Varlik← Home

Privacy Policy

Last updated: 27 April 2026

Who we are

Varlik ("we") is operated by [COMPANY LEGAL NAME], registered at [REGISTERED ADDRESS] (Tax/MERSIS no: [TAX/MERSIS NO]). Varlik is a personal-finance tracker — not a broker, bank, or investment advisor. We do not connect to your brokerage accounts, route orders, move funds, or execute trades. You manually record positions you already own; we organize and analyze them.

What we collect

  • Account info: email, display name, country, preferred currency. If you sign in with Google: Google account ID and profile photo.
  • Portfolio data: assets, liabilities, goals, transactions you enter. All entered manually — we never scrape or link to external accounts.
  • Technical logs: IP address, user agent, last login time, rate-limit state. Kept short-term for security and abuse prevention.

Cookies

We use two session cookies for authentication: access_token (15 minutes) and refresh_token (30 days). Both are httpOnly, Secure, SameSite=Strict. We use a third locale cookie to remember language preference. No advertising or third-party tracking cookies.

AI processing

When you use the AI coach we send your portfolio summary and your question to Anthropic Claude (Haiku 4.5). Per our agreement with Anthropic, your data is not used to train models. Each call generates a one-shot response and is not memorized.

Third-party services we use

Market data is fetched from public sources without sending any user information — only price/quote queries:

  • TCMB — TRY FX rates
  • CoinGecko — crypto prices
  • Yahoo Finance + stockanalysis.com — equities and indices
  • FRED (Federal Reserve) — macro and inflation series
  • Anthropic — AI coach inference

Disabled integrations are not listed; this section reflects the services actually in use.

Retention & deletion

We keep your data while your account is active. If you delete your account, all data is permanently removed within 30 days (including backups). Logs subject to legal retention obligations may be kept longer where required by law.

Your rights (KVKK / GDPR)

Under Turkish KVKK (Law no. 6698) and the EU GDPR you have the right to access, correct, delete, restrict, port, and object to automated processing of your personal data. Send requests to privacy@archhan.com and we'll respond within 30 days.

Data Controller / Contact

Data Controller (KVKK Veri Sorumlusu): [COMPANY LEGAL NAME].
Contact: privacy@archhan.com