hesaplabs logohesaplabs
Calculator

Privacy Policy

Last updated: March 2026

1. Introduction

At Hesaplabs ("we", "our", or "site"), protecting our users' privacy is our primary priority. This Privacy Policy explains what information is collected, how it is used, and how it is protected when you visit, use, and/or register on our website at hesaplabs.com.

By using our site, you agree to this policy. If you do not agree, please do not use the site.

This policy has been prepared to meet the requirements of the Turkish Personal Data Protection Law (KVKK No. 6698) and the European Union General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for processing your personal data is Hesaplabs. You can reach the data controller via our contact page.

3. Information We Collect

3.1 Automatically Collected Data

When you visit our site, the following information may be collected automatically:

  • IP address (anonymized)
  • Browser type and version
  • Operating system and device type
  • Referrer URL (the site you came from)
  • Pages visited and time spent
  • Date and time of visit
  • Screen resolution and language setting

This data is used for statistical purposes only and is not used to personally identify you.

3.2 Account Registration Data

When you create a free account, the following information is collected:

  • Email address (for authentication and communication)
  • Full name (optional, for profile display)
  • Password (stored securely using bcrypt; never stored in plain text)

3.3 Usage Data

If you have an account, the following usage data may be stored on our servers:

  • Calculators and tools you have marked as favorites
  • Recently used tools (last access time)
  • Tools you have marked as "useful"

This data is used solely to improve your personal experience and is not shared with third parties.

3.4 Contact Form

When you use the contact form, the name, email address, and message content you voluntarily provide are collected. This information is used solely to respond to you and is never shared with any third party.

3.5 Anonymous Visitor Tracking

Hesaplabs performs anonymous visitor tracking for features such as ad display limits. The data collected includes: a browser fingerprint hash (cannot personally identify you), visit date, and page view count. IP addresses are not stored.

4. Cookies

Hesaplabs uses cookies to improve user experience, analyze site traffic, and serve personalized advertisements. For detailed information about cookies, please visit our Cookie Policy page.

Types of Cookies We Use:

  • Essential Cookies: Required to use the site (session cookies, language and theme preference).
  • Analytics Cookies: Used via Google Analytics to measure site usage. This data is kept anonymous.
  • Advertising Cookies: Used by Google AdSense to display ads relevant to your interests.

5. Google Services

5.1 Google Analytics

Our site uses Google Analytics 4 to analyze visitor statistics. IP anonymization is enabled, so full IP addresses are not transmitted to Google servers. To learn how Google uses this data, visit google.com/policies/privacy/partners.

To opt out of Google Analytics tracking, you can install the browser add-on at tools.google.com/dlpage/gaoptout.

5.2 Google AdSense

Hesaplabs uses Google AdSense as a third-party advertising service. Google AdSense uses the DART cookie to serve ads personalized to users' interests based on visits to hesaplabs.com and other sites on the Internet.

To opt out of Google's use of the DART cookie, visit google.com/settings/ads.

6. Purpose and Legal Basis for Processing

We use the information we collect for the following purposes:

PurposeLegal Basis
To provide and improve servicesPerformance of contract
To manage user accountsPerformance of contract
To analyze site trafficLegitimate interest
To respond to contact requestsLegitimate interest / Consent
To serve personalized adsConsent
To detect and resolve technical issuesLegitimate interest
To comply with legal obligationsLegal obligation

7. Data Security

We apply the following measures to protect your personal data:

  • HTTPS: All data transmission on our site is encrypted using SSL/TLS.
  • Password Hashing: Passwords are hashed using the bcrypt algorithm and are never stored in plain text.
  • JWT Authentication: Session management is handled via signed JSON Web Tokens.
  • Access Restriction: Personal data is accessible only to authorized personnel.
  • Security Updates: Libraries and dependencies we use are regularly updated.

However, no method of data transmission over the internet is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your data for the following periods:

  • Account information: For as long as your account is active. Deleted within 30 days of a deletion request.
  • Contact form messages: A maximum of 12 months after your request is resolved.
  • Analytics data: Anonymized and retained for a maximum of 26 months (Google Analytics default).
  • Server access logs: A maximum of 90 days.
  • Anonymous visitor data: A maximum of 365 days.

9. Data Sharing

We never sell your personal data. We do not share it with third parties except in the following cases:

  • Google LLC: Anonymous/aggregated data is transferred for analytics and advertising services.
  • Legal Requirements: May be shared with authorities as required by court order, prosecutor request, or legal regulation.
  • Emergency Safety Situations: May be shared with relevant authorities in cases threatening a person's safety.

10. International Data Transfers

Due to our use of services such as Google Analytics and AdSense, some of your data may be transferred to countries outside the European Economic Area (EEA), particularly the United States. These transfers are based on Google's certification under the EU-U.S. Data Privacy Framework (DPF).

11. Third-Party Links

Our site may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We recommend reviewing the privacy policies of any linked sites.

12. Your Rights

You have the following rights regarding your personal data under GDPR and applicable law:

  • Right of access: The right to know whether and how your personal data is being processed
  • Right to rectification: The right to request correction of inaccurate or incomplete data
  • Right to erasure: The right to request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: The right to request that we limit how we use your data
  • Right to data portability: The right to receive your data in a structured, machine-readable format
  • Right to object: The right to object to processing based on legitimate interest or for direct marketing
  • Rights related to automated decision-making: The right not to be subject to decisions made solely by automated processing
  • Right to withdraw consent: Where processing is based on consent, the right to withdraw it at any time

To exercise these rights, please use our contact page. We will respond to your request within 30 days.

13. Children's Privacy

Our site is not intended for children under the age of 13, and we do not knowingly collect personal data from individuals under 13. If we learn that a child under 13 has provided us with personal data, we will take immediate steps to delete that information from our systems.

14. Changes to This Policy

We may update this Privacy Policy in response to changes in law, services we use, or site improvements. When significant changes are made, we will revise the "Last updated" date at the top of this page and, where possible, notify registered users via email. We recommend regularly reviewing this page.

15. Contact Us

For questions, feedback, or requests to exercise your rights regarding this Privacy Policy, please use our contact page.