Compliance
Harmonity is built for controlled contract work. This page summarizes how we support common compliance expectations for procurement and legal teams, and points you to the documents you typically need during a security/privacy review.
1. How to use this page (procurement-friendly)
This is a high-level overview. Contractual and detailed terms live in:
- Privacy Policy
- Data Processing Addendum (DPA)
- Subprocessors
- Security and Reliability pages (operational posture and customer communication)
If anything here conflicts with your signed agreement, the signed Order Form and governing agreements control.
2. Privacy compliance foundations (GDPR + KVKK)
Harmonity is designed to support compliance with GDPR (EU General Data Protection Regulation) and KVKK (Türkiye’s Law on the Protection of Personal Data).
Roles (typical B2B SaaS setup)
In most customer deployments:
- ●Customer = Data Controller
- ●Harmonity = Data Processor
This is defined contractually in the DPA. If your organization requires a different allocation for specific workflows, we can review it during procurement.
Key principles we support
- Purpose limitation: data is processed to provide and operate the service
- Access control: permissioned access and scoped visibility
- Security measures: encryption, monitoring, and auditability (high-level)
- Retention and deletion: defined retention behavior (see Privacy Policy)
- Vendor transparency: subprocessors are listed and governed (see Subprocessors page)
3. Turkish-law specifics (KVKK documentation set)
For Türkiye-focused compliance needs, we provide (or will provide) the following legal documents:
A) KVKK Overview (plain-language)
A procurement-friendly explanation of:
- ●How personal data is handled in the platform
- ●Typical controller/processor allocation
- ●Data subject rights and how requests are handled
B) Aydınlatma Metni (KVKK notice)
A formal notice document that describes:
- ●Data categories processed
- ●Purposes and legal basis under KVKK
- ●Retention periods
- ●Transfer/disclosure categories
- ●Rights of the data subject and how to exercise them
C) KVKK Başvuru Formu
A structured request form for:
- ●Access, correction, deletion, objection, and other KVKK rights requests
- ●Identity verification steps (as required)
- ●Response timelines and communication channel
These KVKK pages are typically published in Turkish to match regulatory expectations. Your Privacy Policy may remain in English for global consistency, while the KVKK notices are localized.
4. International transfers and vendor management
Where customers or vendors are located outside Türkiye / EU/EEA, cross-border data processing may occur. Our approach is:
- Use vetted vendors for necessary service operations
- Apply contractual protections via the DPA
- Publish a vendor list via Subprocessors
- Share additional details during procurement through the security package
Exact transfer mechanisms and regional processing details are reflected in the DPA/Subprocessors pages.
5. Operational compliance: auditability and governance
Harmonity supports internal compliance and governance requirements through:
- Attributable actions: key events are timestamped and linked to actors
- Audit-ready history: supports review trails for contract workflows
- Permission-aware boundaries: consistent access rules across product features (including AI)
- Controlled AI posture: AI outputs are reviewable; workflows preserve durable decision records
See Trust Center → Security and Trust Center → AI & Data Governance for details.
6. Reliability and continuity expectations
Contracts move on deadlines. Harmonity is operated with:
- Monitoring and operational alerting
- Backup and recovery approach (high-level)
- Incident response and customer communication expectations
- Planned maintenance communication approach
7. Compliance resources index
Trust Center
Legal
8. Contact
For compliance, privacy, or procurement requests:
Subject suggestion: “Compliance / GDPR / KVKK / Procurement”
9. Change log
| Date | Change |
|---|---|
| February 1, 2026 | Initial publication |