This English text is provided for informational purposes only; the Turkish version is legally binding.
Privacy Policy
At Blink AI we take your privacy seriously. This policy transparently explains what data we collect when you use the platform, how it's processed, and what rights you have. We act as a data controller under the Turkish Personal Data Protection Law (KVKK, Law No. 6698).
1. Data Categories We Collect
To deliver the service we process data in the following categories: identity (first/last name), contact (email, optional phone), corporate information (company name, department, role), account and session data (password hashes, session tokens, IP address, browser info), learning data (module progress, chat logs, performance metrics), and — when you submit attendance for an OHS scene — location coordinates and a selfie photo.
2. Purposes of Processing
Your data is processed only for: delivering the service and managing your account, generating an AI-driven personalized learning experience, corporate reporting and instructor progress tracking, mandatory record-keeping required by regulation (e.g. occupational health & safety audits), platform security and fraud prevention, and statistical analysis to improve the platform. Your data is never sold or shared with third parties for marketing.
3. Third-Party Services
The platform relies on sub-processors for email delivery (Listmonk/SMTP provider), AI language models (OpenAI/Anthropic), vector search (Pinecone), and file storage (Amazon S3 or local servers). These providers receive only the data needed to deliver their function and are bound by data-processing agreements. Where possible, data is kept within Türkiye or the EU; for transfers abroad, KVKK Article 9 safeguards apply.
4. Data Retention
Data is retained only as long as necessary for the purpose it was collected. If you request account deletion, your data is removed or anonymized within 30 days, unless regulation requires longer retention (e.g. 10 years for OHS records). Chat and learning history is retained for the lifetime of your active account; the default retention period is 7 years unless your employer has set a different policy.
5. Cookies and Local Storage
The platform uses essential cookies to keep you signed in (authentication), preference cookies to remember your language choice, and aggregate analytics cookies that contain no personal identifiers. We do not use third-party advertising or tracking cookies. You can manage cookies via your browser settings; disabling essential cookies may prevent sign-in from working.
6. Data Security
Data is encrypted in transit with TLS, and sensitive fields (passwords, tokens) are stored as one-way hashes or AES-256-encrypted at rest. Access is gated by role-based permissions following the least-privilege principle, and admin actions are written to an audit log. Systems undergo regular security reviews and patches; in case of a data breach we notify the Authority and affected data subjects within 72 hours per KVKK Article 12.
7. Your Rights Under KVKK
Under KVKK Article 11 you have the right to access your data, correct inaccurate data, request deletion or destruction, object to processing, request portability to another data controller, and challenge automated decision-making. You can submit these requests through our contact page or by emailing [email protected]; we respond within the 30-day window prescribed by KVKK.
8. Changes to This Policy
This policy may be updated from time to time. Significant changes will be communicated through in-app notifications and/or email; minor updates can be tracked via the "last updated" date on this page. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.
Last updated: April 2026