Privacy & Transparency

Your data is not a product. It’s a responsibility.

Name: visexa
Address: Mustafa Kemal Mah., Mahall Ankara Dumlupınar Bulvarı, E-Blok Kat:4 No:59, Çankaya/Ankara, Türkiye
Telephone: +90 312 577 25 55

We operate a design studio, not a data marketplace. Our Privacy Policy outlines the minimal, necessary data we collect to function, how we protect it, and your control over it. No hidden clauses, no third-party data selling, no surprises.

View Data Practices Know Your Rights

100% Core Services Only

We only collect data essential to delivering your project or responding to your inquiry.

Encrypted In Transit & At Rest

Industry-standard encryption secures your information across our infrastructure.

A Transparent Foundation for Our Partnership

Trust is the currency of any creative partnership. As a studio based in Ankara, Türkiye, we are subject to Türkiye's Personal Data Protection Law (KVKK) and adhere to the principles of the EU's GDPR. This policy applies to our website, project management portals, and client communications.

We designed this policy to be as clear as our design work. If you have a question not covered here, contact us directly at [email protected]. We will answer it without legal jargon.

The Data We Handle

Not all data is created equal. We categorize it by necessity and safeguard it accordingly.

Key Principle

We do not engage in data brokering. Your information never leaves our control for commercial purposes.

Essential Operation Data

✓ Email address & name for project communication.
✓ IP address for basic security logging (anonymized after 30 days).
✓ Payment processing details (via secure third-party gateways).

Optional Project Data

○ Company name & role (for invoicing & context).
○ Design preferences or brand assets (provided by you).
○ Feedback on proposals (stored locally).

Data We Do Not Collect

✗ Third-party behavioral tracking (no Google Analytics profiles).
✗ Location data beyond country for invoicing.
✗ Social media account details.

Secure data infrastructure visual representation

Physical & Digital Security: We partner with vetted hosting providers in the EU to ensure data locality and compliance.

How We Protect Your Information

Technical Safeguards

All data is encrypted in transit using TLS 1.2+ and at rest using industry-standard algorithms. Access to our project management and file systems requires multi-factor authentication. We conduct regular security audits and penetration testing with external partners.

Administrative Controls

Only essential team members have access to project data, and permissions are strictly role-based. We have a data retention policy: project-related emails and files are archived for 3 years (to reference past work) unless you request earlier deletion.

Third-Party Processors

We use services for email, cloud storage, and payment processing. All are selected for their privacy standards (e.g., GDPR-compliant). You can request a list of these processors at any time.

Your Control Over Your Data

You hold the rights to access, correct, delete, or restrict the processing of your personal data. Here’s how to exercise them.

Access & Portability

Request a copy of all data we hold about you in a common, machine-readable format (e.g., CSV, JSON).

Request via Email →

Correction & Deletion

We correct inaccurate information. You can request deletion of non-essential data at any time.

Submit Request →

Objection & Restriction

Object to processing for legitimate interests. Request we temporarily halt processing while we review your objection.

Object →

Data Portability for Projects

Upon project completion, we provide final assets. You retain full ownership and can request project data deletion.

Discuss Assets →

Policy Framework & Governance

This policy is a living document. It is reviewed annually or when we change our data processing practices.

Data Minimization at Collection

Our contact forms have the fewest fields possible. We don’t ask for phone numbers unless required for invoicing. Every data point has a clear purpose.

/contact.php → NAME, EMAIL, MESSAGE ONLY

Defined Retention Periods

Active Project Data: 3 years post-completion (for portfolio & reference). Marketing inquiries (non-clients): 24 months. We securely delete data past these periods.

Retention Scheduler: Automated archival triggers.

Incident Response Plan

In the event of a data breach, we follow our incident response plan: contain, assess, notify relevant authorities (KVKK/DPAs) within 72 hours, and inform affected individuals without undue delay.

Governance Notes

Controller Identity: visexa, Mustafa Kemal Mah., Mahall Ankara Dumlupınar Bulvarı, E-Blok Kat:4 No:59, Çankaya/Ankara, Türkiye.

DPA Contact: Data Protection Officer role is assumed by the studio founder. Contact via the info email with "DPO" in the subject.

Legal Basis: Contractual necessity for clients. Legitimate interest for security logs. Consent for optional marketing (opt-in only).

EU Representative (For GDPR)

We do not currently have an establishment in the EU. For EU citizens, you may contact the Turkish Data Protection Authority or us directly.

Questions About This Policy?

We’re happy to explain any part in plain language. Reach out for a conversation.

visexa • Privacy Policy Effective Date: January 2026 • Last Updated: Current Page View

Built with care in Ankara, Türkiye.