Personal Data Protection and Processing Policy (KVKK)

As ChildSafely (hereinafter referred to as the "Platform"), in our capacity as data controller, and in accordance with the Personal Data Protection Law No. 6698 ("KVKK"), we attach utmost importance to the security and privacy of the personal data of our children, parents, and teachers.

This text has been prepared to inform you about the data processed within the scope of artificial intelligence literacy and child safety training on our Platform.

Data Minimization: We collect only the "minimum level" of data necessary for the sustainability of education and safety.

Data Controller: ChildSafely
Address: Istanbul, Turkey
Contact: info@childsafely.com

2. Processed Personal Data and Processing Purposes

On our Platform, data is processed by classifying it according to user type (Child, Parent, Teacher) and purpose of use:

• Account and Identity Information: Name-surname, date of birth (for age verification), gender, e-mail address.
  Purpose: Creation of membership, provision of age-appropriate content, and operation of the parental consent mechanism.
• Education and Progress Data: Registered courses, completed modules, exam results, badges, and certificates.
  Purpose: Monitoring educational performance, providing motivational feedback, and measuring artificial intelligence literacy development.
• Artificial Intelligence Interaction Data: Correspondence with AI assistants or tools within the Platform, entered commands (prompts).
  Purpose: Generating user-specific responses by the artificial intelligence model, monitoring content safety (Child Safety), and improving the Platform's AI model (data is used anonymously).
• Technical and Usage Data: IP address, device information, browser type, session durations, click data.
  Purpose: Ensuring system security, troubleshooting errors, and improving user experience (UX).
• Parent/Teacher Communication Data: Parent's/teacher's contact information, data on establishing connection with the child.
  Purpose: Obtaining necessary legal consents for children's safety and sharing progress reports.

3. Transfer of Personal Data

Your personal data may be transferred within the framework of the conditions specified in Articles 8 and 9 of the KVKK to:

• Our Business Partners: Providers from whom we receive cloud computing and data storage services (in cases where servers are abroad, within the framework of relevant legislation),
• Legal Authorities: Public institutions and judicial authorities to whom we have an obligation to provide information as required by law,
• Security Auditors: Relevant expert organizations, limited to the purpose of auditing our child safety protocols.

Google Cloud services are used for our Platform's technological infrastructure and data storage processes. In this context, your personal data may be transferred to Google LLC's data centers abroad (EU and/or USA), where data security standards are kept at the highest level. This transfer is carried out in accordance with the procedures and principles in Article 9 of the KVKK, for the purpose of ensuring the uninterrupted continuation of our services and data security.

4. Method and Legal Basis for Personal Data Collection

Your personal data is collected through fully automated means via Platform registration forms, educational module interactions, and cookies. The legal grounds for our processing activities are:

• Establishment and performance of the user agreement,
• Fulfillment of our legal obligations,
• Necessity of data processing for the establishment, exercise, or protection of a right,
• Important: "Explicit Consent" of the parent/guardian for child data.

5. Special Measures for the Protection of Children's Data

As ChildSafely, we categorize children's data as "highly sensitive data":

• Parental Consent: Registration of users under 18 (or 13) years of age is not activated without parental email consent.
• Prohibition of Commercial Use: Children's data is never used for advertising, marketing, or commercial profiling purposes.
• Data Minimization: We collect a "minimum level" of data solely for the sustainability of education and safety.

6. Rights of the Data Subject

Pursuant to Article 11 of the KVKK, everyone has the right to apply to the data controller and:

• Learn whether their data is processed, and if so, request information,
• Learn the purpose of processing and whether it is used appropriately,
• Know the third parties to whom it is transferred domestically/abroad,
• Request correction if it is incomplete/incorrectly processed,
• Request deletion or destruction of data (Right to be Forgotten),
• Object to analysis performed through automated systems.

7. Contact and Application

To exercise your rights, you can apply in writing with identity-confirming documents to info@childsafely.com with a secure electronic signature or to the address Istanbul, Turkey.