Legal

Privacy Policy

Last updated · April 21, 2026

This site takes visitor and client privacy as seriously as the quiet of a photo set. What is stored, and why — written plainly.

Cookies and analytics

We measure the site with Plausible: a cookieless analytics tool that captures no personal identifier. There is no Google Analytics, no Facebook Pixel, no third-party tracker. No cookie banner either, because there is simply nothing to consent to.

Images and content storage

Delivery galleries and client data live on Supabase infrastructure hosted in an EU data centre (Frankfurt). Files are encrypted in transit with TLS 1.3 and at rest with AES-256. Only authenticated accounts can access them.

Marketing consent

If you want new series, seasonal openings or a quiet note from us, you tick the newsletter box. Consent is opt-in, never pre-ticked, and withdrawn with one click via the unsubscribe link at the foot of every email.

Children's data

Our services are not directed at people under 18 and we do not knowingly collect their data. If you believe a child has submitted information, please contact us and we will remove the record.

Cross-border transfers

No data is transferred outside Supabase (EU), Resend (EU/US) and iyzico (Türkiye). Any US-side transfer takes place under Standard Contractual Clauses and the current EU–US Data Privacy Framework.

Security and compliance

We apply TLS, at-rest encryption, two-factor admin sign-in and regular access audits. The policy is aligned with both GDPR and KVKK requirements. In the event of a suspected breach we notify affected parties and authorities within 72 hours.

Questions: hello@mervekansu.com