Privacy Policy

Last Updated: May 18, 2026

1. Data Controller

Tengra Teknoloji ("Tengra Akademi") is the data controller responsible for processing your personal data. You can reach us at info@tengrateknoloji.com for any privacy-related inquiries.

2. Data We Collect

We collect the following categories of personal data: (a) Identity data — full name, date of birth, national ID number (where required by law for invoicing); (b) Contact data — email address, phone number, postal address; (c) Account data — username, password hash, profile photo; (d) Transaction data — course purchases, payment method details (processed by our payment provider), invoices; (e) Usage data — pages visited, courses accessed, lesson progress, session duration, device and browser information, IP address; (f) Communication data — support tickets, chatbot interactions, feedback forms.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under KVKK (Law No. 6698) and the GDPR where applicable: (a) Performance of a contract — to deliver courses you purchase and manage your account; (b) Legal obligation — to comply with tax, accounting, and electronic commerce regulations; (c) Legitimate interest — to improve our services, ensure platform security, and prevent fraud; (d) Explicit consent — for marketing communications, analytics cookies, and profiling for personalized recommendations. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

Your personal data is used for: (a) providing and personalizing the learning experience; (b) processing payments and issuing invoices; (c) communicating account-related updates, course reminders, and support responses; (d) analyzing usage patterns to improve content quality and platform performance (see our Cookie Policy for details on technologies used); (e) complying with legal and regulatory obligations; (f) sending promotional communications (only with your explicit consent).

5. Data Sharing & Recipients

We share your data only in the following circumstances: (a) Payment processors — to complete your transactions securely; (b) Cloud infrastructure providers — for hosting and data storage; (c) Analytics providers — in anonymized or pseudonymized form; (d) Instructors/coaches — limited course enrollment and progress data necessary for delivering their educational services; (e) Legal authorities — when required by law, court order, or regulatory obligation. We do not sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside of Turkey for cloud hosting and service delivery. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the Turkish Personal Data Protection Authority (KVKK Board) and, where applicable, the European Commission.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After account deletion, we retain certain data as required by Turkish commercial and tax law (minimum 10 years for financial records). Usage data collected for analytics purposes is anonymized after 24 months. You may request earlier deletion of non-mandatory data at any time.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and incident response procedures. In the event of a data breach that poses a risk to your rights, we will notify the KVKK Board and affected individuals without undue delay as required by law.

9. Your Rights

Under KVKK Article 11 and, where applicable, GDPR Articles 15–22, you have the right to: (a) learn whether your data is being processed; (b) request information about your data processing; (c) learn the purpose of processing and whether data is used accordingly; (d) know any third parties to whom your data has been transferred; (e) request correction of incomplete or inaccurate data; (f) request deletion or destruction of your data when the legal basis for processing ceases; (g) object to automated decision-making and profiling; (h) claim compensation for damages arising from unlawful processing. To exercise your rights, contact us at info@tengrateknoloji.com or use the data request form in your account settings.

10. Children's Privacy

Our platform is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. For users aged 13–18, parental or guardian consent is required for account creation. If you believe a child under 13 has provided us with personal data, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform at least 30 days before taking effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.