Legal

Privacy Policy

This Privacy Policy explains how Turkish Law Blog collects, uses, stores, shares, and protects personal data across accounts, profiles, publishing workflows, public pages, and related services.

Effective date: April 2, 2026Last updated: April 2, 2026

TLB Teknoloji Medya ve Danışmanlık Limited Şirketi ("TLB", "Turkish Law Blog", "we", "us", or "our") operates the Turkish Law Blog platform, including its website, public content, professional directory, account system, profile tools, blog publishing workflows, and related services (collectively, the "Platform").

Our registered address is:
TLB Teknoloji Medya ve Danışmanlık Limited Şirketi
Merkez Mah. Akar Cad. I Tovvers Bomonti Blok No: 3/23
Şişli / İstanbul
Türkiye

For privacy-related questions or requests, you may contact us at info@turkishlawblog.com.

1. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you:

  • visit or browse the Platform;
  • create an account;
  • log in or manage your profile;
  • submit or publish content;
  • create or claim a professional profile;
  • interact with public directory listings;
  • apply for career opportunities;
  • communicate with us; or
  • otherwise use the Platform.

This Privacy Policy applies only to the Platform and our processing activities in connection with it. It does not govern third-party websites, services, or platforms that may be linked from the Platform.

2. The Personal Data We Collect

Depending on how you use the Platform, we may collect the following categories of personal data.

A. Account and identity data

  • email address;
  • password credentials handled through our authentication provider;
  • account ID and authentication-related identifiers; and
  • profile type, such as law firm, general counsel, or student.

B. Verification and security data

  • one-time password (OTP) verification records;
  • verification status;
  • login attempt records; and
  • hashed IP-related anti-abuse data used to protect registration and password reset flows.

C. Profile and directory data

  • first name and last name;
  • profile photo or avatar;
  • biography or about information;
  • country and location information;
  • social media links;
  • public-facing contact data where you choose or submit it;
  • professional profile data, such as company, job title, industry, firm name, firm website, office details, languages, memberships, awards, and similar profile content; and
  • team member information uploaded to law firm profiles, such as names, job titles, bios, and photos.

D. Content and publication data

  • article drafts and published blog content;
  • titles, subtitles, excerpts, tags, categories, and publication metadata;
  • co-author invitation data; and
  • review or moderation notes related to publication workflows.

E. Career application data

If you apply through the career section, we may collect:

  • full name;
  • email address;
  • phone number;
  • LinkedIn URL;
  • cover letter or similar application text; and
  • related application metadata.

At the time of writing, the Platform schema includes a field for resume or CV links, but the current public application flow does not clearly show live resume upload collection. If that changes, this Privacy Policy should be updated accordingly.

F. Communications and support data

  • messages or requests you send to us;
  • notification content; and
  • email communication records relating to verification, password reset, account access, invitations, moderation, or support.

G. Technical and usage data

  • session cookie data required to keep you signed in;
  • browser and device information that may be included in standard server, hosting, proxy, or security logs; and
  • request metadata reasonably necessary for security, delivery, debugging, and fraud prevention.

H. Public content and public profile data

If you publish content or maintain a public profile, some of your data may be made publicly visible, such as your name, title, firm or company name, professional biography, country or location, social links, selected profile details, publication details, and contact information where you choose to make it public.

In particular, some public-facing email visibility settings may depend on your choices and profile configuration.

3. How We Collect Personal Data

A. Directly from you

We collect data you provide when you:

  • register for an account;
  • complete onboarding;
  • update your profile;
  • submit blog content;
  • create or claim a directory profile;
  • upload logos, profile images, or team photos;
  • submit a career application; and
  • contact us.

B. Automatically through your use of the Platform

We automatically collect limited technical data needed to maintain sessions, secure authentication, prevent abuse, operate the Platform, troubleshoot errors, and protect the integrity of the service.

C. From service providers or infrastructure supporting the Platform

Our hosting, authentication, storage, email delivery, delivery and security providers may process certain technical and account-related data in the course of providing their services to us.

4. Why We Process Personal Data

We process personal data for the following purposes:

  • to create and manage user accounts;
  • to authenticate users and maintain secure sessions;
  • to verify email ownership and support password reset flows;
  • to build, manage, and display professional profiles and directory listings;
  • to receive, review, publish, moderate, and manage blog content;
  • to support claim, invite, and co-author workflows;
  • to provide bookmarks, notifications, and profile tools;
  • to receive and review career applications;
  • to communicate with users about accounts, security, content, or Platform operations;
  • to detect, prevent, and investigate abuse, fraud, unauthorized access, and security incidents;
  • to maintain and improve the Platform;
  • to comply with legal obligations, enforce our legal rights, and respond to lawful requests; and
  • to operate public-facing content that may be indexed by search engines and AI systems where content is made public.

5. Legal Bases for Processing

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

A. Performance of a contract

We process personal data where necessary to provide the Platform and account-based services you request, including account registration and login, profile creation and management, public profile publication where requested, blog submission and publishing workflows, career application handling, and essential service communications.

B. Legitimate interests

We process personal data where necessary for our legitimate interests, including securing the Platform, preventing abuse, spam, and fraud, protecting accounts and data, administering moderation and approval workflows, handling support and complaints, maintaining reliability and internal operations, and making public-facing content discoverable where users choose to publish it publicly.

C. Legal obligation

We may process personal data where necessary to comply with applicable laws, legal requests, court orders, regulatory obligations, tax and accounting obligations, or enforcement needs.

D. Consent or user-controlled disclosure

In some cases, we rely on your instructions, choices, or consent, especially where you choose to make specific optional information public or where consent is otherwise required under applicable law.

6. Public Profiles, Published Content, Search Engines, and AI Systems

The Platform is designed so that certain content and professional profile information may be publicly accessible.

If you choose to make content or profile information public, you acknowledge that it may be visible to the public, indexed by search engines, accessed, summarized, linked, quoted, cached, archived, or processed by third parties, including AI systems and related discovery tools.

Once public content has been copied or indexed by third parties, we may not be able to fully control or reverse all downstream uses outside our Platform.

7. Cookies and Similar Technologies

Based on the current implementation of the Platform, we use essential cookies and similar technical mechanisms primarily for authentication, session continuity, account security, and necessary Platform operation.

We do not currently state that we use advertising cookies, remarketing cookies, or behavioral tracking tools.

Based on the current application code reviewed for this policy, we also do not identify an active third-party analytics SDK or advertising tracker integrated into the live application code. If analytics, personalization, or non-essential tracking technologies are added in the future, this Privacy Policy and any related consent mechanisms should be updated accordingly.

8. Third-Party Services and Data Recipients

We may share personal data with trusted third-party service providers that process data on our behalf or as part of providing the Platform.

A. Supabase

We use Supabase for backend services including authentication, database infrastructure, and storage. Our Supabase backend is hosted in Frankfurt, Germany.

B. Resend

We use Resend for transactional email delivery, including verification emails, password reset emails, invitation emails, and certain account and notification emails.

C. Vercel

The Platform is deployed on Vercel. Vercel may process technical data required to host, serve, and secure the Platform, including standard request and delivery metadata.

D. Cloudflare

Project infrastructure documentation indicates Cloudflare may be used in connection with DNS, proxying, security, and Zero Trust or Access protection for admin-facing services. Where Cloudflare is enabled in production, it may process relevant technical and security-related data in that role.

E. Google Maps or map-related links and embeds

The Platform may use Google Maps links or embeds to help users locate offices or addresses more easily. If you interact with those features, Google may receive technical and usage data directly from your device.

We may also disclose data to professional advisors, auditors, insurers, legal counsel, public authorities, or courts where reasonably necessary or required by law, and in connection with a merger, acquisition, reorganization, financing, or sale of assets, subject to appropriate safeguards.

9. International Data Transfers

The Platform is global, and personal data may be processed outside your country of residence.

Our backend services are hosted via Supabase in Frankfurt, deployment runs through Vercel, email delivery uses Resend, and international processing and transfer may therefore occur.

Where personal data is transferred internationally, we seek to rely on appropriate legal mechanisms and safeguards where required, which may include contractual safeguards, processor agreements, transfer mechanisms recognized by applicable law, and organizational and technical controls appropriate to the context.

10. How Long We Keep Personal Data

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

A. Account and profile data

We generally retain account and profile data while your account remains active. If you delete your account, we will generally seek to delete or de-activate associated account and profile data within a reasonable period, subject to technical limitations, legal obligations, security needs, dispute handling, and residual backups.

B. OTP and verification records

OTP-related records are retained for short security and operational periods only. Based on the current implementation, expired or used OTP records are cleaned up shortly after expiry or use.

C. Login attempts and security records

Login attempt records and comparable anti-abuse or security records are generally retained only for a limited period, such as up to 90 days, unless a longer period is needed for an active security investigation or legal obligation.

D. Notifications

In-app notification data may be retained while your account remains active and for a reasonable period afterward for operational continuity, recordkeeping, and support.

E. Published blog content and public profile content

Published blog content and public profile content are retained while they remain active on the Platform. If you delete your account, associated public content should generally be removed from active display within a reasonable period, subject to limited backup, integrity, or legal retention constraints.

F. Uploaded images and media

Profile avatars, logos, and similar uploaded media are generally retained while associated profiles remain active. Where the associated profile or account is deleted, those files should also be removed within a reasonable period, subject to backup retention and technical limitations.

G. Career application data

Career application data is generally retained for up to 12 months after the relevant recruitment process ends or the last meaningful interaction, unless a shorter period is legally required or a longer period is necessary for legal defense, compliance, or hiring administration.

11. How We Protect Personal Data

We use reasonable technical and organizational measures designed to protect personal data, including controls relating to authentication and access control, administrative authorization, service-provider infrastructure, security headers, restricted database access policies, secure handling of secrets and credentials, and abuse prevention measures.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your Rights

Depending on your location and applicable law, you may have the right to request:

  • access to your personal data;
  • correction of inaccurate or incomplete personal data;
  • deletion of your personal data;
  • restriction of processing;
  • objection to certain processing;
  • data portability;
  • withdrawal of consent where processing is based on consent; and
  • the right to lodge a complaint with a competent supervisory authority.

If you have an account, some of these rights may also be exercised directly through your account settings or profile tools, including editing profile information and requesting account deletion.

To exercise your rights, contact info@turkishlawblog.com. We aim to respond within 30 days, subject to applicable law and the complexity of the request.

13. Account Deletion and User Requests

The Platform includes an account deletion flow. If you request deletion of your account, we will generally process that request subject to identity verification, security checks, legal or operational retention needs, technical limitations, and backup cycles.

You may also contact TLB for additional help, including requests related to content or data. We will make reasonable efforts to assist with such requests where appropriate and legally permissible.

14. Career Application Privacy

At present, the career portion of the Platform appears limited and may not always have active listings.

Based on the current implementation and our present operating model:

  • career applications are intended for TLB internal hiring purposes;
  • there is no current basis to state that career data is shared with third-party employers;
  • no guarantee of response, interview, or employment is provided; and
  • if future hiring features, third-party employer listings, or resume-upload tools are introduced, this Privacy Policy should be updated before or when those features go live.

15. Children and Minors

The Platform's account creation and data-submission features are intended for individuals aged 18 and over.

We do not knowingly collect personal data from children under 18 in connection with account-based or submission-based features. If you believe that a child under 18 has provided personal data to us in violation of this Privacy Policy, please contact us at info@turkishlawblog.com, and we will take appropriate steps.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.

If we make material changes, we may provide notice by updating the "Last updated" date, publishing the updated version on the Platform, or using other reasonable means where appropriate.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

TLB Teknoloji Medya ve Danışmanlık Limited Şirketi
Merkez Mah. Akar Cad. I Tovvers Bomonti Blok No: 3/23
Şişli / İstanbul
Türkiye
info@turkishlawblog.com