Privacy Policy
At Yend we put user privacy above everything. This page explains how we process the limited data we collect on our site.
1. Data Controller and Contact
The data controller for this website is Yend. For any privacy questions, requests or applications, reach us at info@yend.app.
2. Data We Collect
We keep your email address when you subscribe to the newsletter; your name, email and message when you use the contact form. For security and basic analytics we may also process technical records such as IP address, browser/device type, pages visited and referring link. In our security logs your IP address is not stored in clear form but as an irreversible digest (hash), and these records are automatically deleted after 30 days. We do not collect special categories of data such as health, biometrics, religion or origin.
3. How We Use Data
We use your data to answer your requests and questions, send newsletters and announcements, keep the site secure, debug issues and improve our content. Marketing messages are sent only with your explicit consent and every email contains an unsubscribe link.
4. Legal Bases
Our processing relies on your explicit consent for newsletter subscriptions (KVKK Art. 5/1 and GDPR Art. 6/1-a), on the establishment/performance of a contract for contact requests, and on our legitimate interest for security and analytics (KVKK Art. 5/2, GDPR Art. 6/1-f).
5. Cookies and Analytics
We use cookies that are strictly necessary for the site to function, plus optional, anonymized analytics cookies. You can set your preference via our cookie notice and delete or block cookies anytime in your browser settings. We do not use third-party advertising or tracking cookies.
6. Data Security (EPC-256)
Sensitive fields are encrypted with our proprietary EPC-256 (Emoji Permutation Cipher 256) architecture, built on AES-256-GCM with a secret emoji-permutation layer, and stored in the database as unreadable emoji ciphertext. Connections are protected with TLS; even in a leak the content cannot be decrypted without the key.
7. Retention Periods
Newsletter data is kept until you unsubscribe; contact form records for a reasonable period after your request is resolved; technical/security logs for up to 12 months. When the purpose no longer exists or upon your request, data is deleted or anonymized.
8. Third-Party Service Providers
We work with a limited number of providers to host the site, send email and produce anonymous statistics. These providers process your data only on our instructions and under contractual confidentiality obligations. We never sell your data.
9. International Data Transfers
Some of our providers may be located abroad. In that case, transfers are carried out to countries offering adequate protection or under appropriate safeguards such as Standard Contractual Clauses (SCC), in compliance with applicable law.
10. Children's Privacy
This site is not directed at children under 13 and we do not knowingly collect data from them. If we identify data belonging to a child under 13, we delete it without undue delay.
11. Your Rights
You have the right to access, rectify, erase, restrict, object to processing, data portability, and to withdraw your consent. You can send requests to info@yend.app and may also lodge a complaint with the relevant data protection authority (in Türkiye, the KVKK Board).
12. Changes
This Privacy Policy may be updated from time to time. We publish material changes on this page and, where appropriate, notify newsletter subscribers by email. Please check the update date at the bottom of the page.
Last updated: June 2026