Cliniclists
LoginRegister

Privacy Policy

Last updated: 2026-05-11

Cliniclists (“we”, “us”, “our”) respects your privacy. This policy explains what personal data we collect, how we use it, and what rights you have under Turkish Personal Data Protection Law (KVKK) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

Cliniclists, operating from Turkey. Contact: privacy@cliniclists.com.

2. Information We Collect

  • Account information: Email address, name, password (stored as hash only).
  • Form submissions: Contact form, support tickets, clinic listing requests. Includes name, email, subject, message.
  • Technical data: IP address (temporarily logged for security), browser type, language preference, referrer.
  • Cookies: Essential cookies for authentication (JWT). No third-party analytics or marketing cookies currently set.

3. Legal Basis for Processing (KVKK Art. 5 / GDPR Art. 6)

  • Performance of contract: Account creation, authentication, providing the directory service.
  • Legitimate interest: Site security, fraud prevention, service improvement.
  • Explicit consent: Marketing communications (if opted in), optional analytics (when added).
  • Legal obligation: Responding to lawful authorities, tax records.

4. How We Use Your Data

  • To create and manage your account.
  • To respond to your inquiries and support requests.
  • To improve the directory service and content relevance.
  • To send transactional emails (registration confirmation, password reset, response to your form submissions).
  • To prevent abuse, spam, and unauthorized access.

5. Third-Party Services

We share data only with infrastructure providers strictly necessary for operating the service:

  • Vercel (US): web hosting and CDN.
  • Neon (Frankfurt, EU): database hosting.
  • Gmail SMTP: transactional email delivery.

We do not sell, rent, or transfer your data to advertisers, marketers, or data brokers. Clinic information displayed on Cliniclists is sourced from public Ministry of Health records and Google Maps; we do not share your inquiries with clinics without your initiation.

6. International Transfers

Our database resides in Frankfurt, EU (Neon AWS eu-central-1). Web hosting (Vercel) may transfer data outside the EU. Where data is transferred outside Turkey or the EU, we rely on standard contractual clauses or adequacy decisions.

7. Data Retention

  • Account data: Retained while your account is active and 12 months after deletion request.
  • Form submissions: Retained for 24 months for support history.
  • Server logs (IP, user-agent): Retained for 90 days for security purposes.

8. Your Rights (KVKK Art. 11 / GDPR)

You have the right to:

  • Learn whether your personal data is being processed.
  • Request information about processed data.
  • Learn the purpose of processing and whether data is being used appropriately.
  • Know third parties to whom data has been transferred.
  • Request correction of inaccurate or incomplete data.
  • Request erasure or destruction of data (“right to be forgotten”).
  • Request notification of corrections/deletions to third parties.
  • Object to processing that produces an adverse result through automated means.
  • Request compensation for damages arising from unlawful processing.
  • Withdraw consent at any time (where processing is based on consent).

To exercise any of these rights, email privacy@cliniclists.com with your request. We respond within 30 days as required by KVKK.

9. Cookies

We currently set only essential cookies required for authentication (JWT token). No analytics, advertising, or third-party tracking cookies are placed. If we add optional cookies in the future, you will see a cookie consent banner allowing granular control.

10. Children’s Privacy

Cliniclists is intended for adults aged 18 and over. We do not knowingly collect data from children. If you believe a minor has provided data, contact us for immediate removal.

11. Security

We implement industry-standard security measures: HTTPS-only transport, password hashing (bcrypt), security headers (CSP, HSTS, X-Frame-Options), rate limiting on sensitive endpoints, and quarterly security audits. No system is 100% secure; we cannot guarantee absolute security.

12. Changes to This Policy

We may update this policy. Material changes will be announced via email to registered users 30 days before taking effect. The “Last updated” date at the top reflects the most recent revision.

13. Contact

Privacy inquiries: privacy@cliniclists.com
General contact: hello@cliniclists.com

Veri sorumlusu / Data controller: Cliniclists (Turkey). VERBIS registration pending.

Privacy inquiries

privacy@cliniclists.com

Data controller: Cliniclists (Turkey). VERBIS registration: Pending.

Read our Terms of Service →