Privacy Policy

irispectra.com — Privacy Policy

Effective Date: May 2025 | Last Updated: May 2026

Applicable: KVKK (Turkey) | GDPR (EU) | UK GDPR

Iris photographs constitute biometric data classified as special category personal data under Turkish Law No. 6698 (KVKK) and Article 9 of the GDPR. We process this data exclusively for delivering your requested analysis report.

Section 1 — Data Controller

Deniz, trading as irispectra

irispectra.com

hello@irispectra.com

Istanbul, Turkey

Section 2 — What Data We Collect

2.1 Special Category Data (Biometric)

Iris photographs (both eyes). Processed solely to perform your requested structural analysis.

2.2 Personal Identification

Name, email address, WhatsApp number (Precision Monthly only, if elected)

2.3 Payment Data

Processed by Paddle.com. irispectra does not collect or store payment card data.

2.4 Technical Data

IP address, browser/device info via standard server logs, anonymised analytics.

Section 3 — Legal Basis for Processing

3.1 Explicit Consent

For iris photographs (biometric data). You may withdraw consent at any time by contacting hello@irispectra.com.

3.2 Performance of Contract

For name, email, and communications data.

3.3 Legitimate Interests

For basic website analytics and security logging.

Section 4 — How We Use Your Data

  • To review photographs for technical suitability
  • To perform structural pattern analysis
  • To produce and deliver your personalised report
  • To communicate regarding your submission
  • We do not use your iris photographs for machine learning training without separate explicit consent.

Section 5 — Data Storage and Security

5.1 Storage

Hosted via Vercel (United States). EU/Turkey users acknowledge transfer to US servers under applicable data transfer provisions including Standard Contractual Clauses.

5.2 Retention

Iris photographsDeleted within 30 days of report delivery
ReportsMaximum 12 months
Email correspondenceMaximum 24 months
Payment recordsAs required by law (typically 5 years)

5.3 Security

HTTPS/TLS encryption in transit. Access to photographs restricted to the analyst performing your report. Not stored in publicly accessible directories.

Section 6 — Data Sharing

We do not sell, rent, or share your iris photographs or personal identification data with any third party for any commercial or other purpose.

Limited sharing with: Paddle.com (payment only), Vercel Inc. (hosting), Zoho Corporation (email delivery — email address only).

Section 7 — Your Rights (KVKK Art. 11 / GDPR Art. 15–22)

  • Right of AccessRequest a copy of your data
  • Right to RectificationRequest correction of inaccurate data
  • Right to ErasurePermanent deletion of all data including iris photographs, within 30 days
  • Right to Withdraw ConsentAt any time, by emailing hello@irispectra.com
  • Right to Data PortabilityStructured, machine-readable format
  • Right to ObjectTo processing based on legitimate interests

Right to Lodge a Complaint

Turkey: kvkk.gov.tr | EU: your national supervisory authority | UK: ico.org.uk

Section 8 — Cookies

Minimal essential cookies only. No advertising, third-party tracking, or behavioural profiling cookies.

Section 9 — Children

Service not directed at under-18s. We do not knowingly collect data from minors. Contact hello@irispectra.com immediately if you believe this has occurred.

Section 10 — Contact

hello@irispectra.com

Response within 5 business days.