Data Protection Notice (KVKK)

Data controller is Klyrix Yazılım ("Klyrix"). Contact: kvkk@klyrix.com.

When using the Klyrix VDS panel, the following data is processed: • Identity: name, surname, username, email • Contact: email, IP address • Usage: session recordings (RDP DVR), click events, activity/work-hours logs • Device: WireGuard public key, device identifier (single-device policy) • Financial: payment data via Stripe; card details not stored on Klyrix servers

Personal data is processed for: • Service provision and subscription management (contractual necessity) • Security and audit (legitimate interest) • Legal obligations (tax, invoicing) • Customer support (contractual necessity)

Data is shared with the following processors for service continuity: • Supabase (database hosting — EU region) • Vercel (application hosting — EU region) • Stripe (payment processing — international, with explicit consent) • Resend / AWS SES (email delivery) Klyrix does not sell or transfer personal data to third parties for marketing.

• Account data: 3 years after subscription end • Session DVR: 90 days (configurable by operator) • Invoices and payments: 10 years (Turkish Tax Procedure Law) • System logs: 180 days

As a data subject you may: • Learn whether your data is processed • Request information about processing • Question purposes and appropriateness • Know which third parties data is transferred to • Request correction of inaccurate/incomplete data • Request deletion • Object to adverse automated profiling • Request compensation Applications: kvkk@klyrix.com

Klyrix Yazılım Email: kvkk@klyrix.com Web: klyrix.com