ScholarGate
⌘K
Assistant
EN

Privacy Notice

Last updated: 4 June 2026

This notice explains what personal data ScholarGate ("we") collects, why, the legal grounds, how long we keep it, who we share it with, and the rights you have under Türkiye's KVKK (Law No. 6698) and the EU GDPR. The data controller is ScholarGate.

Data we collect

  • Account: your email address and name when you sign in (e.g. via Google) or are invited.
  • Library: methods you save and collections you create.
  • Assistant: the messages you send to the AI assistant and its replies (chat history).
  • Requests: the email and message you send when reporting an issue or contacting us.
  • Billing: a payment-provider customer reference and a card token reference for subscriptions — we never see or store your card number (handled by the payment provider).
  • Technical: strictly-necessary cookies for sign-in and security (see the Cookie Policy).

Why we process it & legal basis

  • To provide the service and your account (performance of a contract).
  • To authenticate you and keep the service secure (legitimate interest / legal obligation).
  • To run the AI assistant you ask questions to (your request / contract).
  • To take payment for paid tiers (contract).
  • Where we rely on consent (e.g. optional communications), you may withdraw it at any time.

The AI assistant

When you use the assistant, your messages are sent to our AI model provider (Google, Gemini) to generate an answer, and the conversation is stored as chat history. Do not share sensitive personal data in chat. Chat history is retained for a limited period (see Retention) and is deleted when you delete your account.

Cookies

We use only strictly-necessary cookies (session and sign-in security). We do not use advertising or cross-site tracking cookies. See the Cookie Policy for details.

Who we share data with (processors)

  • Google — sign-in (OAuth) and the AI model (assistant).
  • The payment provider (iyzico) — subscription billing.
  • Our database and hosting providers (Neon, Railway) — to operate the service.
  • Our email provider (Resend) — transactional emails (e.g. invites).
  • We do not sell your personal data.

International transfers

Some processors operate outside Türkiye/the EEA. Where data is transferred internationally we rely on appropriate safeguards (e.g. the processor's standard contractual clauses) as required by KVKK/GDPR.

Retention

  • Chat history: kept for a limited period (currently ~90 days) then automatically purged.
  • Account, library and billing records: kept while your account is active and as required by law, then deleted or anonymised.

Your rights (KVKK Art. 11 / GDPR)

  • Access — learn what data we hold and request a copy (export).
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and associated data ('right to be forgotten').
  • Objection / restriction — object to or limit certain processing.
  • You can exercise account access, export and deletion from your account settings, or by contacting us below.

Security

We protect data with signed, HMAC-verified sessions, hashed passwords, server-side authorization, TLS in transit and access controls. No system is perfectly secure, but we work to industry standards.

Changes

We may update this notice; material changes will be reflected by the date above.

Contact

To exercise your rights or ask a question, use the Contact form. This document is provided in good faith and should be reviewed against your final legal requirements.

Cookie Policy · Contact