How Harmonity approaches compliance with Türkiye’s Personal Data Protection Law.
LegalX Yapay Zeka Teknolojileri A.Ş.
APY Tekmer, Ataşehir Bulvarı, Atatürk, Ertuğrul Gazi Sk. D:2 Blok No:13, 34758 Ataşehir/İstanbul, Türkiye
This page explains how LegalX Yapay Zeka Teknolojileri A.Ş. (“Harmonity”, “we”, “us”) approaches compliance with Türkiye’s Personal Data Protection Law No. 6698 (“KVKK”). It is written to be readable for customers and procurement teams. It does not replace the full KVKK text or official guidance.
| The Legal Text | In Plain English |
|---|---|
| Data Controller (Veri Sorumlusu): LegalX Yapay Zeka Teknolojileri A.Ş. Address: APY Tekmer, Ataşehir Bulvarı, Atatürk, Ertuğrul Gazi Sk. D:2 Blok No:13, 34758 Ataşehir/İstanbul, Türkiye. KVKK contact: support@harmonity.ai | This is the company responsible for KVKK compliance for the processing described on this page. Contact us at support@harmonity.ai for KVKK requests and questions. |
| The Legal Text | In Plain English |
|---|---|
| Controller (Veri Sorumlusu): We act as a controller for personal data processed to operate our website, run sales/support, manage accounts, billing, security, and platform operations (e.g., admin contact data, authentication logs, support communications). Processor (Veri İşleyen): When customers use Harmonity to upload/manage contract documents that may contain personal data (e.g., names, emails, signatures in contracts), we typically process that data on behalf of the customer, and the customer is typically the controller. This is governed by our DPA. | Two roles: For our own business ops, we’re usually the controller. For customer contract content, we usually act like a service provider processing data for the customer under the DPA. |
| The Legal Text | In Plain English |
|---|---|
| Depending on how you interact with Harmonity, we may process categories such as: Identity & contact: name, work email, phone (if provided), company, title/role. Account & authentication: user IDs, login timestamps, workspace membership, access rights. Usage & device data: IP address, device/browser identifiers, event logs, audit records. Sales/support records: tickets, emails, call/meeting notes, chat transcripts (where used), and meeting recordings (where used). Billing & tax: invoicing contact details, payment/admin metadata, tax/VAT information as applicable. Customer content: documents, templates, clause libraries, and metadata—may include personal data depending on the customer’s documents. | In practice, this is business contact data, system logs, support/sales records, and (if you’re a customer user) contract/document content that your organization uploads. |
| The Legal Text | In Plain English |
|---|---|
| We process personal data for purposes such as: Service delivery & security: account provisioning, authentication, access control, audit trails, troubleshooting. Customer support & relationship management: responding to requests, managing tickets, quality review/training for support (including recordings where used). Billing & tax compliance: invoicing and legally required financial records. Reliability & abuse prevention: monitoring, incident response, fraud/abuse detection, security investigations. Website operations: demo requests, website analytics and marketing where enabled by cookie choices. Processing is carried out based on applicable KVKK legal grounds (e.g., necessity for contract/performance, compliance with legal obligations, legitimate interests, and explicit consent where required—especially for certain cookies/marketing and certain cross-border transfer scenarios). | We use data to run the product, keep it secure, support customers, and handle billing and legal obligations. Where KVKK requires consent (for example, certain cookies/marketing), we rely on your preferences. |
| The Legal Text | In Plain English |
|---|---|
| Harmonity includes AI-enabled features (“Harmony AI”). Our AI approach is designed to keep contract work explainable and governed: Permission-aware: AI follows the same access boundaries as users/documents. Evidence-linked outputs: outputs are designed to point back to relevant text for verification. No silent edits: suggestions are shown transparently before changes occur. No training on customer data: we do not use customer contract content to train general AI models for the benefit of other customers (see AI Data Governance). | AI works within your permission rules, shows reviewable suggestions, and is designed to avoid “black box” behavior. |
| The Legal Text | In Plain English |
|---|---|
| Our vendors/subprocessors and infrastructure may process data in Türkiye, the EU/EEA, and sometimes other regions depending on configuration. Where cross-border transfer rules apply, we rely on appropriate KVKK transfer mechanisms (e.g., adequacy decisions or appropriate safeguards such as standardized transfer tools and/or other lawful mechanisms recognized by KVKK). We provide transparency through our Subprocessors page and contractual terms through our DPA. | Sometimes data needs to move across borders to run the service (e.g., infrastructure, support tooling). When that happens, we use KVKK-compliant transfer mechanisms and publish vendor transparency in the Subprocessors list. |
| The Legal Text | In Plain English |
|---|---|
| We use technical and organizational measures appropriate for sensitive contract workflows, including (high-level): Access controls / least privilege. Encryption in transit and at rest (high-level). Audit logs / attributable actions. Monitoring and incident handling processes. See Trust Center → Security for our controls overview. | We focus on permissions, traceability, encryption, and monitoring. The Security page is the fast way to review our controls. |
| The Legal Text | In Plain English |
|---|---|
| We keep personal data only as long as necessary for the purposes described above, unless a longer period is required by law (e.g., accounting/tax). Sales/support records & meeting recordings (where used): up to 365 days (consistent with our operational approach). Customer content & platform data: retention depends on account status, configuration, and contractual terms (see DPA and Terms). | We keep data no longer than needed. Some sales/support records may be retained up to 1 year, and some billing records must be kept longer for legal reasons. |
| The Legal Text | In Plain English |
|---|---|
| KVKK grants “data subject” rights, including the right to request information about processing, request correction/deletion under conditions, and other rights under Article 11. | You can ask what we process, request corrections, and (when conditions are met) request deletion or restriction—plus other KVKK rights. |
| The Legal Text | In Plain English |
|---|---|
| How to submit: Email support@harmonity.ai with the subject “KVKK Request”. Include enough detail for us to verify and process your request (e.g., relationship to the account, relevant workspace, and the nature of the request). Response timeline: We aim to respond as soon as possible and, in line with KVKK practice, no later than 30 days. | Email us at support@harmonity.ai. We’ll respond as quickly as possible and typically within 30 days. |
| The Legal Text | In Plain English |
|---|---|
| If the request is rejected, the response is insufficient, or no response is provided in time, KVKK guidance describes the ability to complain to the Authority within 30 days of learning our response and in any case within 60 days from the application date. | If you’re not satisfied, KVKK provides a path to escalate to the Authority within defined timelines. |
| The Legal Text | In Plain English |
|---|---|
| If personal data is obtained by others through unlawful means, we follow internal incident processes for investigation and response, and we handle notifications where required under applicable guidance and obligations. See Trust Center → Security and Trust Center → Reliability for how we communicate incidents at a high level. | If something goes wrong, we investigate, contain, and communicate appropriately—Security and Reliability explain the process at a high level. |
We may update this page from time to time. The Last Updated date at the top reflects the most recent revision.
Questions about this page? Reach us at: support@harmonity.ai