TLC
Dealer
Sign in

Privacy Policy

Last updated · April 27, 2026

TLC Dealer ("we", "our", "us") is a SaaS platform operated by Emincan Akyıldız, a sole proprietor based in Istanbul, Türkiye. This policy explains what data we collect when you use our platform at tlcdealer.com, why we collect it, and how we handle it. We process personal data in accordance with the Turkish Personal Data Protection Law (KVKK · 6698) and, where applicable, the EU General Data Protection Regulation (GDPR).

Who controls your data

For data you provide directly when signing up or contacting us, we act as a data controller. For data you upload while using the platform (your customers, sales records, inventory, etc.), we act as a data processor on behalf of your organization, which remains the controller of that data.

What we collect

  • Account data — name, email, phone, role, the company you work for.
  • Operational data — anything you enter into the platform: customer records, sales transactions, inventory, prices, payment status, invoice references.
  • Usage data — IP address, browser, pages visited, error logs. Used only for security and product improvement.
  • Cookies — essential session cookies for authentication and a single non-essential preference cookie (your language choice).

How we use it

  • To provide the service you signed up for
  • To authenticate you and protect your account
  • To respond to support requests
  • To detect and prevent abuse, fraud, or technical issues
  • To improve product features based on aggregate usage

We do not sell your data. We do not run advertising. We do not share your operational data with third parties except sub-processors listed below or when required by law.

Sub-processors

We use the following service providers to run the platform:

  • Supabase — database hosting, authentication (EU region)
  • Vercel — application hosting (global edge network)
  • Anthropic — AI vision API for label parsing (US, processes only the image you submit, no retention)
  • Hetzner — backend worker infrastructure (Germany)

Each sub-processor has signed a data processing agreement and meets industry standards for security and privacy.

How long we keep it

We retain your data as long as your account is active. If you delete your account, operational data is removed within 30 days. Aggregated, non-identifying analytics may be retained indefinitely. Backups are kept for up to 90 days for disaster recovery.

Your rights (KVKK Art. 11 / GDPR Art. 15-22)

  • Know what we have on you
  • Request a copy of your data
  • Correct inaccurate data
  • Request deletion (where legally permitted)
  • Object to processing
  • Withdraw consent at any time
  • File a complaint with the Turkish Data Protection Authority (KVK Kurumu) or your local EU supervisory authority

To exercise any of these rights, email us at contact@emincan.com. We respond within 30 days.

Security

Data is encrypted in transit (TLS) and at rest. Access is restricted to authorized personnel under contract. Authentication uses industry-standard hashing. We follow the principle of least privilege across all systems. No system is perfectly secure, and we will notify affected users within 72 hours of any breach involving their data.

Children

TLC Dealer is a B2B service. It is not directed at people under 18, and we do not knowingly collect data from children.

International transfers

Some sub-processors are located outside Türkiye and the EU. Where data leaves the country, transfers are governed by Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

Changes

We may update this policy. Material changes will be announced on this page and notified to active users by email at least 14 days in advance.

Contact

Questions about this policy or your data: contact@emincan.com