording) where feasible. | If you don't want recording, tell us; we'll try to proceed without it. |
| The Legal Text | In Plain English |
|---|---|
| 11.1 Not directed to minors. Our websites and services are not intended for individuals under 18, and we do not knowingly collect Personal Data from individuals under 18. If you believe a minor has provided Personal Data, contact us to request deletion. | Not for under 18. If it happens, tell us and we'll delete it. |
| The Legal Text | In Plain English |
|---|---|
| 12.1 Updates. We may update this Privacy Policy from time to time. The "Last Updated" date above indicates when it was most recently revised. For material changes, we will provide notice as appropriate (e.g., on our website). | If we change it, we'll update the date and notify when changes are significant. |
| The Legal Text | In Plain English |
|---|---|
| 13.1 Contact. Questions or requests: support@harmonity.ai (Subject: "Privacy"). | Email us for anything privacy-related. |
| 13.2 Complaints. Where applicable, you may lodge a complaint with the relevant supervisory authority, including the Turkish Personal Data Protection Authority (KVKK Authority). | You can also complain to the data protection authority if needed. |