Privacy Policy — Plain-English Summary
Heads up. This page is a friendly, plain-English summary of how ProductLog handles your data. The legally binding version is the Full Privacy Policy. If anything here disagrees with the full version, the full version wins.
Who's behind ProductLog?
ProductLog is built and operated by Evren Bal (@evrenbal), an indie developer. There's no company — it's a personal project run by one human in Kocaeli, Türkiye. You can reach me at [email protected].
I'm the person responsible for your data — the "data controller" in legal terms.
What I collect
When you use ProductLog, I collect:
Account stuff — email, name, username, hashed password, language preference.
What you publish — your posts, comments, products, votes, follows, bookmarks, profile info.
Technical bits I need to keep things working — your IP address, browser/device info, session cookies, security tokens.
OAuth login info (only if you choose to sign in with GitHub or Google) — the provider's account ID and the email it shares.
What I don't collect
No third-party analytics. No Google Analytics, no PostHog, no Mixpanel, no behavioural tracking, no advertising pixels, no session recorders. None.
No selling data. Ever.
No advertising profiling. I don't build ad profiles or run ads on the site.
If any of this ever changes, I'll update this page and tell you about it.
What I use it for
Running your account (sign-in, posts, profile, etc.)
Sending you emails you actually need (verification, password reset, important notices)
Keeping the platform safe (spam, abuse, security)
Meeting legal obligations when I have to
That's it. No surprises.
Cookies
Only the bare minimum — keeping you signed in, remembering your language, and protecting against attacks. No tracking, advertising, or third-party cookies.
Who else sees your data
A small list of providers I rely on to keep the site running:
Sign-in providers — GitHub and Google, only if you choose to connect them.
Email delivery — a transactional email provider (currently one of SMTP, Brevo, or AWS SES).
File storage — S3-compatible object storage for things like avatars (currently AWS S3 or Cloudflare R2).
Hosting — the infrastructure provider where the site runs.
That's the whole list. See the Full Privacy Policy for details and where data is processed.
Your rights
Under KVKK (Turkish) and GDPR (EU) law, you have the right to:
Get a copy of your data
Correct anything that's wrong
Delete your account and data (the "right to be forgotten")
Restrict or object to certain processing
Get your data in a portable format
Withdraw any consent you've given
Complain to the data-protection authority in your country
How to exercise these rights: email [email protected]. Self-service tools (one-click data export, in-product account deletion) are coming, but for now I handle every request manually. I'll respond within 30 days, as the law requires.
No fees. No hassle. If you want your data, you can have it.
Children
You need to be 16 or older to use ProductLog. I don't knowingly collect data from anyone younger; if you think a child under 16 has signed up, email me and I'll delete the account.
Security
I take security seriously and apply industry-standard measures (HTTPS, hashed passwords, ORM-protected queries, dependency audits, rate limiting). But no service is unhackable. If a security incident affects your data, I commit to:
Patching the issue as quickly as I can,
Notifying the relevant authority (KVKK Kurumu) within 72 hours, and
Telling you about it transparently.
Please keep your password strong and don't share it. (The site doesn't currently offer two-factor authentication.)
How to reach me
For anything privacy-related — questions, requests, concerns — email:
If you'd rather complain to a regulator, that's your right too. In Türkiye it's the KVKK Kurumu; in the EU/UK, it's your local data-protection authority.
Want the full legal version? → Read the Full Privacy Policy