Privacy Policy

Gizlilik Politikasi

Last updated: March 24, 2026

Son guncelleme: 24 Mart 2026

1. Overview & Core Principle

This Privacy Policy (“Policy”) describes how Owlivion (“we,” “us,” or “our”) collects, uses, stores, and protects personal data in connection with the OwlMail desktop email client and associated services (collectively, the “Service”).

This Policy applies to all users worldwide and addresses the requirements of the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Turkish Personal Data Protection Law No. 6698 (KVKK), and other applicable privacy legislation.

Our Core Principle: OwlMail is built on a local-first, privacy-by-design architecture. Your emails, credentials, and personal data remain on your device. We collect zero telemetry, deploy zero tracking pixels, and operate zero ad networks. We do not collect data we do not need.

OwlMail is open-source software distributed under the MIT License. The source code is publicly auditable, providing full transparency into our data handling practices.

2. Data Controller Information

The data controller responsible for your personal data is:

For GDPR and KVKK purposes, Owlivion acts as the data controller for personal data processed through the OwlMail Service.

3. Data We Collect

OwlMail is a local-first application. The vast majority of data never leaves your device. The following table details all categories of data processed:

Category Data Types Storage Location
Email Account Credentials Email address, IMAP/SMTP server settings, OAuth 2.0 tokens OS Keychain (local device only)
Email Content Messages, headers, attachments, drafts Encrypted local SQLite database (AES-256-GCM)
Contacts Names, email addresses derived from correspondence Encrypted local SQLite database
Application Settings Theme, language, keyboard shortcuts, notification preferences, signature templates, labels, filters Local device storage
AI Phishing Detection (opt-in) Sender email address, email subject line Transmitted to Google Gemini API; not stored by Owlivion
AI Smart Reply (opt-in) Email content provided by user Transmitted to Google Gemini API; not stored by Owlivion
Ollama Local AI (opt-in) Email content processed locally Local device only; no data leaves device
Owlivion Sync (opt-in) Account settings, contacts, preferences, signatures End-to-end encrypted on Owlivion servers
OAuth 2.0 Tokens Access tokens, refresh tokens for Google/Microsoft OS Keychain (local device only)

No Telemetry: OwlMail does not collect usage analytics, crash reports, device fingerprints, IP addresses, or any form of behavioral telemetry.

4. Purpose of Processing

We process personal data solely for the following purposes:

  • Core Email Functionality: Sending, receiving, and organizing email via IMAP/SMTP protocols.
  • Account Authentication: Authenticating with email providers via OAuth 2.0 or stored credentials.
  • AI-Assisted Phishing Detection (opt-in): Analyzing sender addresses and subject lines to identify potential phishing threats.
  • AI-Assisted Smart Replies (opt-in): Generating contextual email reply suggestions based on user-provided email content.
  • Tracking Pixel Blocking: Detecting and blocking remote tracking pixels embedded in incoming emails.
  • Cross-Device Sync (opt-in): Synchronizing account settings, contacts, and preferences across devices using end-to-end encryption via the Owlivion Sync service.
  • Personalization: Applying user-configured themes, shortcuts, signatures, labels, and filter rules.

5. Legal Basis for Processing

Under GDPR (Article 6)

  • Art. 6(1)(b) — Contractual Necessity: Processing your email account credentials and email content is necessary to perform the Service you requested.
  • Art. 6(1)(a) — Consent: AI features (phishing detection, smart replies) and Owlivion Sync are activated only upon your explicit, informed opt-in consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Art. 6(1)(f) — Legitimate Interest: Security measures such as tracking pixel blocking and local encryption serve our legitimate interest in protecting users from threats, balanced against your interests and fundamental rights.

Under KVKK (Article 5)

  • Art. 5(2)(c): Processing directly related to the establishment or performance of a contract (email service delivery).
  • Art. 5(2)(f): Processing necessary for the legitimate interests of the data controller, provided it does not violate the fundamental rights of the data subject (security measures).
  • Art. 5(1): Explicit consent for optional AI features and Owlivion Sync.

6. Data Transfers

OwlMail minimizes data transfers to third parties. The following table details all circumstances in which data may be transmitted:

Recipient Purpose Condition
Your Email Provider (Google, Microsoft, etc.) Email sending/receiving via IMAP/SMTP, OAuth authentication Required for core functionality
Google Gemini API AI phishing detection (sender + subject only); AI smart reply (email content) Only when user explicitly opts in and triggers the feature
Owlivion Sync Server Cross-device synchronization of settings, contacts, preferences Only when user opts in; data is end-to-end encrypted before transmission

Local AI Alternative: Users may choose Ollama as a fully local AI backend. When Ollama is selected, no email content is transmitted to any external service.

7. International Data Transfers

When you opt in to AI features powered by Google Gemini, data may be transferred to Google servers located in the United States or other jurisdictions. These transfers are conducted in compliance with GDPR Chapter V, relying on:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission;
  • Google’s Data Processing Addendum and applicable certifications;
  • Your explicit consent under Article 49(1)(a) GDPR, obtained at the point of opting in to AI features.

Owlivion Sync servers are located in Turkey (EU adequacy decision pending individual assessment). End-to-end encryption ensures that even in the event of a lawful data request, decrypted content is inaccessible to Owlivion or any third party.

For KVKK compliance, international data transfers are conducted in accordance with Article 9 of the KVKK and relevant board decisions of the Personal Data Protection Authority of Turkey (KVKK Kurulu).

8. Data Retention

  • Local Data (emails, credentials, settings): Retained on your device until you delete them or uninstall OwlMail. Owlivion has no access to or copies of this data.
  • AI Processing Data: Data sent to Google Gemini is processed in real-time and not stored by Owlivion. Google’s retention policies apply to data received by the Gemini API.
  • Owlivion Sync Data: Retained in encrypted form on Owlivion servers for the duration of your account. Upon account deletion, all synced data is permanently erased within 30 days.
  • Sensitive Memory: OwlMail uses the Zeroize library to securely wipe cryptographic keys and passwords from memory after use, preventing residual data in RAM.

9. Your Rights — GDPR (Articles 15–22)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right of Access (Art. 15): Obtain confirmation of whether your personal data is being processed and request a copy of such data.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): Request deletion of your personal data where no compelling reason exists for continued processing.
  • Right to Restriction (Art. 18): Request restriction of processing in specific circumstances (e.g., while accuracy of data is contested).
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right Not to be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Since OwlMail stores data locally on your device, you can exercise most of these rights directly by modifying or deleting your data within the application. For Owlivion Sync data, contact privacy@owlivion.com.

You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Your Rights — CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) afford you the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of personal information we have collected.
  • Right to Opt-Out of Sale/Sharing: Owlivion does not sell or share personal information as defined by the CCPA/CPRA. No opt-out is necessary.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: Owlivion does not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Service.

To exercise these rights, contact privacy@owlivion.com. We will verify your identity before processing your request and respond within 45 days as required by law.

Do Not Sell My Personal Information: Owlivion does not sell, rent, lease, or trade any personal information to third parties for monetary or other valuable consideration.

11. Your Rights — KVKK (Article 11)

If you are located in Turkey, the Personal Data Protection Law No. 6698 (KVKK) grants you the following rights:

  • Learn whether your personal data has been processed;
  • Request information about the processing if your data has been processed;
  • Learn the purpose of processing and whether the data is used in accordance with that purpose;
  • Know the third parties to whom your data has been transferred, domestically or abroad;
  • Request rectification if the data is incomplete or inaccurate;
  • Request deletion or destruction of personal data under the conditions set forth in Article 7 of the KVKK;
  • Request notification of rectification, deletion, or destruction operations to third parties to whom data has been transferred;
  • Object to any result arising exclusively from automated processing that is to your detriment;
  • Claim compensation for damages arising from unlawful processing of personal data.

To exercise your KVKK rights, submit a written request to privacy@owlivion.com with the subject line “KVKK Basvurusu.” We will respond within 30 days as required by law. You may also file a complaint with the Personal Data Protection Authority (Kisisel Verileri Koruma Kurumu).

12. Cookies & Website

The OwlMail website (owlivion.com) is designed with privacy in mind:

  • No Cookies: We do not set any cookies, including analytics, advertising, or tracking cookies.
  • No Analytics: We do not use Google Analytics, Mixpanel, Amplitude, or any third-party analytics service.
  • No Ad Trackers: We do not deploy advertising pixels, retargeting scripts, or social media tracking buttons.
  • IP Geolocation: The website may use a client-side IP geolocation request (via ipapi.co) solely to determine your preferred language (Turkish or English). This request is made from your browser directly to the third-party service; Owlivion does not log or store your IP address.

13. Children’s Privacy

OwlMail is not directed at individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data to us through the Owlivion Sync service, please contact us at privacy@owlivion.com and we will promptly delete such data.

14. Data Security Measures

We implement the following technical and organizational measures to safeguard your data:

  • AES-256-GCM Encryption: All locally stored email data is encrypted using the AES-256-GCM authenticated encryption algorithm.
  • OS Keychain Integration: Passwords and OAuth tokens are stored in your operating system’s native secure credential store (macOS Keychain, Windows Credential Manager, Linux Secret Service).
  • HKDF Key Derivation: Cryptographic keys are derived using the HKDF standard from the Ring cryptographic library.
  • Zeroize Memory Wiping: Sensitive data such as passwords and cryptographic keys are securely wiped from memory immediately after use.
  • TLS/SSL: All network communications (IMAP, SMTP, API calls) are encrypted in transit using TLS 1.2 or higher.
  • End-to-End Encryption (Sync): Data synchronized via Owlivion Sync is encrypted on your device before transmission. Owlivion servers cannot decrypt your synced data.
  • Tracking Pixel Blocker: OwlMail automatically detects and blocks remote tracking pixels in incoming emails, preventing senders from monitoring your activity.
  • Open-Source Auditing: The full source code is publicly available under the MIT License, enabling independent security audits.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last updated” date at the top of this page;
  • Provide notice through the OwlMail application or our website;
  • Where required by applicable law, obtain your consent before implementing changes that materially affect the processing of your personal data.

We encourage you to review this Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated Policy.

16. Contact / Data Protection Officer

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

We endeavor to respond to all legitimate requests within 30 days. In certain circumstances, response time may extend to 60 days where the complexity or volume of requests warrants it, in which case we will notify you of the extension and the reasons for it.

1. Genel Bakis ve Temel Ilke

Bu Gizlilik Politikasi (“Politika”), Owlivion’un (“biz” veya “sirketimiz”) OwlMail masaustu e-posta istemcisi ve ilgili hizmetler (topluca “Hizmet”) kapsaminda kisisel verileri nasil topladigini, kullandigini, sakladigini ve korudugunu aciklar.

Bu Politika, dunyadaki tum kullanicilara uygulanir ve AB Genel Veri Koruma Tuzugu (GDPR), Kaliforniya Tuketici Gizliligi Yasasi (CCPA), 6698 Sayili Kisisel Verilerin Korunmasi Kanunu (KVKK) ile diger yururlukteki gizlilik mevzuatinin gerekliliklerini karsilar.

Temel Ilkemiz: OwlMail, yerel-oncelikli ve tasarimdan-gizlilik mimarisi uzerine insa edilmistir. E-postalariniz, kimlik bilgileriniz ve kisisel verileriniz cihazinizda kalir. Sifir telemetri toplar, sifir izleme pikseli kullanir ve sifir reklam agi isletiriz. Ihtiyacimiz olmayan veriyi toplamayiz.

OwlMail, MIT Lisansi altinda dagitilan acik kaynakli bir yazilimdir. Kaynak kodu herkese acik olup veri isleme uygulamalarimiz konusunda tam seffaflik saglar.

2. Veri Sorumlusu Bilgileri

Kisisel verilerinizden sorumlu veri sorumlusu:

GDPR ve KVKK acisindan Owlivion, OwlMail Hizmeti araciligiyla islenen kisisel veriler icin veri sorumlusu sifatiyla hareket eder.

3. Topladigimiz Veriler

OwlMail yerel-oncelikli bir uygulamadir. Verilerin buyuk cogunlugu cihazinizdan asla cikmaz. Asagidaki tablo, islenen tum veri kategorilerini detaylandirir:

Kategori Veri Turleri Saklama Yeri
E-posta Hesap Kimlik Bilgileri E-posta adresi, IMAP/SMTP sunucu ayarlari, OAuth 2.0 tokenlari Isletim Sistemi Anahtar Zinciri (yalnizca yerel cihaz)
E-posta Icerigi Mesajlar, basliklar, ekler, taslaklar Sifreli yerel SQLite veritabani (AES-256-GCM)
Kisiler Yazismalardan elde edilen isimler ve e-posta adresleri Sifreli yerel SQLite veritabani
Uygulama Ayarlari Tema, dil, klavye kisayollari, bildirim tercihleri, imza sablonlari, etiketler, filtreler Yerel cihaz depolamasi
AI Kimlik Avi Tespiti (istege bagli) Gonderen e-posta adresi, e-posta konu satiri Google Gemini API’sine iletilir; Owlivion tarafindan saklanmaz
AI Akilli Yanit (istege bagli) Kullanici tarafindan saglanan e-posta icerigi Google Gemini API’sine iletilir; Owlivion tarafindan saklanmaz
Ollama Yerel AI (istege bagli) Yerel olarak islenen e-posta icerigi Yalnizca yerel cihaz; hicbir veri cihazdisina cikmaz
Owlivion Sync (istege bagli) Hesap ayarlari, kisiler, tercihler, imzalar Owlivion sunucularinda uctan uca sifreli
OAuth 2.0 Tokenlari Google/Microsoft icin erisim ve yenileme tokenlari Isletim Sistemi Anahtar Zinciri (yalnizca yerel cihaz)

Sifir Telemetri: OwlMail kullanim analitikleri, cokme raporlari, cihaz parmak izleri, IP adresleri veya herhangi bir davranissal telemetri toplamaz.

4. Isleme Amaclari

Kisisel verileri yalnizca asagidaki amaclarla isleriz:

  • Temel E-posta Islevseligi: IMAP/SMTP protokolleri araciligiyla e-posta gonderme, alma ve duzenleme.
  • Hesap Kimlik Dogrulama: OAuth 2.0 veya kayitli kimlik bilgileri araciligiyla e-posta saglayicilariyla kimlik dogrulama.
  • AI Destekli Kimlik Avi Tespiti (istege bagli): Potansiyel kimlik avi tehditlerini belirlemek icin gonderen adreslerini ve konu satirlarini analiz etme.
  • AI Destekli Akilli Yanitlar (istege bagli): Kullanici tarafindan saglanan e-posta icerigine dayali olarak baglamsal yanit onerileri olusturma.
  • Izleme Pikseli Engelleme: Gelen e-postalara gomulu uzak izleme piksellerini tespit etme ve engelleme.
  • Cihazlar Arasi Senkronizasyon (istege bagli): Owlivion Sync hizmeti araciligiyla uctan uca sifreleme kullanarak hesap ayarlari, kisiler ve tercihleri cihazlar arasinda senkronize etme.
  • Kisisellestirme: Kullanici tarafindan yapilandirilan temalari, kisayollari, imzalari, etiketleri ve filtre kurallarini uygulama.

5. Islemenin Hukuki Dayanagi

GDPR Kapsaminda (Madde 6)

  • Md. 6(1)(b) — Sozlesmesel Zorunluluk: E-posta hesap kimlik bilgilerinizin ve e-posta iceriginin islenmesi, talep ettiginiz Hizmetin yerine getirilmesi icin gereklidir.
  • Md. 6(1)(a) — Riza: AI ozellikleri (kimlik avi tespiti, akilli yanitlar) ve Owlivion Sync yalnizca acik ve bilgilendirilmis onayiniz uzerine etkinlestirilir. Rizanizi onceki islemenin hukuka uygunlugunu etkilemeksizin istediginiz zaman geri cekebilirsiniz.
  • Md. 6(1)(f) — Mesru Menfaat: Izleme pikseli engelleme ve yerel sifreleme gibi guvenlik onlemleri, kullanicilari tehditlere karsi korumadaki mesru menfaatimize hizmet eder.

KVKK Kapsaminda (Madde 5)

  • Md. 5(2)(c): Bir sozlesmenin kurulmasi veya ifasiyla dogrudan ilgili isleme (e-posta hizmet sunumu).
  • Md. 5(2)(f): Ilgili kisinin temel hak ve ozgurluklerine zarar vermemek kaydiyla, veri sorumlusunun mesru menfaatleri icin gerekli olan isleme (guvenlik onlemleri).
  • Md. 5(1): Istege bagli AI ozellikleri ve Owlivion Sync icin acik riza.

6. Veri Aktarimlari

OwlMail, ucuncu taraflara veri aktarimini en aza indirir. Asagidaki tablo, verilerin iletilebilecegi tum durumlari detaylandirir:

Alici Amac Kosul
E-posta Saglayiciniz (Google, Microsoft vb.) IMAP/SMTP araciligiyla e-posta gonderme/alma, OAuth kimlik dogrulama Temel islevsellik icin gereklidir
Google Gemini API AI kimlik avi tespiti (yalnizca gonderen + konu); AI akilli yanit (e-posta icerigi) Yalnizca kullanici acikca tercih ettiginde ve ozelligi tetiklediginde
Owlivion Sync Sunucusu Ayarlar, kisiler ve tercihlerin cihazlar arasi senkronizasyonu Yalnizca kullanici tercih ettiginde; veriler iletim oncesi uctan uca sifrelenir

Yerel AI Alternatifi: Kullanicilar tamamen yerel bir AI arka ucu olarak Ollama’yi secebilir. Ollama secildiginde, hicbir e-posta icerigi herhangi bir harici hizmete iletilmez.

7. Uluslararasi Veri Aktarimlari

Google Gemini tarafindan desteklenen AI ozelliklerini tercih ettiginizde, veriler Amerika Birlesik Devletleri’nde veya diger yargi bolgesindeki Google sunucularina aktarilabilir. Bu aktarimlar, GDPR Bolum V uyarinca asagidakilere dayanilarak gerceklestirilir:

  • Avrupa Komisyonu tarafindan kabul edilen Standart Sozlesme Hukumleri (SCC’ler);
  • Google’in Veri Isleme Eki ve gecerli sertifikalari;
  • AI ozelliklerini tercih etme noktasinda alinan GDPR Madde 49(1)(a) kapsamindaki acik rizaniz.

Owlivion Sync sunuculari Turkiye’de bulunmaktadir. Uctan uca sifreleme, yasal bir veri talep durumunda bile sifrelenmis icerigin Owlivion veya herhangi bir ucuncu tarafca erisilemez olmasini saglar.

KVKK uyumu icin uluslararasi veri aktarimlari, KVKK Madde 9 ve Kisisel Verileri Koruma Kurulu’nun ilgili kararlari uyarinca gerceklestirilir.

8. Veri Saklama Sureleri

  • Yerel Veriler (e-postalar, kimlik bilgileri, ayarlar): Siz silene veya OwlMail’i kaldirana kadar cihazinizda saklanir. Owlivion’un bu verilere erisimi veya kopyasi yoktur.
  • AI Isleme Verileri: Google Gemini’ye gonderilen veriler gercek zamanli olarak islenir ve Owlivion tarafindan saklanmaz. Gemini API’si tarafindan alinan veriler icin Google’in saklama politikalari gecerlidir.
  • Owlivion Sync Verileri: Hesabiniz boyunca Owlivion sunucularinda sifreli olarak saklanir. Hesap silinmesinin ardindan senkronize edilmis tum veriler 30 gun icinde kalici olarak silinir.
  • Hassas Bellek: OwlMail, kullanim sonrasinda kriptografik anahtarlari ve sifreleri bellekten guvenli bir sekilde silmek icin Zeroize kutuphanesini kullanir ve RAM’de kalinti veriyi onler.

9. Haklariniz — GDPR (Madde 15–22)

Avrupa Ekonomik Alani (AEA), Birlesik Krallik veya Isvicre’de bulunuyorsaniz, GDPR kapsaminda asagidaki haklara sahipsiniz:

  • Erisim Hakki (Md. 15): Kisisel verilerinizin islenip islenmediginin teyidini alma ve bu verilerin bir kopyasini talep etme.
  • Duzeltme Hakki (Md. 16): Yanlis veya eksik kisisel verilerin duzeltilmesini talep etme.
  • Silme Hakki (Md. 17): Islemenin devami icin zorlayici bir neden bulunmadiginda kisisel verilerinizin silinmesini talep etme.
  • Islemeyi Kisitlama Hakki (Md. 18): Belirli durumlarda islemenin kisitlanmasini talep etme.
  • Veri Tasinabilirligi Hakki (Md. 20): Kisisel verilerinizi yapilandirilmis, yaygin olarak kullanilan, makine tarafindan okunabilir bir formatta alma.
  • Itiraz Hakki (Md. 21): Mesru menfaatlere dayali islemeye veya dogrudan pazarlama amacli islemeye itiraz etme.
  • Otomatik Karar Almaya Tabi Olmama Hakki (Md. 22): Yalnizca otomatik islemeye dayali, hukuki veya benzer sekilde onemli etkiler dogurran kararlara tabi olmama.
  • Rizayi Geri Cekme Hakki (Md. 7(3)): Daha once verilen rizayi istediginiz zaman geri cekme.

OwlMail verileri cihazinizda yerel olarak sakladigindan, bu haklarin cogunu uygulama icinden verilerinizi degistirerek veya silerek dogrudan kullanabilirsiniz. Owlivion Sync verileri icin privacy@owlivion.com adresine basvurun.

10. Haklariniz — CCPA (Kaliforniya)

Kaliforniya sakini iseniz, Kaliforniya Tuketici Gizliligi Yasasi (CCPA) ve Kaliforniya Gizlilik Haklari Yasasi (CPRA) asagidaki haklari tanir:

  • Bilgi Edinme Hakki: Hakkimizda toplanan kisisel bilgi kategori ve parcalarinin aciklanmasini talep etme.
  • Silme Hakki: Toplanan kisisel bilgilerin silinmesini talep etme.
  • Satis/Paylasim Devre Disi Birakma Hakki: Owlivion, CCPA/CPRA tanimi kapsaminda kisisel bilgileri satmaz veya paylasmaz. Devre disi birakma gerekli degildir.
  • Ayrimciliga Ugramama Hakki: CCPA haklarinizi kullandiginiz icin ayrimci muameleye tabi tutulmazsiniz.
  • Duzeltme Hakki: Yanlis kisisel bilgilerin duzeltilmesini talep etme.
  • Hassas Kisisel Bilgi Kullanimini Sinirlandirma Hakki: Owlivion, hassas kisisel bilgileri Hizmetin sunulmasi icin gerekli olanlarin otesinde kullanmaz veya aciklamaz.

Bu haklari kullanmak icin privacy@owlivion.com adresine basvurun. Talebinizi islemeden once kimliginizi dogrulayacak ve yasanin gerektirdigi sekilde 45 gun icinde yanit verecegiz.

Kisisel Bilgilerimi Satmayin: Owlivion, hicbir kisisel bilgiyi parasal veya diger degerli bir karsilik icin ucuncu taraflara satmaz, kiralamaz veya takas etmez.

11. Haklariniz — KVKK (Madde 11)

Turkiye’de bulunuyorsaniz, 6698 Sayili Kisisel Verilerin Korunmasi Kanunu (KVKK) size asagidaki haklari tanir:

  • Kisisel verilerinizin islenip islenmedigini ogrenme;
  • Kisisel verileriniz islenmisse buna iliskin bilgi talep etme;
  • Kisisel verilerin islenme amacini ve bunlarin amacina uygun kullanilip kullanilmadigini ogrenme;
  • Yurt icinde veya yurt disinda kisisel verilerin aktarildigi ucuncu kisileri bilme;
  • Kisisel verilerin eksik veya yanlis islenmis olmasi halinde bunlarin duzeltilmesini isteme;
  • KVKK Madde 7’deki kosullar cercevesinde kisisel verilerin silinmesini veya yok edilmesini isteme;
  • Duzeltme, silme veya yok etme islemlerinin kisisel verilerin aktarildigi ucuncu kisilere bildirilmesini isteme;
  • Islenen verilerin munhasiran otomatik sistemler vasitasiyla analiz edilmesi suretiyle aleyhine bir sonucun ortaya cikmasina itiraz etme;
  • Kisisel verilerin kanuna aykiri olarak islenmesi sebebiyle zarara ugramasi halinde zararin giderilmesini talep etme.

KVKK haklarinizi kullanmak icin privacy@owlivion.com adresine “KVKK Basvurusu” konusuyla yazili basvuru yapin. Yasanin gerektirdigi sekilde 30 gun icinde yanit verecegiz. Ayrica Kisisel Verileri Koruma Kurumu’na sikayet basvurusunda bulunabilirsiniz.

12. Cerezler ve Web Sitesi

OwlMail web sitesi (owlivion.com) gizlilik oncelikli tasarlanmistir:

  • Cerez Yok: Analitik, reklam veya izleme cerezleri dahil hicbir cerez kullanmiyoruz.
  • Analitik Yok: Google Analytics, Mixpanel, Amplitude veya herhangi bir ucuncu taraf analitik hizmeti kullanmiyoruz.
  • Reklam Izleyici Yok: Reklam pikselleri, yeniden hedefleme betikleri veya sosyal medya izleme dumeleri kullanmiyoruz.
  • IP Cografi Konum: Web sitesi, yalnizca tercih ettiginiz dili (Turkce veya Ingilizce) belirlemek icin istemci tarafli bir IP cografi konum istegi (ipapi.co araciligiyla) kullanabilir. Bu istek tarayicinizdan dogrudan ucuncu taraf hizmetine yapilir; Owlivion IP adresinizi kaydetmez veya saklamaz.

13. Cocuklarin Gizliligi

OwlMail, 16 yasindan (veya yargi bolgenizde gecerli dijital riza yasindan) kucuk bireylere yonelik degildir. Cocuklardan bilerek kisisel veri toplamayiz. Bir cocugun Owlivion Sync hizmeti araciligiyla bize kisisel veri sagladigina inaniyorsaniz, lutfen privacy@owlivion.com adresinden bizimle iletisime gecin; bu verileri derhal silecegiz.

14. Veri Guvenligi Onlemleri

Verilerinizi korumak icin asagidaki teknik ve idari onlemleri uyguluyoruz:

  • AES-256-GCM Sifreleme: Yerel olarak saklanan tum e-posta verileri, AES-256-GCM kimlik dogrulamali sifreleme algoritmasi kullanilarak sifrelenir.
  • Isletim Sistemi Anahtar Zinciri Entegrasyonu: Sifreler ve OAuth tokenlari, isletim sisteminizin yerel guvenli kimlik bilgisi deposunda saklanir (macOS Keychain, Windows Credential Manager, Linux Secret Service).
  • HKDF Anahtar Turetme: Kriptografik anahtarlar, Ring kriptografi kutuphanesinden HKDF standardi kullanilarak turetilir.
  • Zeroize Bellek Silme: Sifreler ve kriptografik anahtarlar gibi hassas veriler, kullanim sonrasinda bellekten aninda guvenli bir sekilde silinir.
  • TLS/SSL: Tum ag iletisimleri (IMAP, SMTP, API cagrilari) TLS 1.2 veya ustunde sifrelenerek aktarilir.
  • Uctan Uca Sifreleme (Sync): Owlivion Sync araciligiyla senkronize edilen veriler, iletim oncesi cihazinizda sifrelenir. Owlivion sunuculari senkronize verilerinizin sifresini cozemez.
  • Izleme Pikseli Engelleyici: OwlMail, gelen e-postalardaki uzak izleme piksellerini otomatik olarak tespit eder ve engeller.
  • Acik Kaynak Denetimi: Tam kaynak kodu MIT Lisansi altinda herkese acik olup bagimsiz guvenlik denetimlerine olanak tanir.

15. Bu Politikadaki Degisiklikler

Bu Gizlilik Politikasini zaman zaman uygulamalarimiz, teknoloji, yasal gereklilikler veya diger faktorlerdeki degisiklikleri yansitmak icin guncelleyebiliriz. Onemli degisiklikler yaptigimizda:

  • Bu sayfanin ustundeki “Son guncelleme” tarihini guncelleyecegiz;
  • OwlMail uygulamasi veya web sitemiz araciligiyla bildirimde bulunacagiz;
  • Yururlukteki yasanin gerektirdigi durumlarda, kisisel verilerinizin islenmesini onemli olcude etkileyen degisiklikleri uygulamadan once rizanizi alacagiz.

Bu Politikayi duzenli olarak gozden gecirmenizi oneririz. Herhangi bir degisiklikten sonra Hizmeti kullanmaya devam etmeniz, guncellenmis Politikanin kabulu anlamina gelir.

16. Iletisim / Veri Koruma Sorumlusu

Bu Gizlilik Politikasi veya veri koruma uygulamalarimiz hakkindaki her turlu soru, endise veya talep icin bizimle iletisime gecin:

Tum mesru taleplere 30 gun icinde yanit vermeye calisiyoruz. Belirli durumlarda, taleplerin karmasikligi veya yogunlugu gerektirdiginde yanit suresi 60 gune uzayabilir; bu durumda sizi uzatma ve nedenlerini bildirecegiz.