Hexis AI Governance

Privacy Policy

Last updated: 16 March 2026 · Turkce versiyonu

Hexis AI Governance ("Hexis", "we") is committed to protecting personal data across all services provided through the hexis.center platform. This policy describes our data processing activities in accordance with Turkey's Personal Data Protection Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

Information	Details
Data Controller	Hexis AI Governance
Founder	Ozden Coskun
Contact	[email protected]
Website	hexis.center

2. Data We Collect

hexis.center operates on a data minimisation principle. We transparently list all data we collect below:

2.1 Automatically Collected Data

      We do not use cookies. hexis.center does not place any cookies or tracking files in your browser. This is why you do not see a cookie consent banner on our site.
    

When a privacy-friendly analytics tool is active (such as Plausible), only the following anonymous data is collected without cookies:

Page view counts (no individual identification)
Referral source (which site you came from)
Country/city-level location (IP address is not stored)
Device type and browser information (aggregate statistics only)

2.2 Tool Usage Data

Tool	Data	Storage
EU AI Act Checklist	Progress status	localStorage (on your device only, never sent to our servers)
Risk Classifier / Generator	Form inputs	Session memory, cleared when page is closed
FRIA	Assessment responses	Session memory, cleared when page is closed

2.3 User-Provided Data

Information you optionally provide through the KVKK Compliance Assessment tool:

Email address, name, company name, sector, assessment score
This data is stored on Cloudflare Workers KV
Automatic deletion period: 365 days (TTL)
Not shared with any third party

3. Legal Basis

Processing Activity	KVKK Basis	GDPR Basis
Anonymous analytics (cookie-free)	Art. 5/2(f) — Legitimate interest	Art. 6(1)(f) — Legitimate interest
localStorage (checklist progress)	No processing (data stays on device)	No processing (no server transmission)
KVKK Lead form (optional)	Art. 5/1 — Explicit consent	Art. 6(1)(a) — Consent

4. Data Retention and Security

Lead data: Stored on Cloudflare Workers KV for 365 days, then automatically deleted (TTL mechanism)
Checklist data: Stored only in your browser (localStorage) — never transmitted to our servers, deletion is under your control
Transfer security: All communication is encrypted via HTTPS/TLS
Infrastructure: GitHub Pages (hosting) + Cloudflare Workers (API) — both are SOC 2 Type II certified

5. Third-Party Services

Service	Purpose	Data Transfer
GitHub Pages	Website hosting	Static file serving (no personal data processed)
Cloudflare Workers	API infrastructure	Lead form data (KVKK compliance assessment)
Plausible Analytics	Anonymous traffic analysis	Cookie-free, no IP storage, EU servers

      We do not share data with advertising networks. hexis.center does not share any user data with advertising networks, data brokers, or third-party marketing services.
    

6. Your Rights

Under KVKK Art. 11 and GDPR Chapter III, you have the following rights:

Right to information: Learn whether your personal data is being processed
Right of access: Request access to your processed data
Right to rectification: Request correction of incomplete or inaccurate data
Right to erasure: Request deletion of your personal data
Right to restrict processing: Object to the processing of your data
Right to data portability: Receive your data in a structured format (GDPR)

How to exercise your rights: Send an email to [email protected]. Your request will be answered within 30 days.

Right to complain: Under KVKK, you may apply to the Personal Data Protection Authority (kvkk.gov.tr). Under GDPR, you may contact the relevant data protection authority in your country.

7. Cookie Policy

      hexis.center does not use cookies.

      Our site does not place any first-party or third-party cookies. Our analytics tool uses cookie-free technology. This is why you do not see a cookie consent banner — there is no need for one.

      localStorage usage: The EU AI Act Checklist tool uses your browser's localStorage feature to save your progress. This data stays only on your device, is never sent to our servers, and can be cleared from your browser settings at any time.

8. Policy Updates

This privacy policy was last updated on 16 March 2026. Significant changes will be announced on this page. We recommend checking periodically.

Questions about this policy: [email protected]

This document is for informational purposes. For legal validity, review by a data protection specialist is recommended.