REVLO ENLIGHTENMENT AND CONSENT STATEMENT

Under KVKK and GDPR

Last Updated: October 28, 2025

This document has been prepared to inform you about the processing of your personal data and explicit consent within the scope of services provided by Revlo Artificial Intelligence and Software Inc.

1. Data Controller and Contact Information

Your personal data is processed by Revlo Artificial Intelligence and Software Inc. ("Revlo", "we", "us", "our") in accordance with Law No. 6698 on the Protection of Personal Data (KVKK) and the European Union General Data Protection Regulation (GDPR).

Data Controller: Revlo Artificial Intelligence and Software Inc.
Address: Pınarbaşı Mah. Hürriyet Cd. Antalya Teknokent, Uluğbey Ar-Ge 2 Binası No:34/8125, Konyaaltı/Antalya, Türkiye
Email: info@revloai.com
Web: www.revloai.com
Global License Owner: REVLO AI SOLUTIONS LTD (United Kingdom)

Regarding services provided within the European Economic Area (EEA), Revlo may appoint an EU Representative in accordance with GDPR Article 27 when necessary; information will be published on the website when appointed.

2. Data Processing Scope and Purposes

Purpose	Description	Types of Data Processed	Legal Basis
Service provision	Creation, management, setup and access of user accounts	Name, surname, email, username, business name, facility information	KVKK Art. 5/2(c) – Performance of contract
Guest communication and comment management	Receiving, analyzing, reporting messages, surveys and comments	Message contents, contact information, transaction time	Explicit consent (KVKK Art. 5/1)
Support and issue management	Receiving and responding to technical support requests	Request records, email, log data	Legitimate interest
AI-powered analysis	Text analysis, language translation, sentiment classification	Anonymized content data	Explicit consent (KVKK Art. 5/1)
Legal obligations	Invoice and record keeping, legal compliance	Identity, invoice, transaction data	KVKK Art. 5/2(ç) – Legal obligation
Security and access management	Preventing unauthorized access, system security	IP, device information, session data	Legitimate interest

3. Data Collection Methods

Personal data is collected in digital form through:

Account creation and registration forms on Revlo platforms,
Revlo Connect / Reputation communication windows,
Website contact forms,
Cookie and SDK technologies (only for categories where explicit consent has been given),
Email or support requests.

For detailed information, please refer to the Revlo Cookie Policy.

4. Data Transfer and Sharing

Data may be shared with Revlo's contracted service providers (hosting, infrastructure, AI engine, email system, security infrastructure) when necessary for service provision.
International transfer is conducted securely within the scope of Standard Contractual Clauses (SCCs) or Data Privacy Framework (DPF) mechanisms.
Written data processing agreements are made with all sub-processors in accordance with GDPR Article 28.
Revlo does not sell data to third parties for commercial purposes or use it for marketing purposes.

5. Use of Data in Artificial Intelligence Processes

Revlo products may utilize artificial intelligence services (OpenAI, Google Cloud, Anthropic, etc.) in processes such as message classification, translation, or response suggestion generation.

These processes are only carried out when explicit consent has been obtained.

In AI processes:

Data is processed in anonymized or encrypted form,
Raw data is not used for model training purposes,
No sharing is made with third-party systems,
When consent is not given, data is only subject to manual processing

6. Data Retention Period

Data is retained for the duration of the service and as required by relevant legislation.
When the service or contract ends, personal data is securely deleted or anonymized within 30 days.
System logs are retained for a maximum of 1 year, billing records for 10 years.
Explicit consent records are securely retained for at least 3 years due to audit obligations.

7. Data Subject Rights

Your rights under KVKK Art. 11 and GDPR:

Learn whether your data is being processed,
Request correction if incorrect/incomplete,
Request deletion or anonymization,
Object to processing,
Learn about international transfers,
Withdraw your explicit consent at any time.

You can exercise these rights by writing to info@revloai.com.

Requests are responded to free of charge within 30 days at the latest.

8. Data Security and Breach Notification

Revlo applies industry-standard technical and administrative measures to protect the confidentiality, integrity, and accessibility of data:

TLS encryption, multi-factor authentication, role-based access (RBAC),
Firewall, log monitoring and regular vulnerability tests,
ISO/IEC 27001 compliant security management.

In case of a data security breach, Revlo informs affected persons and the Personal Data Protection Authority (KVKK) within 72 hours at the latest from when it learns of the situation.

9. Children's Data

Revlo products are only intended for businesses (B2B).

Processing of data belonging to persons under 18 years of age is not intended. Data collected by mistake is immediately deleted.

10. Explicit Consent Statement

11. Additional Security and Notification Principles

Revlo commits not to process user data for persons under 18 years of age.
Explicit consent records are securely retained for at least 3 years.
In case of a data breach, the relevant person and authorities are informed within the legal period.

12. Contact

For any questions, suggestions, and applications regarding the protection of your personal data:

📧 info@revloai.com
🏢 Revlo Artificial Intelligence and Software Inc.
Pınarbaşı Mah. Hürriyet Cd. Antalya Teknokent, Uluğbey Ar-Ge 2 Binası No:34/8125, Konyaaltı / ANTALYA – TURKEY

13. Effective Date

This document entered into force on October 28, 2025.

It applies to Revlo's website and all Revlo Connect / Reputation platforms.

Updated versions enter into force on the date of publication.