BulfinexBulfinexBack to Home

Privacy Policy

Last updated: March 24, 2026 | KVKK & GDPR Compliant

1. Data Controller

Bulfinex (“we”, “us”) operates as the data controller under the Turkish Personal Data Protection Law (KVKK, Law No. 6698) and the EU General Data Protection Regulation (GDPR).

2. Data We Collect

Account Data: Email address, name (optional), hashed password.

Blockchain Data: Wallet addresses (public by design), deployed token metadata, transaction hashes.

Usage Data: Pages visited, features used, API call counts. Collected via privacy-friendly analytics (no cookies).

What We Never Collect: Private keys, seed phrases, wallet balances, personal financial data, credit card numbers (handled by payment processors).

3. How We Use Your Data

  • To provide and maintain the Platform.
  • To authenticate your account and protect against unauthorized access.
  • To track deployed tokens and transaction status.
  • To send service notifications (deployment confirmations, security alerts).
  • To improve the Platform based on aggregate usage patterns.

4. Data Storage & Security

Data is stored in Neon PostgreSQL (cloud-hosted). All connections use TLS encryption. Passwords are bcrypt-hashed. API keys are SHA-256 hashed. We apply the principle of data minimization — we only store what is necessary for service delivery.

5. Third-Party Services

We use the following services that may process your data:

  • Cloudflare: CDN, DDoS protection, DNS
  • Hetzner: Server hosting infrastructure
  • Neon: PostgreSQL database hosting
  • Blockchain Networks: Transaction data is public on-chain

6. Your Rights (KVKK Article 11)

Under KVKK, you have the right to:

  • Learn whether your personal data is being processed.
  • Request information about processing activities.
  • Learn the purpose of processing and whether data is used accordingly.
  • Know the third parties to whom data is transferred.
  • Request correction of incomplete or inaccurate data.
  • Request deletion or destruction of your data.
  • Object to automated decision-making.
  • Claim compensation for damages from unlawful processing.

7. Data Retention

Account data is retained while your account is active. Upon deletion request, we remove personal data within 30 days. Blockchain transaction data cannot be deleted as it exists on public blockchains. Anonymized analytics data may be retained indefinitely.

8. Cookies

We use minimal cookies for session management only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our Cookie Policy for details.

9. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users within 72 hours and report to the Turkish Personal Data Protection Authority (KVKK Board) as required by law.

10. Contact

For privacy inquiries or to exercise your rights, contact us at privacy@bulfinex.com.