Privacy Policy

Last updated: December 21, 2025

Mycellia AI ('we', 'our', or 'us') operates as an enterprise AI platform that processes company documents, communications, and data to provide intelligent search and workflow automation services. This Privacy Policy describes how we handle data when you use our services.

Information We Collect: We collect information you provide directly, including account registration details (name, email, company information), uploaded documents and files, usage data (queries, interactions, features used), and technical information (IP addresses, browser type, device information).

How We Use Your Data: We use your information to provide and improve our services, process and index your documents for AI-powered search and chat, maintain security and prevent fraud, respond to your requests and provide customer support, and comply with legal obligations.

Data Security: We implement industry-standard security measures including encryption in transit and at rest, role-based access control (RBAC), regular security audits and penetration testing, SOC 2 Type II compliance standards, and isolated tenant environments for enterprise customers.

Data Storage and Location: Your data is stored in secure data centers. For Turkish customers, we offer sovereign cloud deployment options within Turkey to comply with KVKK (Turkish Personal Data Protection Law) requirements. Enterprise customers can choose on-premises deployment for complete data sovereignty.

Data Retention: We retain your data for as long as your account is active or as needed to provide services. Documents and indexed content are retained according to your subscription plan. You can request deletion of your data at any time, subject to legal retention requirements.

Your Rights: You have the right to access your personal data, correct inaccurate information, delete your data (subject to legal requirements), export your data, object to certain processing activities, and withdraw consent where we rely on consent for processing.

Third-Party Services: We use select third-party services for infrastructure (cloud hosting), analytics (usage metrics), and security (authentication). We do not sell your data to third parties. All third-party processors are bound by strict confidentiality and security obligations.

KVKK Compliance: For Turkish customers, we comply with KVKK (Law No. 6698) by maintaining data processing inventories, implementing technical and administrative safeguards, providing data subject rights mechanisms, and offering data localization options.

Children's Privacy: Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy: We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us: If you have questions about this Privacy Policy or our data practices, please contact us at: privacy@mycellia.com.tr or Mycellia AI, Istanbul, Turkey.