Privacy Policy

Last updated 2026-06-11

1. Data Controller

This Privacy Policy governs the processing of personal data by:

Türkol Yazılım Bilgisayar Sanayi ve Ticaret Limited Şirketi
Tax ID (Vergi No): 8800579984 — Tax Office: Şarköy
İSTİKLAL MAH. GANOS SK. NO: 5 B, 59800 Şarköy / Tekirdağ, Turkey
Email: support@spatly.io

2. Data We Collect

Account Information: Name, email address, username, phone number, and company name provided during registration.
Authentication Data: Hashed passwords, OAuth tokens (for Google Sign-In).
Content & Usage: Stories, projects, layers, data sources, assets you upload, and aggregate read counts of your published stories (counts, 30-day daily totals, top referrers).
Technical Data: IP address, browser type, operating system, device information, timestamps.
Payment Data: Subscription billing is processed by Paddle (our Merchant of Record). We retain your Paddle customer and subscription identifiers; we never store credit card details directly.

3. Purpose of Data Processing

Providing and maintaining the Spatly platform and its mapping/storytelling tools.
User account management and authentication.
Rendering your published stories at spatly.io/r/<slug> and delivering tool requests.
Communicating service updates, security alerts, and support responses.
Improving platform performance and reliability.
Complying with legal obligations and preventing fraud.

4. Legal Basis for Processing

Contract Performance: To provide you with the services you signed up for.
Legitimate Interest: For platform security, fraud prevention, and service improvement.
Legal Obligation: To comply with applicable laws and regulations.
Consent: For optional communications and non-essential cookies.

5. Data Sharing

We do not sell your personal data. We may share data with:

Cloud Service Providers: EU-hosted infrastructure for hosting and storage.
Payment Providers: Paddle acts as our Merchant of Record for subscription billing.
Authentication Providers: Google OAuth — only if you sign in with Google.
Email Provider: Transactional email delivery (verification, password reset, billing receipts).
Legal Authorities: When required by law.

6. Data Retention

We retain your personal data for the duration of your account. Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.

7. Your Rights

Under GDPR and KVKK, you have the following rights:

Right of Access: Request a copy of your personal data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data.
Right to Data Portability: Request your data in machine-readable format.
Right to Object: Object to data processing based on legitimate interests.
Right to Withdraw Consent: Withdraw consent at any time.

You can export your data, change your email or password, or delete your account from /account. To exercise other rights, contact support@spatly.io. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

9. Security

We implement industry-standard security measures including SSL/TLS encryption, secure password hashing, HSTS headers, CSRF protection, and regular security audits.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification at least 30 days before they take effect.

11. Contact

Türkol Yazılım Bilgisayar Sanayi ve Ticaret Limited Şirketi
İSTİKLAL MAH. GANOS SK. NO: 5 B, 59800 Şarköy / Tekirdağ, Turkey
Email: support@spatly.io

Terms of Service

Last updated 2026-06-11

1. Acceptance of Terms

By accessing or using the Spatly platform (including the website, API, editor, and published stories located at spatly.io), you agree to be bound by these Terms of Service. If you do not agree, please do not use the platform.

2. Service Provider

Türkol Yazılım Bilgisayar Sanayi ve Ticaret Limited Şirketi
Tax ID (Vergi No): 8800579984 — Tax Office: Şarköy
İSTİKLAL MAH. GANOS SK. NO: 5 B, 59800 Şarköy / Tekirdağ, Turkey

3. Account Registration

To access premium features, you must create an account. You agree to:

Provide accurate and complete registration information.
Maintain the security of your password and API key.
Notify us immediately of any unauthorized use of your account.
Accept responsibility for all activities under your account.

4. Free and Paid Services

Spatly offers Free, Pro, and Team plans. Free accounts receive limited project, storage, and feature usage. Paid subscriptions unlock higher quotas and additional features. Subscription plans, pricing, and allocations are described on our pricing page.

5. Your Content

You retain ownership of every story, dataset, and asset you upload lawfully. You grant Spatly a limited license to store, render, and serve that content to your viewers as needed to provide the service. We will not access your content except to operate the service or as required by law. We do not claim ownership of your output data.

6. Acceptable Use

You agree not to:

Use the platform for any illegal or unauthorized purpose.
Publish content that infringes intellectual property, defames, or harasses.
Collect personal data without a lawful basis under applicable data protection laws.
Attempt to circumvent rate limits, security measures, or access controls.
Distribute malware or engage in denial-of-service attacks.
Resell or redistribute data obtained through the platform without authorization.
Use the platform to send unsolicited messages or to mine cryptocurrency.

7. Payment and Billing

Paid subscriptions are billed through Paddle, our Merchant of Record. By subscribing, you agree to Paddle’s terms. Payments are processed securely — we never store your credit card details. Subscriptions auto-renew monthly or yearly until cancelled.

8. Cancellation and Refunds

You may cancel your subscription at any time from your dashboard. Cancellation takes effect at the end of your current billing period, and you keep paid access until that date. Refunds are handled in accordance with applicable consumer protection law and Paddle’s refund procedures.

9. Limitation of Liability

Spatly is provided “as is” without warranties. We are not liable for any indirect, incidental, or consequential damages arising from your use of the platform. Our total liability is limited to the amount you paid in the last 12 months.

10. Termination

We may suspend or terminate your account if you violate these terms. Upon termination, your right to use the platform ceases immediately. Account data may be deleted after 30 days. You can delete your account at any time from /account.

11. Governing Law

These terms are governed by the laws of the Republic of Turkey. Any disputes shall be resolved in the courts of Tekirdağ, Turkey.

12. Changes to Terms

We may update these terms periodically. Continued use after changes constitutes acceptance. Material changes will be notified via email at least 30 days in advance.

13. Contact

For questions about these terms, contact us at support@spatly.io.

Cookie Policy

Last updated 2026-06-11

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help provide a better browsing experience and allow certain functionalities. Spatly also uses related browser storage (localStorage, sessionStorage) to keep you signed in and to remember your editor preferences.

2. What Cookies and Storage We Use

Essential

Required for basic platform functionality:

Name	Purpose	Duration
`csrftoken`	Cross-site request forgery protection	1 year
`sessionid`	User session management	2 weeks
`spatly-auth`	Access + refresh JWT tokens (localStorage) so you stay signed in across reloads	Until sign-out
`spatly:tweaks:*`	Editor panel open/close + value memory	Persistent
`spatly:view:<slug>`	Per-tab page-view dedup flag (sessionStorage) so the Analytics counter does not double-count a reload	Session
`messages`	Temporary notification messages	Session

Analytics

Used to understand how visitors interact with the platform:

Name	Purpose	Duration
`_ga`	Google Analytics — distinguishes users	2 years
`_ga_*`	Google Analytics — maintains session state	2 years

Aggregate read counts of published stories are computed server-side; no cookies are placed on the reader’s browser purely for that counter.

Third-Party

Set by our service providers:

Google reCAPTCHA: Anti-bot protection during login and registration.
Paddle: Payment processing cookies during checkout — see Paddle cookie notice.

3. Managing Cookies

Most browsers allow you to control cookies through their settings. You can:

Block all cookies
Delete existing cookies
Allow cookies from specific sites only

Note: Blocking essential cookies may prevent you from using the platform properly.

4. Legal Basis

Essential cookies are used based on our legitimate interest (Art. 6(1)(f) GDPR). Analytics and third-party cookies are used based on your consent (Art. 6(1)(a) GDPR).

5. Your Rights

Under GDPR and KVKK, you have the right to withdraw consent for non-essential cookies at any time, request information about stored cookies, and object to data processing. Contact us at support@spatly.io for any cookie-related inquiries.

6. Changes

We may update this Cookie Policy periodically. Changes will be posted on this page with the update date.

Data Processing Addendum (DPA)

Last updated 2026-06-11

If you process personal data of EU / UK / Türkiye residents while using Spatly, the GDPR / UK GDPR / KVKK position us as a data processor for your account data and as a sub-processor for any personal data you upload as story content.

Sub-processors

Hetzner — EU-hosted servers (compute + storage).
Paddle — payments + tax (Merchant of Record).
Zoho Mail — transactional email delivery.
Google — only for users who sign in with Google or for visitors who consent to Google Analytics / reCAPTCHA.

Data controller details

To sign a written DPA for your organisation, email support@spatly.io.