KVKK (Personal Data Protection) Notice
Last Updated: February 14, 2026
Data Controller
Data controller under Law No. 6698 on the Protection of Personal Data ("KVKK"): AxelVira Teknoloji A.Ş. Mersis No: 0099141030300001 Address: Adalet Mah. Manas Blv. No:47/B Folkart Plaza D:3509 Bayraklı/İZMİR, Turkey Email: contact@lexvira.com This notice has been prepared pursuant to Article 10 of KVKK and the Communiqué on Procedures and Principles to be Observed in Fulfilling the Obligation to Inform.
1. Personal Data Processed
The following categories of personal data are processed: a) Identity Information: Name, surname b) Contact Information: Email address c) Professional Information: Bar registration number, bar association d) Customer Transaction Information: Platform usage data, search queries, uploaded documents, generated petitions, analyzed contracts e) Transaction Security Information: IP address, session information, log records f) Marketing Information: Language preference, subscription package information
2. Purposes of Personal Data Processing
Your personal data is processed based on the legal grounds specified in Article 5 of KVKK for the following purposes: a) Performance of contract (Art. 5/2-c): - Creation and management of Platform membership account - Provision of AI-powered legal research service - Contract analysis, petition generation, document management services - Subscription and billing transactions b) Legal obligation (Art. 5/2-ç): - Compliance with legal regulations - Providing information to authorized institutions - Audit and reporting obligations c) Legitimate interest (Art. 5/2-f): - Ensuring Platform security - Improving service quality - Statistical analysis (with anonymized data) - Technical issue detection and resolution
3. Transfer of Personal Data
Your personal data may be transferred to the following recipient groups: Domestic Transfer: - Authorized public institutions and organizations when legally required - Hosting and server service providers (Turkey-based) International Transfer: - AI service providers (Anthropic, OpenAI) — Only search queries are transferred, personal data is masked with PII filter - Transfer is carried out in accordance with the conditions specified in KVKK Art. 9 IMPORTANT: The Platform prevents personal data from leaking into AI queries with its 4-layer security system. Layer K2 (PII/KVKK Filter) automatically detects and masks ID numbers, IBANs, phone numbers, and other personal data.
4. Method and Legal Basis of Data Collection
Your personal data is collected through the following methods: - Registration forms on the Platform (non-automatic means) - During Platform use (automatic means — cookies, log records) - Email correspondence Legal bases: KVKK Art. 5/2-c (performance of contract), Art. 5/2-ç (legal obligation), Art. 5/2-f (legitimate interest)
5. Data Retention Periods
- Account information: While account is active + 6 months after account closure - Usage data: 2 years - Log and security records: 2 years (pursuant to Law No. 5651) - Invoice and payment information: 10 years (pursuant to Tax Procedure Law) - Support correspondence: 3 years Data whose retention period has expired is deleted or anonymized during the periodic destruction process.
6. Data Security Measures
Technical and administrative measures taken under KVKK Art. 12: Technical Measures: - SSL/TLS encryption - Database access encryption - Firewall and DDoS protection - Password hashing with bcrypt algorithm - Rate limiting and brute-force protection - Regular security updates - Automatic backups Administrative Measures: - Access authorization matrix (RBAC) - Audit log - Data processing inventory - Privacy policies - Periodic audits
7. Rights of Data Subjects
Under KVKK Art. 11, you have the following rights: a) To learn whether your personal data is processed b) To request information about processing if your personal data has been processed c) To learn the purpose of processing and whether data is used accordingly d) To know third parties to whom your personal data is transferred domestically or abroad e) To request correction if your personal data is processed incompletely or incorrectly f) To request deletion or destruction of your personal data under KVKK Art. 7 g) To request notification of operations under (e) and (f) to third parties to whom your data has been transferred h) To object to results arising from exclusively automated analysis of your data i) To claim compensation for damages caused by unlawful processing of your personal data
8. Application Method
You may apply through the following methods to exercise your rights: Email: contact@lexvira.com Subject: "KVKK Application" Mail: AxelVira Teknoloji A.Ş. Adalet Mah. Manas Blv. No:47/B Folkart Plaza D:3509 Bayraklı/İZMİR, Turkey Your application must include: - Name, surname, and signature (for postal applications) - Turkish ID number (passport number for foreigners) - Address or email for notification - Subject of request Applications are concluded free of charge within 30 days at the latest. If the transaction requires additional cost, the tariff determined by the Personal Data Protection Board applies. If your application is rejected, the response is found insufficient, or no response is given within the time limit, you may file a complaint with the Personal Data Protection Board within 30 days from learning the response and in any case within 60 days from the application date.