Privacy Policy

The data controller is the independent developer operating Solarch (Solidea brand) in Türkiye. This policy is written to align with Türkiye’s KVKK (Law No. 6698) and, for users in the EEA/UK, the GDPR. Contact: privacy@solarch.dev.

• Account data — your email address and basic profile (e.g. name), via our authentication provider when you sign up or sign in.
• Your content — the projects, diagrams, nodes, and related data you create in Solarch.
• AI inputs & outputs — the prompts and architecture you submit to AI features, and the generated results.
• Billing data — handled by our payment provider (Merchant of Record). We receive limited records (e.g. plan, status, country, last digits) but not your full card details.
• Usage & technical data — basic logs needed to run and secure the service (e.g. timestamps, error events, approximate request metadata).

• Provide, maintain, and improve the service and its AI features.
• Authenticate you and keep your account and projects secure.
• Process payments, trials, and subscriptions through our payment provider.
• Communicate with you about the service, support, and important changes.
• Prevent abuse, fraud, and security incidents, and comply with legal obligations.

Where GDPR applies, we rely on: performance of a contract (to provide the service you sign up for), legitimate interests (to secure and improve the service), consent (where required), and legal obligation (e.g. tax/accounting via our Merchant of Record). Under KVKK we rely on the corresponding grounds in Art. 5, including processing necessary for a contract and our legitimate interests, or your explicit consent where required.

We use a small number of trusted third parties to run Solarch. Rather than name each vendor here, we group them by function:

• Authentication & identity — to manage sign-in and accounts.
• Hosting & database — to store and serve your account and project data.
• AI processing — to generate suggestions and code from your inputs.
• Payments (Merchant of Record) — to sell plans and process billing and tax.

These providers process data only to provide their service to us. We can share the specific providers on request — email privacy@solarch.dev.

When you use AI features, the inputs you provide (your prompts and architecture) are sent to third-party AI providers to produce output. Some of these providers may process data on servers outside Türkiye and the EEA, including in countries that may not offer the same level of data protection. Do not put secrets, credentials, or sensitive personal data into prompts — use environment-variable references instead of raw secret values.

Because our providers operate globally, your data may be transferred to and processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) offered by those providers.

We use only essential cookies required to sign you in and keep your session secure. We do not use advertising or third-party analytics cookies. (If we add analytics in the future, we will update this policy and ask for consent where required.)

We keep account and project data while your account is active. If you delete your account or ask us to, we delete or anonymize your personal data within a reasonable period, except where we must keep limited records to meet legal, tax, or security obligations. Billing records are retained by our Merchant of Record as required by law.

Depending on where you live (KVKK Art. 11 in Türkiye; GDPR in the EEA/UK), you have rights to:

• access the personal data we hold about you and learn how it is processed;
• correct inaccurate data and complete incomplete data;
• request deletion or restriction of processing;
• object to certain processing and withdraw consent (without affecting prior processing);
• request a portable copy of data you provided;
• lodge a complaint with your data protection authority (in Türkiye, the KVKK Board).

To exercise any of these, email privacy@solarch.dev. We respond within the timeframes required by applicable law.

We take reasonable technical and organizational measures to protect your data, including access controls and encryption in transit. No system is perfectly secure, so we cannot guarantee absolute security, but we work to reduce risk and respond to incidents.

Solarch is not directed to anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy. We will change the “Last updated” date and, for material changes, provide reasonable notice. Continued use after changes take effect means you accept the updated policy.

Data controller: independent developer (Solidea brand), Türkiye. Privacy: privacy@solarch.dev · General: info@solidea.tech.