Back to Home

Privacy Policy

Last updated: 01.10.2025

Privacy Policy

Last updated: 01.10.2025

1. Introduction

Welcome to Hardal. We as Hardal.Inc. and Bubrise Teknoloji A.Ş (collectively "Hardal") respect your privacy and are committed to protecting your personal data. Hardal knows how important privacy is to our customers and wish to ensure you are informed about the manner in which we collect, use and share your personal data. The protection of your privacy is of the utmost importance to us, so it goes without saying that we comply with the legal stipulations on data protection. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our applications, or engage with our services.

2. Controller Information

The controllers of your personal data are one or more of the Insider group companies listed here

Hardal Inc.

Bubrise Teknoloji A.Ş.

Data protection office: Should you have any questions about our data protection measures, the processing of your data or the protection of your rights as a data subject, you can contact us and our data protection officer as follows:

Berkay Demirbaş Barış Gürbüzler

Information Security Management System Policy

The Information Security Management System Policy is established within the framework of legal requirements. In accordance with the Bubrise Teknoloji Anonim Şirketi Licensing Regulation, published in the Official Gazette dated 23.02.2024 and numbered 11029, the Policy aims to ensure business continuity and to minimize risks.

The purpose of this Policy is to protect the information assets of Bubrise Teknoloji Anonim Şirketi and Hardal Inc against all internal, external, intentional, or accidental threats in the process of ensuring the continuity of primary and supporting business activities.

This Policy covers the information assets of Hardal and all internal/external stakeholders with which the Company communicates.

The Policy ensures the following:

  • Preservation of information integrity.
  • Protection of information confidentiality against unauthorized access.
  • Maintenance of information availability.
  • Monitoring and fulfillment of legal and regulatory requirements, as well as the provisions related to information security contained in -agreements with business partners, customers, and suppliers.
  • Business continuity plans are maintained, kept up to date, and regularly tested.
  • Information Security Training applies to all employees.
  • Procedures are prepared in a manner that supports this Policy.
  • Managers are responsible for the implementation of this Policy and for raising awareness within their teams.
  • Understanding of the Information Security Policy is mandatory for all parties interacting with Bubrise Teknoloji Anonim Şirketi.

The Board of Directors of Bubrise Teknoloji Anonim Şirketi has approved this Information Security Policy.

3. Information We Collect

3.1 Personal Data

We may collect the following personal data:

  • Identity Information: Your first and last name
  • Contact Information: Email address, telephone number
  • Business Information: Company name, type of business, job title
  • Technical Data: IP address, device ID, browser type and version, operating system
  • Usage Data: Information about how you use our website and services, including:
    • The URL and IP address of websites that referred you to us
    • Pages you visit on our website and links you click
    • Time and duration of your visits
    • Actions taken on our website
  • Marketing Preferences: Your consent to receive marketing materials
  • Communication Data: Your correspondence with us
  • Job applicants

3.2 Data Collection Methods

We collect data through:

  • Direct interactions when you provide information
  • Automated technologies or interactions via cookies and similar technologies
  • Third parties or publicly available sources

4. How We Use Your Data

We use your personal data for these purposes:

Purpose Legal Basis
Account creation and management Performance of a contract
Provision of services Performance of a contract
Communication about services Legitimate interests
Technical administration and security Legitimate interests
Marketing (with consent) Consent
Compliance with legal obligations Legal obligation

5. Data Retention and Deletion

5.1 Account Information

If you already have an account on the Product, you may access, update, alter, or delete your basic user profile information by logging into your account and updating profile settings.

5.2 Retention Periods

Hardal will retain your information for as long as your account is active or as needed to:

  • Perform our contractual obligations
  • Provide you services through the Product
  • Comply with legal obligations
  • Resolve disputes
  • Preserve legal rights
  • Enforce our agreements

Retention periods will be determined taking into account:

  • The type of information collected
  • The purpose for which it is collected
  • Requirements applicable to the situation
  • The need to destroy outdated, unused information at the earliest reasonable opportunity

For instance, in respect of data held for the management of customers and potential customers, we consider the lead time necessary to develop and maintain our commercial relationships and how recent our interactions are with you. We may rectify, update or remove incomplete or inaccurate information, at any time and at our own discretion.

For more information on our retention periods, you can contact us at: support@usehardal.com

5.3 Special Retention Circumstances

Please note that due to the open-source nature of our products, services, and community, we may retain limited personal information indefinitely in order to ensure transactional integrity and nonrepudiation. For example:

  • If you provide your information in connection with a blog post, GitHub issue or comment, we may display that information even if you have deleted your account as we do not automatically delete community posts.
  • As described in our Terms of Use, if you contribute to a Hardal project and provide your personal information in connection with that contribution, that information (including your name) will be embedded and publicly displayed with your contribution and we will not be able to delete or erase it because doing so would break the project code.
  • We can open-source the product whenever we want.

5.4 Retention Time Guidelines

Personal Data shall be processed and stored for as long as required by the purpose for which they have been collected.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Data Subject and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Data Subject's legitimate interests shall be retained as long as needed to fulfill such purposes. if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
  • insofar as statutory storage obligations exist, until the end of the storage periods Users may find specific information regarding the legitimate interests pursued by the Data Subject within the relevant sections of this document or by contacting the Data Subject.

The Data Subject may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Data Subject may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

6. Sharing Your Information

We may share your personal data with:

  • Service Providers: Third parties who perform services for us (hosting, payment processing, analytics)
  • Business Partners: When you have explicitly consented to such sharing
  • Legal Requirements: In response to lawful requests by public authorities
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Hardal Companies

We might share anonymized behavioral data

We generally do not share any personally-identifiable information (such as name, country, and email) with third party service providers and external websites. But we might share anonymized behavioral data.

7. Legal Basis of Data Processing

We base the processing of your data on the following legal bases:

  • Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
  • The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
  • The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate Interests:

When processing your data, we pursue the following legitimate interests:

  • The improvement of our offer
  • Protection of our systems against misuse
  • On the production of statistics
  • For the storage of our correspondence with you

We require all third parties to respect your data's security and to treat it in accordance with the law.

7. International Transfers

Your data may be transferred to and processed in countries outside your country of residence. We implement appropriate safeguards for such transfers, including:

  • EU Standard Contractual Clauses
  • Additional technical and organizational security measures

8. Confidentiality and Data Protection

8.1 Definition of Confidential Information

Ideas, projects, expert information, design, invention, business method and patent, copyright, disclosed by one of the Parties to the other Party or the person or persons assigned by it during the works/duties/services defined in this agreement or actually performed, or learned by the other Party or the person or persons assigned by it within the scope of the sale and service provided, all written or verbal commercial, financial, technical information and communication methods to be learned during the work and all kinds of innovations that are or are not subject to trademark, trade secret, know-how or other legal protection are considered confidential information.

8.2 Confidentiality Obligations

During the continuation of this agreement, the parties agree to take the necessary measures to keep the computer programs, designs, concepts, techniques, processes, methods, systems, circuits, formulas, experimental studies, experimental developments, studies in the development stage, source codes of the software, establishment and software development information belonging to each other completely confidential against third parties, except for the mandatory notifications required by the relevant legislation and laws. They accept and undertake not to benefit from the information. In the event that any of the parties does not comply with the confidentiality terms and the confidential information is shared, it undertakes to cover all damages incurred by the other party.

8.3 Personal Data Protection Compliance

In the event that the parties obtain data within the scope of the Personal Data Protection Law to be applied due to this Agreement, they will act in accordance with the relevant legal regulations ("Personal Data Legislation"), especially this law, the secondary legislation related to the law and the decisions of the Personal Data Protection Board, and take the necessary measures for the protection of personal data. They accept, declare and undertake that they will act in accordance with the Personal Data Legislation and that the necessary systems are available/established when faced with a request for deletion, destruction or anonymization from a data Data Subject or the other party to the Agreement.

8.4 Third-Party Service Providers

Hardal uses the following third-party software providers:

  1. Companies which provide cloud server computing services
  2. Companies which provide communication, e-mail server, and client relationship management services, where the exchange of messages, e-mails may include personal data
  3. Companies which help to monitor the behaviour of the Website's visitors or provide advertising or marketing services
  4. Companies which provide financial services, processing accounting documents and the personal data contained therein
  5. Companies which help with work management with further personal data processing
  6. Companies which help with your account registration or authorization with further processing of your personal information

9. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. These include:

  • Encryption of sensitive data
  • Secure network infrastructure
  • Regular security assessments
  • Access controls

10. Your Rights

Under GDPR:

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your personal data
  • Right to restrict processing: Request limitation of processing your data
  • Right to data portability: Request transfer of your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw previously given consent

Under CCPA

Notice to US Residents: If you are a US resident, you may have the right to:

  • request to know about and obtain access to the personal information we have collected about you;
  • request that we delete the personal information we have collected about you, subject to applicable legal exceptions;
  • request a list of the specific third parties to which we have disclosed personal data (as such terms are defined under applicable laws and regulations);
  • request to update or correct your personal information;
  • request to opt out of targeted advertising and/or the sale or sharing of your personal information (as defined under applicable laws and regulations);
  • request that we restrict our use of your personal information; and
  • exercise such other rights and choices as may be afforded to you under applicable US state privacy laws and regulations.

To exercise these rights, please contact us at support@usehardal.com.

11. Cookies and Similar Technologies

We use first-party cookies and similar tracking technologies to enhance your experience on our website. Types of cookies we use:

  • Strictly necessary cookies: Required for the website to function
  • Statistics cookies: Help us understand how you interact with our website
  • Marketing cookies: Used to track visitors across websites for advertising purposes

Hardal utilizes Hardal to track the performance of specific marketing campaigns and in certain products. This enables third-party service providers to create tailored advertisements on our behalf across various touchpoints. These providers may collect your IP address and non-personally identifiable information—data that excludes personal details, contact information, and the like. Furthermore, these cookies provide statistical insights into website usage and its overall performance

You can manage your cookie preferences through our cookie settings tool or your browser settings.

12. Children's Privacy

Our services are not intended for use by children under the age of 18, and we do not knowingly collect personal data from children.

13. Updates to This Policy

From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on our sites and applications, or by other means, consistent with applicable law.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

  • Email: support@usehardal.com
  • Address: Hardal Inc., 1401 PENNSYLVANIA AVE. UNIT 105 WILMINGTON DE, USA 19806

15. Legal Information

  • Bubrise Teknoloji A.Ş. is a Turkish company registered with the Turkish Trade Registry Office.
  • Hardal Inc. is a Delaware corporation registered under file number 564800.
  • Hardal is hosted on servers provided by Huawei Cloud, Google Cloud Platform, Amazon Web Services, Microsoft Azure, Yandex Cloud, and additional third-party cloud providers located in the US, EU, and Türkiye (Turkey).
  • Hardal uses authentication modules, tokens, and two-factor authentication (2FA) with open-source or licensed frameworks to manage user authentication.
  • All data transmitted by users is encrypted using SHA-256 and is not stored in logs. This data is programmatically deleted after 30 days.

This privacy policy relates solely to this Application unless otherwise stated within this document.

16. Details About the Right to Object to Processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Data Subject or for the purposes of the legitimate interests pursued by the Data Subject, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Data Subject is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.