Back to Forum
πŸ‡ΉπŸ‡· TR πŸ‡¬πŸ‡§ EN
πŸ”’ Privacy Policy

Privacy Policy & Personal Data Protection

This Privacy Policy explains how Dr. Devrim Dental Forum collects, uses, stores and protects your personal data in accordance with applicable law.

Table of Contents
  1. Data Controller
  2. Personal Data We Collect
  3. Purposes and Legal Basis of Processing
  4. How We Protect Your Data
  5. Data Retention Periods
  6. Data Sharing & Third Parties
  7. Your Rights
  8. Cookies & Analytics
  9. Children's Privacy
  10. Contact & Applications

1 Data Controller

The data controller responsible for your personal data is Ekin Sipahi, operating under Dr. Devrim Dental Clinic, Istanbul, Turkey.

Controller: Ekin Sipahi β€” Dr. Devrim Dental Clinic
Location: Istanbul, Turkey
Email: ekinsipahi8@gmail.com

2 Personal Data We Collect

When you register on Dr. Devrim Dental Forum, we collect only the following data:

DataWhy We Collect ItMandatory?
Full NameAccount identification and display in the platformYes
Email AddressAccount login, password reset, system notificationsYes
Phone NumberAppointment requests and clinic communicationYes
PasswordAccount authentication β€” stored as a one-way bcrypt hash; never readableYes
Session/Usage DataImproving content recommendations; no personally identifying data retainedAutomatic
πŸ”’ Your name, email and phone number are never displayed publicly. All forum contributions are published under a masked alias (e.g. "A. K.**").

3 Purposes and Legal Basis of Processing

We process your personal data solely for the following purposes and on the following legal bases:

  • Account creation and authentication β€” necessary for the performance of our service contract with you (GDPR Art. 6(1)(b) / KVKK Art. 5(2)(c)).
  • Password reset and transactional emails β€” necessary for the performance of our service (same legal basis as above).
  • Appointment facilitation (phone number) β€” based on your explicit consent given at registration (GDPR Art. 6(1)(a) / KVKK Art. 5(1)).
  • Content moderation β€” legitimate interest in maintaining a safe and lawful platform (GDPR Art. 6(1)(f) / KVKK Art. 5(2)(f)).
  • Legal obligations β€” where required by applicable Turkish or EU law.
ℹ️ We do not use your personal data for advertising, profiling, or selling to third parties. Ever.

4 How We Protect Your Data

  • Passwords: All passwords are stored exclusively as bcrypt hashes using Django's built-in PBKDF2-SHA256 algorithm with a per-user salt. Plain-text passwords are never stored or logged.
  • Encryption in transit: All data is transmitted over HTTPS/TLS. Unencrypted HTTP connections are redirected automatically.
  • Access control: Personal data is accessible only to authorised personnel (the data controller). No third-party staff has access.
  • Forum anonymisation: Your name and email are replaced with a masked alias before any content is published on the platform.
  • No data sales: We do not sell, rent, trade or otherwise disclose your personal data to third parties for commercial purposes.
  • Session security: Session tokens are stored server-side and rotated on login to prevent session fixation attacks.
⚠️ Despite our best efforts, no internet transmission is 100% secure. If you suspect a security incident, please contact us immediately at ekinsipahi8@gmail.com.

5 Data Retention Periods

Data CategoryRetention Period
Account data (name, email, phone)Until account deletion + 3 years (legal obligation)
Password hashDeleted immediately upon account deletion
Forum content (questions, comments)Until content deletion request, or account deletion
Session / anonymous usage data90 days rolling window
Email logs (password reset etc.)90 days

Upon account deletion all personal identifiers are permanently erased from our systems. Anonymised aggregate statistics (e.g. total question count) may be retained indefinitely.

6 Data Sharing & Third Parties

We do not sell, rent or share your personal data with third parties for marketing or commercial purposes. Limited data sharing occurs only in the following circumstances:

  • Hosting infrastructure: Our servers are hosted on a Turkish or EU-compliant cloud provider. The provider processes data solely as a data processor under our instructions and is contractually bound to adequate security standards.
  • AI content moderation: Submitted questions and comments are passed to an AI moderation API (OpenAI) for automated review. Only the text content is transmitted β€” no name, email or phone number is included. Processed data is not retained by the API provider beyond the request lifecycle per their data processing agreement.
  • Legal disclosure: We may disclose data if required by a court order, subpoena or applicable Turkish law. We will notify you where legally permitted.
βœ… No personal data is transferred to countries outside Turkey or the EU/EEA without adequate safeguards (standard contractual clauses or equivalent).

7 Your Rights

Under applicable law (KVKK Article 11 / GDPR Article 15–22), you have the right to:

  • Be informed β€” learn whether your personal data is being processed.
  • Access β€” request a copy of your personal data.
  • Rectification β€” request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") β€” request deletion of your personal data where there is no legal obligation to retain it.
  • Restriction β€” request that we limit how we use your data in certain circumstances.
  • Data portability β€” receive your data in a structured, machine-readable format.
  • Object β€” object to processing based on legitimate interests.
  • Withdraw consent β€” withdraw any consent you have given at any time, without affecting the lawfulness of processing prior to withdrawal.
  • Lodge a complaint β€” complain to the Personal Data Protection Authority (KVKK) of Turkey or your local supervisory authority.

To exercise any of these rights, send a written request to ekinsipahi8@gmail.com. We will respond within 30 days as required by law.

8 Cookies & Analytics

We use only the following cookies:

  • Session cookie (sessionid) β€” strictly necessary; keeps you logged in. Expires at session end or after 2 weeks.
  • CSRF token (csrftoken) β€” strictly necessary; protects forms from cross-site request forgery.
  • Theme preference (qa-theme) β€” stored in localStorage; remembers your dark/light mode choice. Not transmitted to the server.

We do not use advertising cookies, third-party tracking pixels, Google Analytics, or any other third-party analytics service that could identify you personally.

9 Children's Privacy

Dr. Devrim Dental Forum is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that a minor has registered, we will promptly delete their data. If you believe a minor has provided us with personal data, please contact us at ekinsipahi8@gmail.com.

10 Contact & Applications

For any question, request or complaint relating to your personal data, or to exercise any of your rights listed above, please contact us:

Data Controller: Ekin Sipahi β€” Dr. Devrim Dental Clinic
Email: ekinsipahi8@gmail.com
Location: Istanbul, Turkey
Authority: Personal Data Protection Authority (KVKK)

All requests will be responded to within 30 days. Requests must include sufficient information to verify your identity (e.g. the email address associated with your account).

Last updated: 10 Mart 2026 Version 1.0