Back to home

Privacy Policy

Last updated: May 23, 2026

1. Introduction

Webstree ("we", "our", "platform") values your privacy. This Privacy Policy explains what personal data we collect when you use the Webstree platform, how we use it, with whom we share it, and what your rights are. This policy complies with the Turkish Personal Data Protection Law (KVKK) and the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following personal data to provide our service:

  • Account information: name, email address, phone number, and profile details
  • Usage data: content you create, messages, files, and in-platform interactions
  • Communication data: messages exchanged with us or other users
  • Authentication data: session tokens, IP address, device information, and browser details
  • Push notification preferences: device tokens you provide to receive notifications (FCM, APNs, Web Push)

3. How We Use Your Information

  • To provide the platform to you and operate its features
  • To secure your account and verify your identity
  • To send you important notifications, reminders, and system messages
  • To improve the platform, fix bugs, and develop new features
  • To enforce our terms of use and prevent abuse

4. Cookies

The platform uses essential cookies for session management, user preferences, and security. Cookies can be managed through your browser settings; however, disabling cookies may cause some features to stop working. We do not use third-party advertising or tracking cookies.

5. Data Sharing

We do not sell or rent your personal data to third parties. Your data may only be shared in the following cases:

  • AI providers: when using AI features, your queries are processed on our own hosting infrastructure. We prioritize local AI models and commit to not sending data to external providers
  • Legal obligations: with competent authorities when required by court order or legal mandate
  • Service providers: payment processors (Stripe), email infrastructure, and cloud hosting services under contractual agreements; these providers only access data necessary to provide their services

6. Data Security

We apply industry-standard security measures to protect your data:

  • All connections are encrypted with TLS 1.3
  • Passwords are hashed with the bcrypt algorithm; never stored in plain text
  • Session cookies are protected with HttpOnly, Secure, and SameSite=Lax flags
  • Access to personal data is restricted to authorized personnel and audited

7. Data Retention

Your personal data is retained as long as we provide our service to you or as required by our legal retention obligations. When you delete your account, your data is removed from our systems within 30 days or anonymized; backups are purged at the end of their rotation cycle (no later than 90 days). Records subject to legal retention requirements (billing, tax, etc.) are kept for the duration mandated by applicable regulations.

8. Your Rights

Under KVKK and GDPR, you have the following rights:

  • Right to access your data and learn what data we hold about you
  • Right to request correction of inaccurate or incomplete data
  • Right to request deletion of your data ("right to be forgotten")
  • Right to withdraw consent and object to data processing
  • Right to receive your data in a machine-readable format (data portability)

9. Children's Privacy

Webstree is not directed to users under the age of 16. We do not knowingly collect data from individuals under 16. If you become aware that your child has shared data with us, please contact us and the relevant data will be deleted immediately.

10. Policy Changes

This Privacy Policy may be updated from time to time. We will notify you of significant changes via email or within the platform. The current version of the policy is always available on this page; the "last updated" date is indicated at the top.

11. Contact

For questions about this Privacy Policy or your data, you can contact us via our contact page.