privacy

Privacy Policy

This Privacy Policy describes how Sezai Enes YILDIZHAN, an individual developer based in Turkey ('I,' 'me,' 'my,' or 'Randez'), collects, uses, processes, discloses, and protects personal data through the Randez appointment scheduling platform. I am committed to protecting your privacy in compliance with GDPR, Turkish KVKK, and CCPA.

Last updated: December 13, 2025Effective date: December 13, 2025

Table of Contents

01Data Controller Information02Information We Collect03How We Use Your Information04Data Sharing and Sub-Processors05International Data Transfers06Data Retention07Your Rights (GDPR)08Your Rights (Turkish KVKK)09Cookies and Tracking10Data Security11Children's Privacy12Lemon Squeezy Payment Processing13Business Users (Data Processing)14Changes to This Policy15Governing Law16Contact
Section 1

Data Controller Information

  • Data Controller: Sezai Enes YILDIZHAN
  • Contact Email: privacy@randez.app
  • Legal Inquiries: legal@randez.app
  • For GDPR purposes, I act as Data Controller for data collected directly from you. For client data you enter, you act as Data Controller and I act as Data Processor.
Section 2

Information We Collect

Data You Provide

  • Account Data: Name, email address, password (hashed)
  • Business Data: Business name, type, operating hours, services offered
  • Payment Data: Billing name, country (processed by Lemon Squeezy)
  • Client Data: Names, contact details, appointment notes you enter
  • Communications: Support requests, feedback

Data Collected Automatically

  • Usage Data: Pages visited, features used, session duration
  • Device Data: Browser type, OS, screen resolution
  • Log Data: IP address, access timestamps, error logs
  • Analytics: Aggregated usage patterns via Vercel and Google Analytics
Section 3

How We Use Your Information

  • Providing the Service: Process appointments, manage schedules, facilitate bookings
  • Processing Payments: Handle subscription billing through Lemon Squeezy
  • Communications: Appointment reminders, booking confirmations, service updates
  • Improvement: Analyze usage patterns, fix bugs, develop new features
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal Compliance: Meet regulatory requirements and respond to legal requests
Section 4

Data Sharing and Sub-Processors

  • I do not sell, rent, or trade your personal data.
  • Supabase Inc. (EU - Frankfurt): Database hosting, authentication
  • Lemon Squeezy, LLC (USA): Payment processing, Merchant of Record
  • Vercel Inc. (Global): Hosting, edge network, analytics
  • Google LLC (USA): Analytics (Google Analytics 4)
  • Scaleway SAS (EU - France): Transactional email
  • All sub-processors are bound by Data Processing Agreements ensuring GDPR compliance.
Section 5

International Data Transfers

  • Your data is primarily stored in the EU (Supabase Frankfurt).
  • Some sub-processors are located outside EU/EEA.
  • For transfers to non-adequate countries, I rely on Standard Contractual Clauses (SCCs).
Section 6

Data Retention

  • Account and business data: Duration of account + 30 days
  • Client data: Duration of account + 30 days
  • Transaction records: 7 years (legal/tax obligations)
  • Log data: 90 days (security and debugging)
  • Analytics data: 26 months (service improvement)
  • Upon account deletion, personal data is deleted within 30 days except where legally required.
Section 7

Your Rights (GDPR)

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Request correction of inaccurate data
  • Erasure (Art. 17): Request deletion ('right to be forgotten')
  • Restriction (Art. 18): Request limitation of processing
  • Portability (Art. 20): Receive data in machine-readable format
  • Objection (Art. 21): Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent at any time
  • Complaint: Lodge a complaint with supervisory authority
Section 8

Your Rights (Turkish KVKK)

  • Learn whether personal data is processed
  • Request information about processing purposes
  • Know third parties to whom data is transferred
  • Request correction of incomplete or inaccurate data
  • Request deletion under KVKK Art. 7 conditions
  • Object to automated decision-making
  • Claim damages for unlawful processing
Section 9

Cookies and Tracking

  • Essential Cookies: Authentication, security, session management (Session)
  • Functional Cookies: User preferences, language, theme (1 year)
  • Analytics Cookies: Usage statistics via Google Analytics 4 and Vercel Analytics
  • You can manage cookies through browser settings. Disabling essential cookies may impair functionality.
Section 10

Data Security

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Secure password hashing (bcrypt)
  • Regular security updates and patches
  • Access logging and monitoring
  • No system is 100% secure. You use the Service at your own risk.
Section 11

Children's Privacy

  • The Service is not intended for individuals under 18.
  • I do not knowingly collect data from children under 18.
  • If I become aware of such collection, I will delete it immediately.
Section 12

Lemon Squeezy Payment Processing

  • Lemon Squeezy, LLC acts as Merchant of Record for all subscriptions.
  • Payment card details are collected and processed directly by Lemon Squeezy.
  • I do not receive or store your full payment card details.
  • Lemon Squeezy handles PCI DSS compliance.
  • Lemon Squeezy Privacy Policy: lemonsqueezy.com/privacy
Section 13

Business Users (Data Processing)

  • If you manage client data through the Service:
  • You are the Data Controller for client data under GDPR/KVKK.
  • I act as Data Processor on your behalf.
  • You are responsible for: obtaining valid consent, providing privacy notices, responding to data subject requests, ensuring data accuracy.
  • By using the Service, you agree to Data Processing Agreement terms per GDPR Article 28.
Section 14

Changes to This Policy

  • I may update this Policy from time to time.
  • Material changes will be notified via email and on-site notice.
  • Continued use after changes constitutes acceptance.
Section 15

Governing Law

  • This Policy is governed by the laws of the Republic of Turkey.
  • GDPR applies for EU/EEA/UK users.
  • Applicable local data protection laws also apply.
Section 16

Contact

  • Privacy inquiries: privacy@randez.app
  • Legal inquiries: legal@randez.app
  • Response time: 5 business days for general inquiries, 30 days for formal requests.
This Privacy Policy constitutes the entire agreement regarding the processing of personal data through the Service.