LEGAL
Privacy Policy
Last updated: 11 July 2026
Lyceum Partners Strateji ve Kurumsal Danışmanlık Medya A.Ş. ("Lyceum Partners", "we", "us"), a company established in Türkiye with its registered office at Harman-1 Sk. No:7/23, 34394 Şişli / İstanbul, is the operator of lycea.app (the "Website") and the Lycea platform (the "Platform"), and is the data controller responsible for the processing of personal data collected through them. This policy explains how we collect, use, protect and otherwise handle your personal data. It applies to all products and services built and maintained by our company.
This policy is prepared in accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and, where we serve users in the European Economic Area, the EU General Data Protection Regulation ("GDPR").
What data we collect and why
When registering on the Website, requesting a demo, or using the Platform, you may be asked to provide your name, e-mail address, phone number, company name, job title and country. The Platform additionally allows you to upload and store business data of your choosing — for example technical data sheets, safety data sheets, catalogues, contracts and order records, in any text, document or image format. We refer to this data as "Content". We collect only what we need to provide and improve the service.
Identifying information & access
When you register or request a demo, we ask for identifying information so we can set up your account, respond to your request, and send you invoices, updates or other essential information. We will never sell your information to third parties, and we will not use your name or company in marketing statements without your permission.
Web analytics data
When you browse our pages, your browser automatically shares certain information such as operating system and browser version. We may track that information, along with the pages you visit, for statistical purposes such as understanding aggregate usage and testing design changes. Where analytics tools are used, data is processed on a lawful basis and, wherever feasible, in aggregated or anonymised form.
Cookies
The Website uses cookies that are strictly necessary for the site to function (for example, remembering your theme preference) and, where enabled, analytics cookies. You can control or delete cookies through your browser settings; disabling non-essential cookies does not prevent you from using the Website.
Voluntary correspondence
When you write to us — a demo request, a support question, an e-mail — we keep that correspondence and the information in it so we can respond and keep a record of the exchange.
Information we do not collect
We do not knowingly collect special categories of personal data (such as health, biometric or religious data). Please do not upload such data to the Platform; it is not required for any Lycea workflow.
How we process Content on the Platform
Content is processed solely to provide the service you configured: indexing, retrieval, comparison and the generation of source-linked answers and reports. Access by our staff is limited, role-based and logged, and support access to your workspace happens only with your permission. We do not use your Content to train our own or any third-party foundation models. Where large-language-model providers are used for inference, they are engaged under agreements that prohibit the use of your data for model training.
How we share information
- We never sell personal data to third parties.
- We use a limited number of subprocessors — such as EU-based cloud infrastructure, e-mail delivery and analytics providers — bound by data-processing agreements consistent with KVKK and, where applicable, the GDPR.
- We may disclose information where required by applicable law, regulation or a valid request from a competent authority, and we will notify you where lawfully permitted.
- If Lyceum Partners is involved in a merger, acquisition or asset sale, personal data may be transferred as part of that transaction; we will provide notice before personal data becomes subject to a different privacy policy.
Data storage and security
Platform data is hosted in EU-based data centers. Data is encrypted in transit (TLS) and at rest, access is role-based, and administrative access is logged. For enterprise deployments, an on-premises option is available so Content never leaves your infrastructure. In the event of a personal data breach, we will notify the relevant authority and affected users as required by KVKK and, where applicable, the GDPR.
Data retention
We retain personal data for as long as your account is active or as needed to provide the service, comply with legal obligations, resolve disputes and enforce agreements. Upon a verified deletion request, we delete personal data and Content without undue delay, and residual copies are removed from backups on our standard backup rotation.
International transfers
Your data is stored primarily in EU-based data centers. Any transfer of personal data outside Türkiye is carried out in accordance with Article 9 of the KVKK — on the basis of your explicit consent or other safeguards recognised by the Personal Data Protection Board — and, for EEA users, in accordance with GDPR transfer mechanisms such as adequacy decisions or standard contractual clauses.
Your rights
Under Article 11 of the KVKK you have the right to:
- learn whether your personal data is processed, and request information about it;
- learn the purpose of processing and whether the data is used in line with that purpose;
- know the third parties to whom your data is transferred, in Türkiye or abroad;
- request correction of incomplete or inaccurate data, and deletion or destruction of data where the grounds for processing no longer exist;
- request that corrections and deletions be notified to third parties to whom the data was transferred;
- object to a result that arises against you from analysis of your data exclusively by automated systems;
- claim compensation for damages arising from unlawful processing.
If you are in the EEA, you additionally benefit from the corresponding rights under the GDPR, including data portability and the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact us at info@lycea.app. We respond to requests within 30 days, as required by Article 13 of the KVKK. You may also lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu — kvkk.gov.tr).
Marketing communications
We send marketing communications only with your consent — for example, the checkbox in our demo request form — and every message includes a way to unsubscribe. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision; material changes will be announced on the Website.
Contact
Lyceum Partners Strateji ve Kurumsal Danışmanlık Medya A.Ş.
Harman-1 Sk. No:7/23, 34394 Şişli / İstanbul, Türkiye
info@lycea.app