Privacy Policy

Solustiq Yazılım ve Yapay Zeka Teknolojileri A.Ş. is the controller of personal data processed about visitors, account holders and prospects in connection with the Resilira service. Our registered address is Abdurrahman Mah. Şehit Emniyet Müdürü Ertan Nezihi Turan Cad. Yaşar Atlı Plaza No: 7 İç Kapı No: 40, 22030 Merkez / Edirne, Türkiye.

For data you put into the platform about your own people (your “Customer Data”), you are the controller and we act as your processor under our Data Processing Agreement.

Contact for privacy matters: privacy@resilira.com.

• Account data: name, work email, organisation, role, and authentication identifiers (including via Google/Microsoft SSO if you use it).
• Customer Content: the organisation, process, plan, risk, exercise and incident data you enter — which may include names and contact details of your staff.
• Billing data: handled by our payment processor (Stripe); we store plan, status and the last four digits / brand of a card, never full card numbers.
• Usage and device data: log data, IP address, browser type, and product analytics used to operate and improve the Service.
• Communications: messages you send us for support or sales.

Under the GDPR (and the corresponding bases under KVKK Art. 5), we rely on:

• Performance of a contract — to provide, maintain and support the Service and process billing.
• Legitimate interests — to secure the Service, prevent abuse, and improve our product (balanced against your rights).
• Consent — for optional analytics/marketing cookies and marketing emails, which you can withdraw at any time.
• Legal obligation — to comply with accounting, tax and other legal duties.

Customer Data is hosted in the European Union (Frankfurt, Germany) and encrypted at rest. As the company is established in Türkiye and some subprocessors operate outside the EEA/Türkiye, international transfers may occur. Where they do, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and equivalent KVKK mechanisms.

Our current subprocessors are listed on the Subprocessors page.

We keep personal data for as long as your account is active and as needed to provide the Service. After termination, Customer Data is available for export for 30 days and then deleted or anonymised, except where longer retention is required by law (for example, billing records). Backups are rotated on a defined schedule.

Subject to applicable law, you have the right to access, rectify, erase, restrict and port your personal data, to object to certain processing, and to withdraw consent. Under KVKK Art. 11 you have equivalent rights, including to learn whether your data is processed and to request correction or deletion.

To exercise any right, contact privacy@resilira.com. You also have the right to lodge a complaint with a supervisory authority — your local EU/EEA authority, or in Türkiye the Personal Data Protection Authority (KVKK Kurumu).

We apply technical and organisational measures including encryption in transit and at rest, database row-level tenant isolation, role-based access control, an append-only audit log, and least-privilege access for staff. No method is perfectly secure, but we work to protect your data and to notify you of breaches as required by law.

We use strictly necessary cookies to run the Service and, with your consent, optional analytics cookies. See our Cookie Policy for details and choices.

The Service is a business tool not directed to children, and we do not knowingly collect data from anyone under 18.

We may update this policy; we will notify you of material changes. Questions: privacy@resilira.com.