TR EN Home
Privacy Policy

Privacy Policy

This document explains what data we collect while you use Planoral, why we collect it, and your rights. Last updated: 18.06.2026

1. Data Controller

The Planoral platform is operated by the legal entity providing the service ("Company") as the data controller under Türkiye's Personal Data Protection Law (KVKK) and, where applicable, GDPR. Contact: kvkk@planoral.com.

2. Data We Collect

2.1. Account Information

Name, surname, email address, phone number, clinic name, tax information, billing address.

2.2. Patient Data (entered by the clinic)

Patient identity information, anamnesis records, imaging files (DICOM), treatment plans. These data belong to the relevant clinic; the Company acts as a data processor.

2.3. Usage Data

IP address, browser information, session durations, click streams, error logs.

2.4. Payment Data

Card details are not stored on Company servers; they are processed by our payment provider iyzico in a PCI-DSS-compliant manner. The Company keeps only transaction references.

3. Processing Purposes

  • Providing, maintaining, and improving the service
  • User authentication and account security
  • Billing and payment flows
  • Fulfilling legal obligations
  • Support and communication

4. Legal Basis

KVKK art. 5/2: contract performance, legal obligation, legitimate interest. For sensitive health data (KVKK art. 6), explicit consent is required.

5. Cookies

We use strictly necessary cookies for session management. Analytical cookies (Plausible / first-party metrics) are used only for anonymous measurements that do not contain personal data. No third-party advertising cookies are used.

6. Transfers

Data is not shared with third parties other than the payment provider, email provider, and hosting service. Cross-border transfers are not made without explicit consent or an adequacy decision under KVKK/GDPR.

7. Retention Period

Account data: retained for the duration of the service + legal retention period (typically 10 years).
Patient imaging data: retained per clinic request; deleted within 30 days after account closure.
Backups: automatically deleted on a 30-day rotation.

8. Your Rights (KVKK art. 11 / GDPR)

  • Request information about processing of your data
  • Request correction, deletion, and anonymization
  • Request restriction of processing
  • Request notification of third parties to whom data was transferred
  • Object to automated decision-making
  • Request compensation in case of damage

For requests, contact us at kvkk@planoral.com. Requests are answered within 30 days.

9. Changes

This policy may be updated. Users are notified by email of material changes.