KVKK Aydinlatma Metni

Son guncelleme: 30 Mart 2026

Bu aydinlatma metni, 6698 sayili Kisisel Verilerin Korunmasi Kanunu ("KVKK") Madde 10 ve Aydinlatma Yukumlulugunun Yerine Getirilmesinde Uyulacak Usul ve Esaslar Hakkinda Teblig uyarinca hazirlanmistir.

1. Veri Sorumlusunun Kimligi

Unvan: Meridian (com.Meridian.app)
E-posta: support@meridianedu.ai
KVKK Iletisim: privacy@meridianedu.ai

2. Kisisel Verilerin Islenmesinin Hukuki Dayanagi

2.1 KVKK Madde 5 Kapsaminda

Acik riza (Md. 5/1): Profil olusturma, AI danismanlik hizmeti kullanimi
Sozlesmenin ifasi (Md. 5/2-c): Hizmetin sunulmasi icin zorunlu veri isleme
Mesru menfaat (Md. 5/2-f): Hizmet iyilestirme, guvenlik ve dolandiricilik onleme
Hukuki yumumluluk (Md. 5/2-c): Yasal zorunluluklar kapsaminda veri saklama

2.2 GDPR Madde 6 Kapsaminda (AB/AEA Kullanicilari Icin)

Riza (Md. 6/1-a): Kisisellestirilmis AI danismanlik hizmeti
Sozlesmenin ifasi (Md. 6/1-b): Hizmet sunumu icin gerekli veri isleme
Mesru menfaat (Md. 6/1-f): Platform guvenligi ve hizmet gelistirme

3. Islenen Kisisel Veri Kategorileri

Veri Kategorisi	Icerik	Isleme Amaci
Kimlik Bilgileri	Ad, soyad, e-posta	Hesap yonetimi, iletisim
Egitim Bilgileri	Calisma alani, hedef ulke, program tercihi	Kisisellestirilmis eslesme
Akademik Veriler	GPA, IELTS/TOEFL puanlari	Uygunluk analizi
Finansal Tercihler	Butce araligi	Burs ve maliyet eslesme
AI Etkilesim Verileri	ATLAS sohbet gecmisi	Danismanlik hizmeti
Teknik Veriler	Cihaz bilgisi, IP adresi, oturum verileri	Guvenlik, hizmet surekliligi

4. Kisisel Verilerin Isleme Amaclari

Yurt disi egitim danismanlik hizmetinin sunulmasi
ATLAS AI ile kisisellestirilmis rehberlik saglanmasi
Ulke, program ve burs eslesme analizlerinin yapilmasi
Ogrenci Etki Puani (OEP) risk degerlendirmesinin gerceklestirilmesi
Kullanici hesabinin olusturulmasi ve yonetilmesi
Hizmetin iyilestirilmesi ve kullanici deneyiminin gelistirilmesi
Yasal yukumluluklerin yerine getirilmesi
Hizmet guvenliginin saglanmasi

5. Kisisel Verilerin Aktarimi

5.1 Yurt Disi Aktarim

Alici	Ulke/Bolge	Amac	Guvenlik Onlemi
Firebase (Google Cloud)	europe-west1 (Belcika, AB)	Veri depolama ve kimlik dogrulama	AB Standart Sozlesme Maddeleri
Anthropic (Claude AI)	ABD	AI danismanlik sohbeti	Veri isleme sozlesmesi; kalici saklama yok
Google (Gemini AI)	AB	Ulke risk analizi	Anonim veri; kisisel veri aktarimi yok

5.2 Yurt Ici Aktarim

Kisisel verileriniz yurt icinde ucuncu taraflarla paylasilmaz. Yasal zorunluluk halinde yetkili kamu kurumlari ile paylasilabilir.

6. Veri Saklama Sureleri

Veri Turu	Saklama Suresi
Hesap bilgileri	Hesap aktif oldugu surece
ATLAS sohbet gecmisi	Hesap aktif oldugu surece
Teknik loglar	En fazla 12 ay
Silme talebi sonrasi	30 gun icinde kalici silme

7. Ilgili Kisi Haklari

KVKK Madde 11 Haklari

Kisisel verilerinizin islenip islenmedigini ogrenme
Islenmisse buna iliskin bilgi talep etme
Isleme amacini ve amacina uygun kullanilip kullanilmadigini ogrenme
Yurt icinde veya yurt disinda aktarildigi ucuncu kisileri bilme
Eksik veya yanlis islenmisse duzeltilmesini isteme
KVKK Madde 7 sartlari cercevesinde silinmesini veya yok edilmesini isteme
Duzeltme/silme islemlerinin aktarildigi ucuncu kisilere bildirilmesini isteme
Islenen verilerin munhasiran otomatik sistemler vasitasiyla analiz edilmesi suretiyle aleyhinize bir sonucun ortaya cikmasina itiraz etme
Kanuna aykiri isleme sebebiyle zarara ugramaniz halinde zararin giderilmesini talep etme

GDPR Madde 15-22 Haklari

Erisim hakki (Md. 15)
Duzeltme hakki (Md. 16)
Silme hakki / "Unutulma hakki" (Md. 17)
Islemenin sinirlandirilmasi (Md. 18)
Veri tasinabilirligi (Md. 20)
Itiraz hakki (Md. 21)
Otomatik karar almaya tabi olmama (Md. 22)
Denetim makamina sikayet hakki

8. Haklarinizi Nasil Kullanabilirsiniz?

Yukarida belirtilen haklarinizi kullanmak icin asagidaki yontemlerden birini tercih edebilirsiniz:

E-posta: privacy@meridianedu.ai adresine kimliginizi dogrulayici bilgilerle birlikte basvuru
Genel destek: support@meridianedu.ai

Basvurular en gec 30 gun icinde ucretsiz olarak yanitlanir. Islemin ayrica bir maliyet gerektirmesi halinde, Kisisel Verileri Koruma Kurulu tarafindan belirlenen ucret tarifesi uygulanabilir.

9. Veri Guvenligi Onlemleri

Tum veriler aktarim sirasinda TLS 1.2+ sifreleme ile korunur
Veriler europe-west1 bolgesinde sifrelenmis olarak saklanir
Erisim yetkilendirmesi Firebase Authentication ile saglanir
AI saglayicilari (Anthropic, Google) ile veri isleme sozlesmeleri mevcuttur
Duzeni guvenlik degerlendirmeleri yapilir

10. Degisiklikler

Bu aydinlatma metni guncel mevzuat degisiklikleri ve hizmet guncellemeleri dogrultusunda revize edilebilir. Degisiklikler uygulama ici bildirim yoluyla duyurulur.

11. Iletisim

KVKK/GDPR Basvurulari: privacy@meridianedu.ai
Genel Destek: support@meridianedu.ai

KVKK / GDPR Compliance Notice

Last updated: March 30, 2026

This notice has been prepared in accordance with Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the General Data Protection Regulation ("GDPR") of the European Union.

1. Data Controller Identity

Name: Meridian (com.Meridian.app)
Email: support@meridianedu.ai
Data Protection Contact: privacy@meridianedu.ai

2. Legal Basis for Processing

2.1 Under KVKK Article 5

Explicit consent (Art. 5/1): Profile creation, AI advisory service usage
Performance of contract (Art. 5/2-c): Data processing necessary for service delivery
Legitimate interest (Art. 5/2-f): Service improvement, security, and fraud prevention
Legal obligation (Art. 5/2-c): Data retention under legal requirements

2.2 Under GDPR Article 6 (For EU/EEA Users)

Consent (Art. 6/1-a): Personalized AI advisory service
Performance of contract (Art. 6/1-b): Data processing required for service provision
Legitimate interest (Art. 6/1-f): Platform security and service development

3. Categories of Personal Data Processed

Data Category	Content	Processing Purpose
Identity Information	Name, surname, email	Account management, communication
Education Information	Study field, target country, program preference	Personalized matching
Academic Data	GPA, IELTS/TOEFL scores	Eligibility analysis
Financial Preferences	Budget range	Scholarship and cost matching
AI Interaction Data	ATLAS chat history	Advisory service
Technical Data	Device info, IP address, session data	Security, service continuity

4. Purposes of Processing

Providing the study abroad advisory service
Delivering personalized guidance through ATLAS AI
Conducting country, program, and scholarship matching analyses
Performing Student Impact Score (OEP) risk assessments
Creating and managing user accounts
Improving the service and enhancing user experience
Fulfilling legal obligations
Ensuring service security

5. Data Transfers

5.1 International Transfers

Recipient	Country/Region	Purpose	Safeguard
Firebase (Google Cloud)	europe-west1 (Belgium, EU)	Data storage and authentication	EU Standard Contractual Clauses
Anthropic (Claude AI)	United States	AI advisory chat	Data processing agreement; no permanent storage
Google (Gemini AI)	EU	Country risk analysis	Anonymized data; no personal data transfer

5.2 Domestic Transfers

Your personal data is not shared with third parties domestically. Data may be shared with authorized public authorities when required by law.

6. Data Retention Periods

Data Type	Retention Period
Account information	While account is active
ATLAS chat history	While account is active
Technical logs	Up to 12 months
After deletion request	Permanent deletion within 30 days

7. Data Subject Rights

Rights Under KVKK Article 11

Learn whether your personal data is being processed
Request information if data has been processed
Learn the purpose of processing and whether it is used accordingly
Know the third parties to whom data is transferred domestically or abroad
Request rectification if data is incomplete or inaccurate
Request erasure or destruction under KVKK Article 7
Request notification of rectification/erasure to third parties
Object to outcomes arising from exclusively automated analysis
Claim compensation for damages caused by unlawful processing

Rights Under GDPR Articles 15-22

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure / "Right to be forgotten" (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)
Right not to be subject to automated decision-making (Art. 22)
Right to lodge a complaint with a supervisory authority

8. How to Exercise Your Rights

You may exercise the rights listed above through any of the following methods:

Email: Submit a request to privacy@meridianedu.ai with identity verification information
General support: support@meridianedu.ai

Requests are responded to within 30 days free of charge. If the process requires an additional cost, the fee schedule determined by the Personal Data Protection Board may apply.

9. Data Security Measures

All data is protected with TLS 1.2+ encryption during transmission
Data is stored encrypted in the europe-west1 region
Access authorization is managed through Firebase Authentication
Data processing agreements are in place with AI providers (Anthropic, Google)
Regular security assessments are conducted

10. Changes

This notice may be revised in accordance with current legislative changes and service updates. Changes will be communicated via in-app notification.

11. Contact

KVKK/GDPR Inquiries: privacy@meridianedu.ai
General Support: support@meridianedu.ai