Privacy Policy

Last updated: April 15, 2026 · Effective: April 15, 2026

ERGENEKON Engine ("we," "our," or "us") is operated by İlhan Göktaş. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ergenekon.dev, use our software products, or interact with our services.

  Key Principle: ERGENEKON Engine is a developer tool that runs entirely on your infrastructure. We do not collect, access, or store any of your application data, recordings, or debugging sessions. Your data stays on your machines — always.

1. Information We Collect

1.1 Information You Provide

Account Information: When you purchase a license, we collect your name, email address, company name (optional), and billing information processed through Stripe.
Support Communications: When you contact us for support, we collect your name, email, and the content of your messages.
Newsletter: If you subscribe to our newsletter, we collect your email address.

1.2 Information Collected Automatically

Website Analytics: We may use privacy-respecting analytics (e.g., Plausible or Fathom) that do not use cookies and do not track individuals. We collect aggregate page views, referrer data, browser type, and country-level location.
Server Logs: Standard web server logs including IP addresses (anonymized after 48 hours), request timestamps, and HTTP method/path.

1.3 Information We Do NOT Collect

Your application source code
Recording sessions or debugging data
Database contents or API payloads
Any data processed by the ERGENEKON probe, collector, or replay tools
Behavioral tracking or advertising profiles

2. How We Use Your Information

Purpose	Legal Basis (GDPR)
Process license purchases and deliver license keys	Contract performance
Send transactional emails (license delivery, renewal reminders)	Contract performance
Respond to support requests	Legitimate interest
Send product updates and newsletters (opt-in only)	Consent
Improve our website and documentation	Legitimate interest
Detect and prevent fraud or abuse	Legitimate interest
Comply with legal obligations	Legal obligation

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data with:

Stripe: Payment processing. Stripe acts as an independent data controller. See Stripe's Privacy Policy.
Email Provider: For transactional email delivery (e.g., Resend or SendGrid).
Legal Requirements: If required by law, court order, or governmental authority.

We do not use any advertising networks, social media trackers, or third-party analytics that profile users.

4. Data Retention

Account data: Retained for the duration of your license plus 12 months.
Payment records: Retained for 7 years as required by tax regulations.
Support tickets: Retained for 24 months after resolution.
Server logs: IP addresses anonymized after 48 hours; logs deleted after 30 days.
Newsletter subscriptions: Until you unsubscribe.

5. Your Rights (GDPR / CCPA)

Depending on your location, you have the following rights:

Right to Access: Request a copy of all personal data we hold about you.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data ("right to be forgotten").
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interest.
Right to Withdraw Consent: Withdraw consent at any time (e.g., newsletter).
Right to Restrict Processing: Request that we limit how we use your data.
Right to Non-Discrimination (CCPA): We will not discriminate against you for exercising your rights.

To exercise any of these rights, email us at privacy@ergenekon.dev. We will respond within 30 days.

6. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Security Measures

We implement industry-standard security measures to protect your data:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest
Ed25519 cryptographic signatures for license integrity
Access controls with principle of least privilege
Regular security audits and dependency scanning
No plaintext storage of passwords or API keys

8. Children's Privacy

ERGENEKON Engine is a professional developer tool and is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance.

10. Contact Us

Data Controller: İlhan Göktaş

Email: privacy@ergenekon.dev

Website: ergenekon.dev

GitHub: github.com/zencefilefendi/ergenekon-engine

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.