Privacy Policy

01 Introduction

Sitenivar Inc. ("Sitenivar," "we," "us," or "our") is a company incorporated in the State of Delaware, United States, operating the website sitenivar.com. We provide website design, development, hosting, and maintenance services primarily to small businesses based in Turkey, as well as to international clients.

We respect your privacy and are committed to protecting your personal data in accordance with applicable laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and the Turkish Personal Data Protection Law No. 6698 (KVKK).

This Privacy Policy applies to personal data we collect through our website, our sales process, our customer service interactions, and the services we deliver to you.

02 Information We Collect

We collect personal data that you provide directly to us, data we receive from your use of our services, and data we obtain from third-party service providers. Categories include:

Identity Data

• Full name, business name, job title

Contact Data

• Email address, phone number, WhatsApp number, postal address

Business Information

• Industry sector, current website URL, business location (city, country), service needs, package selection

Payment Data

• Payment is processed by Stripe, Inc. Sitenivar does not store full card numbers, CVV codes, or banking credentials on its servers. We retain only invoice references, last-four digits, and transaction identifiers required for accounting and customer support.

Technical Data

• IP address (anonymized where required), browser type and version, device type, operating system, time zone, referrer URL, pages visited, interaction events
• Cookies and similar tracking technologies (see Section 10)
• Aggregated analytics via Google Analytics 4 with IP anonymization enabled

Communications Data

• Records of messages exchanged via email, WhatsApp, contact forms, and customer support channels

03 How We Use Your Information

We use your personal data for the following purposes:

• Service delivery — designing, building, hosting, and maintaining your website
• Billing and payment processing — issuing invoices, processing payments via Stripe, and handling refunds
• Customer support — responding to inquiries, technical assistance, and revision requests
• Marketing communications — sending newsletters, product updates, and promotional content (only with your prior consent, and you may withdraw consent at any time)
• Service improvement — analyzing usage patterns to improve our website, services, and user experience
• Legal and compliance obligations — meeting tax, accounting, anti-fraud, and regulatory requirements
• Security — preventing fraud, abuse, and unauthorized access; investigating security incidents

04 Legal Bases for Processing (GDPR Article 6)

Where GDPR applies, we rely on the following legal bases to process your personal data:

• Contract performance (Art. 6(1)(b)) — processing necessary to deliver services you have ordered, manage your account, and handle billing
• Legitimate interests (Art. 6(1)(f)) — service improvement, fraud prevention, network and information security, and direct B2B outreach to existing customers
• Consent (Art. 6(1)(a)) — marketing emails, optional cookies (analytics, advertising), and any sensitive optional features. Consent can be withdrawn at any time without affecting prior processing
• Legal obligation (Art. 6(1)(c)) — retaining invoice and tax records, responding to lawful requests from authorities

05 International Data Transfers

Sitenivar is a US company and many of our service providers are located in the United States or operate global infrastructure. Personal data may therefore be transferred outside the European Economic Area, the United Kingdom, and Turkey.

We rely on the following safeguards for cross-border transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-US Data Privacy Framework (DPF) where the receiving processor is certified
• Adequacy decisions where available
• Explicit consent for limited, specific transfers where no other safeguard applies

Hosting infrastructure: our primary hosting region is Frankfurt, Germany (Coolify on Hostinger VPS) with Cloudflare providing global CDN, DDoS protection, and edge SSL termination. This keeps EU and Turkish customer data physically located within the EU for the application tier.

06 Third-Party Services (Sub-Processors)

We use the following sub-processors to deliver our services. Each is contractually bound to process data only on our instructions and to apply appropriate security measures.

A current and complete list of sub-processors is available on request to [email protected].

07 Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including legal, accounting, and reporting obligations.

• Customer account and contract data: for the duration of the service agreement plus 10 years after termination, to comply with US and Turkish tax, accounting, and statute-of-limitations obligations
• Invoice and payment records: 10 years (US IRS and Turkish tax law)
• Marketing data (newsletter lists, prospect lists): until consent is withdrawn, or 24 months of inactivity, whichever is earlier
• Website analytics and traffic data: 12 months in aggregated form
• Customer support tickets and communications: 24 months after case closure
• Cookie consent records: 24 months from the date of consent

After the retention period, data is securely deleted or irreversibly anonymized.

08 Your Rights

Your rights depend on where you reside. We honor all valid requests regardless of jurisdiction.

If you are in the European Economic Area, the UK, or Switzerland (GDPR / UK GDPR)

• Right of access — obtain a copy of the personal data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restriction of processing
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object to processing based on legitimate interests or direct marketing
• Right not to be subject to automated decision-making, including profiling, with legal or similarly significant effects
• Right to withdraw consent at any time, without affecting prior processing
• Right to lodge a complaint with your local supervisory authority

If you are a California resident (CCPA / CPRA)

• Right to know what personal information we collect, use, disclose, and sell or share
• Right to delete personal information we have collected
• Right to correct inaccurate personal information
• Right to opt out of the sale or sharing of personal information — see our "Do Not Sell or Share My Personal Information" link in the footer
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your CCPA rights

Sitenivar does not sell personal information for monetary consideration. We may "share" personal information for cross-context behavioral advertising via the Meta Pixel; this is consent-gated and you can opt out via the cookie banner or footer link.

If you are a Turkish resident (KVKK)

Turkish residents have rights under KVKK Article 11, including the right to learn whether personal data is processed, to request information, to learn the purpose of processing, to know recipients, to request correction or deletion, and to object to processing that produces a result against the person. Full details and our information notice are provided in our KVKK Aydınlatma Metni (Turkish).

How to exercise your rights: contact [email protected] with your request. We will respond within 30 days (GDPR), 45 days (CCPA, extendable once by 45 days), or 30 days (KVKK). We may require reasonable proof of identity before fulfilling a request.

09 Data Protection Officer & EU Representative

For all privacy and data protection matters, please contact our Data Protection Officer:

An EU Representative will be formally appointed and listed here before Sitenivar accepts EU-based customers under contracts where Article 27 applies.

10 Cookie Policy

We use the following categories of cookies and similar technologies:

• Strictly necessary cookies — required for the website to function (e.g., cookie consent state, session). Always active, no consent required
• Analytics cookies — Google Analytics 4 (IP-anonymized) to understand usage. Consent-gated
• Marketing cookies — Meta Pixel for advertising attribution. Consent-gated, off by default

You can manage your preferences through the cookie banner at first visit, or by clearing your browser's site data for sitenivar.com. Full details are available in our Çerez Politikası (Cookie Policy, Turkish — English version forthcoming).

11 Data Security

We apply technical and organizational measures appropriate to the risk, including:

• Encryption in transit — TLS 1.3 for all connections, HSTS enforced, HTTP/2 and HTTP/3 supported
• Encryption at rest — AES-256 for stored customer data and backups
• Access controls — role-based access, principle of least privilege, mandatory 2FA (TOTP) for all admin and team accounts
• Network protection — Cloudflare WAF and DDoS mitigation, rate limiting on sensitive endpoints, origin IP hidden behind Cloudflare anycast
• Audit logs — administrative actions, payment events, and access to personal data are logged and retained
• Backups — daily encrypted backups with off-site replication
• Incident response — documented breach notification procedure; affected users and relevant authorities notified within 72 hours of a confirmed breach (GDPR Article 33)

No system is perfectly secure. While we apply industry-standard safeguards, we cannot guarantee absolute security and encourage you to use strong, unique passwords and enable 2FA on any related accounts.

12 Children's Privacy

Sitenivar's services are directed at businesses and individuals aged 18 and over. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact [email protected] and we will delete it promptly.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. For material changes, we will:

• Notify you by email (where we have your address) at least 30 days before the change takes effect
• Display a prominent notice on sitenivar.com
• Update the "Last Updated" date at the top of this page
• Maintain prior versions on request

Continued use of our services after the effective date constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account before the effective date.

14 Contact

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us: