Aviso de privacidad
Última actualización: 24 de marzo de 2026
A continuación se incluye el texto de referencia en inglés. La versión en turco está disponible en el idioma turco del sitio.
--- The English version below is the reference text for this locale. If you need a certified translation, consult a legal translator.
This Privacy Notice describes how personal data may be processed in connection with CorsAPI. For self‑hosted deployments, you or your organization may act as data controller and processing is primarily under your control.
This text is informational only and is not a substitute for legal advice regarding KVKK, GDPR, or other laws applicable to your situation.
Controller and processing context
If CorsAPI is offered as a hosted service, the operator may act as controller. In self‑hosted setups, you or your organization may be the controller. This notice covers data processed through the web UI and account management.
Categories of data
Identity and contact: name, email, and profile details from OAuth where applicable.
Account and security: password hashes, session/JWT‑related technical data.
Project configuration: CORS origins, host/path rules, quotas, and security settings.
Usage and analytics: request counts, error codes, latency summaries, logs (depending on configuration).
Proxy traffic: target URLs, headers, and response summaries; full payloads may not always be stored.
Purposes and legal bases
Purposes: account creation and authentication; abuse prevention; service delivery and improvement; legal compliance.
Legal bases may include contract performance, legitimate interests, consent where required, or other grounds under GDPR/KVKK and local law.
Retention
Data is kept as long as necessary for the purposes above and any mandatory legal retention. You should cap retention for logs and analytics per your policies. On account deletion, data should be erased or anonymized subject to legal exceptions.
Sharing and subprocessors
Hosting, email delivery, and OAuth providers may process data on our behalf. Their privacy policies apply. International transfers require appropriate safeguards under applicable law.
Security
We aim to apply access controls, encryption in transit where appropriate, and secure development practices; no method of transmission over the Internet is completely secure.
Your rights
Depending on applicable law, you may have rights to access, rectify, erase, restrict processing, object, and data portability. Use account export/delete tools in settings or contact channels published on the site.
Cookies and similar technologies
We may use cookies or local storage for sessions and preferences. You can control these via browser settings; some features may be limited.
Children
The Service is not directed at individuals under 18. We do not knowingly collect data from children.
Changes and contact
This Notice may be updated. Material changes should be communicated by reasonable means. For questions, use the contact or support address published on the website.