Privacy Policy

At Ayarla ("the Company," "we," "our"), we place great importance on the privacy of our users and their customers. This Privacy Policy describes our practices regarding the collection, processing, and storage of personal data through the ayarla.app platform and related WhatsApp services.

By using our platform, you agree to the data processing practices described in this policy.

We collect the following data to provide our services:

Collected data is used for the following purposes:

• Providing automatic appointment booking and management services via WhatsApp
• Sending appointment confirmation, cancellation, and reminder notifications
• Enabling salon management dashboard functions
• Providing customer support services
• Ensuring platform security and performance
• Fulfilling legal obligations
• Improving service quality and conducting analysis

The security of your data is our priority:

• Encryption: All sensitive data (including Meta access tokens) is encrypted with AES-256-GCM algorithm
• Password Security: User passwords are hashed with bcrypt and never stored in plain text
• Communication Security: All data transfers are protected with SSL/TLS encryption
• Database Security: Data is stored in a PostgreSQL database with access controls and backups
• Multi-Tenant Isolation: Each salon's data is completely isolated from other salons
• JWT Authentication: API access is protected with secure token-based authentication

We do not share your personal data with third parties except in the following cases:

• Meta (WhatsApp): For messaging services through the WhatsApp Business API
• Supabase: For database hosting services
• Paddle: For payment processing (salon owners only)
• Legal Requirement: With authorized authorities when required by law
• We never sell or rent your data to third parties for advertising purposes.

Under the Turkish Personal Data Protection Law No. 6698 ("KVKK"), you have the following rights:

• To learn whether your personal data is being processed
• To request information regarding the processing of your personal data
• To learn the purpose of processing your personal data and whether it is used in accordance with its purpose
• To know the third parties to whom your personal data has been transferred, domestically or abroad
• To request the correction of your personal data if it has been processed incompletely or incorrectly
• To request the deletion or destruction of your personal data under the conditions set forth in Article 7 of KVKK
• To claim compensation for damages arising from the unlawful processing of your personal data

Our platform uses cookies for session management and to improve user experience. Types of cookies used:

• Essential Cookies: Required for platform functionality (session token)
• Analytics Cookies: Used to analyze platform usage
• You can manage or disable cookies through your browser settings.

As part of our services, your data may be processed outside of Turkey through the servers of our infrastructure providers. These transfers are carried out with the necessary security measures in accordance with KVKK and relevant legislation.

Your personal data is retained for as long as required by the purpose of processing. When you delete your account or terminate your subscription, your data will be deleted within a reasonable period in accordance with legal retention obligations.

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from individuals under the age of 18.

We may update this Privacy Policy from time to time. When significant changes are made, we will provide notification through our platform. We recommend reviewing the updated policy regularly.

If you have questions about our privacy policy or your personal data, you can reach us at:

• Email: hello@ayarla.app
• Platform: ayarla.app