Privacy Policy (GDPR and KVKK)

Arkyra acts as a data controller for personal data processed through its website, account, billing, and support operations, in accordance with the EU General Data Protection Regulation (GDPR) and Turkish Law No. 6698 on the Protection of Personal Data (KVKK).

This policy applies to personal data processed in relation to Arkyra digital services, communications, licensing flows, and related business operations.

Arkyra products are designed around a local-first processing model: project files and design content are processed on the user's own workstation by default and are not uploaded to Arkyra cloud systems unless the user explicitly initiates such transfer (for example, support submission).

Where users voluntarily share files for technical support, Arkyra processes only what is necessary for troubleshooting, under confidentiality and retention controls.

Arkyra may process identity and contact data, account and license metadata, billing records, support correspondence, and limited technical diagnostics. Sensitive personal data should not be submitted unless expressly required and lawfully handled.

Processing is based on GDPR Article 6 legal grounds and KVKK Article 5 conditions, including contract performance, legal obligations, legitimate interests, and consent where required.

Arkyra may engage vetted processors (for example, payment, communication, and infrastructure providers) under written data processing agreements that impose confidentiality, security, and lawful processing obligations.

Where cross-border data transfer is required, Arkyra applies legally recognized transfer mechanisms (such as adequacy decisions, contractual safeguards, or equivalent lawful instruments under GDPR and KVKK).

Personal data is retained only for as long as necessary to fulfill contractual, legal, accounting, and security obligations. Data is then deleted, anonymized, or irreversibly archived in line with documented retention schedules.

Arkyra applies technical and organizational measures appropriate to risk, including access controls, secure transmission, limited retention, and incident response procedures.

Subject to legal conditions, you may request access, rectification, deletion, restriction, objection, portability, and information on processing activities. Under KVKK, you may also exercise rights listed under Article 11.

Arkyra may request reasonable identity verification before acting on requests, to protect account and data security.

For privacy requests or complaints, contact Arkyra's privacy contact point at privacy@arkyra3d.com. General support requests may also be sent to support@arkyra3d.com.

If you are in the EU/EEA, you may lodge a complaint with your competent supervisory authority. If you are in Turkiye, you may apply to the Personal Data Protection Authority (KVKK Kurumu) in accordance with applicable law.

Arkyra may update this policy to reflect legal, technical, or operational changes. Material changes will be published with an updated effective date.

Continued use after publication signifies acknowledgement of the revised policy, to the extent permitted by law.