Iron Goo

Privacy Policy

This policy explains what data we collect through this website, why we collect it, how long we keep it, and how to exercise your rights under the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the EU General Data Protection Regulation (GDPR).

1. Who we are

Iron Goo is an agency operated by Grid Pulsar that helps small and mid-sized businesses adopt AI tooling. For anything related to this site or the data you share with us, the data controller is Iron Goo, reachable at [email protected].

2. What we collect

Through our contact form we collect the fields you fill in: your name, email address, company, role, package of interest, project size, timeline, and the message itself. We do not ask for anything beyond what is on the form.

Our web server also writes standard access logs for each request: IP address, timestamp, requested URL, response status, user agent, and referrer. These logs are the same kind any web server produces and exist for security and operations.

3. Why we collect it

Under GDPR, our lawful basis for the contact-form data is legitimate interest (Art. 6(1)(f)): you wrote to us about your project and we need that information to reply. Server logs rely on the same basis; keeping a site secure and reachable is the legitimate interest there.

Under KVKK, the equivalent basis is lawful processing under Art. 5/2, specifically that processing is necessary for the legitimate interests of the data controller, provided your fundamental rights and freedoms are not harmed.

4. How we use it

We use contact-form data to reply to your message, scope the work, send proposals, and run the project if you become a client. That is the whole purpose.

We do not send marketing email from the contact form. If you ever want updates from us, you have to sign up separately. We do not build profiles, score leads, or feed your data into automated decision-making.

5. Retention

We keep contact-form submissions for up to 24 months, then delete them. Server access logs are kept for 30 days and then rotated out. If you want your inquiry deleted sooner, email us and we will remove it within 30 days.

6. Transfers and processors

The site itself runs on a Hetzner server in Germany. Email sent from the contact form is delivered through Resend, our email provider. Resend is a US company that offers EU data residency; depending on the routing, your message may transit servers in the EU or the US. For any EU-to-US transfer we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer mechanism.

We do not share your data with any other processor today. If that changes, we will update this page before any new processor goes live.

7. Cookies

We set one first-party cookie called ig_cookie_consent. It stores the fact that you clicked OK on the cookie bar so we do not show the bar again. It contains no identifier, no tracking signal, and no profile data.

We do not run Google Analytics, Meta Pixel, or any third-party tracker today. If we ever add one, we will disclose it on this page before it goes live and ask for your consent through the cookie bar.

8. Your rights

Under KVKK Art. 11 and GDPR Arts. 15 to 22, you can ask us to: confirm whether we hold data about you, give you a copy of it, correct it if it is wrong, delete it, restrict how we process it, hand it over to another provider in a portable format, or object to processing. You can also withdraw any consent you gave at any time.

To use any of these rights, email [email protected] from the address you contacted us with, or include enough detail for us to match you to your record. We respond within 30 days. If you are not satisfied with our response, you can complain to your local data protection authority (in Turkey, the KVKK Board; in the EU, the supervisory authority in your country).

9. Contact for privacy requests

Send privacy requests to [email protected]. Put “Privacy request” in the subject line so we can route it quickly.

10. Changes to this policy

If we change how we handle data, we will update this page and move the effective date below. Material changes will be flagged at the top of the page for at least 30 days. Continued use of the site after that means you have seen the new version.

Effective date: 22 May 2026.