GDPR & KVKK Compliance

Last updated: December 25, 2025

1. Our Commitment



Clicost is committed to protecting your personal data and respecting your privacy rights in accordance with the European Union General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK - Kisisel Verilerin Korunmasi Kanunu).

2. Data Controller



Clicost acts as the data controller for your personal data. This means we determine the purposes and means of processing your personal data.

Data Controller: Clicost
Email: privacy@clicost.com
Website: https://clicost.com

3. Legal Basis for Processing



We process your personal data based on the following legal grounds:
  • Consent: When you create an account and agree to our terms
  • Contract: To provide our expense tracking services to you
  • Legitimate Interest: To improve our services and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations


4. Your Rights Under GDPR



As a data subject, you have the following rights:

Right to Access (Article 15)


You can request a copy of your personal data that we hold.

Right to Rectification (Article 16)


You can request correction of inaccurate personal data.

Right to Erasure (Article 17)


You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Article 18)


You can request limitation of processing of your personal data.

Right to Data Portability (Article 20)


You can receive your data in a structured, commonly used format.

Right to Object (Article 21)


You can object to processing based on legitimate interests.

Right to Withdraw Consent


You can withdraw your consent at any time.

5. Your Rights Under KVKK



Under Turkish law (KVKK), you have the right to:
  • Learn whether your personal data is being processed
  • Request information about processing activities
  • Learn the purpose of processing and whether data is used accordingly
  • Know the third parties to whom data is transferred
  • Request correction of incomplete or inaccurate data
  • Request deletion or destruction of personal data
  • Request notification of corrections to third parties
  • Object to negative results arising from automated analysis
  • Claim compensation for damages due to unlawful processing


6. How to Exercise Your Rights



You can exercise your rights in the following ways:
  • In-App: Use the account deletion feature in Settings
  • Email: Send a request to privacy@clicost.com
  • Data Export: Use the export feature in your account settings


We will respond to your request within 30 days. If we need more time, we will inform you of the reason for the delay.

7. International Data Transfers



Your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent for specific transfers


8. Data Protection Officer



For any questions or concerns about our data protection practices, you can contact us:

Email: privacy@clicost.com
Subject: Data Protection Inquiry

9. Supervisory Authority



If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority:
  • EU Residents: Your local Data Protection Authority


10. Data Security Measures



We implement technical and organizational measures to protect your data:
  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures


11. Updates



We may update this page to reflect changes in our practices or legal requirements. We encourage you to review this page periodically.