Skip to main content
CompanyRoute

Privacy Policy

Last updated: June 2025

CompanyRoute is committed to protecting your privacy. This policy explains how we handle data in compliance with the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK/Law No. 6698).

1. Simulator Data is Anonymous

When you use our tax simulator, all calculations are performed entirely in your browser (client-side JavaScript). Your revenue figures, business type selections, and country preferences are never transmitted to our servers. We have zero access to your financial inputs. No data is logged, stored, or processed server-side from the simulator tool.

2. Data Controller Information

CompanyRoute operates as the data controller for any personal data collected through this website. For GDPR/KVKK inquiries, contact us at: [email protected].

3. What Data We Collect

  • Contact form submissions: name, email, message (stored only to respond to your inquiry, deleted within 30 days)
  • Analytics: anonymous page views via privacy-friendly analytics (no cookies, no personal identifiers)
  • Technical logs: anonymized IP addresses, browser type (retained for 7 days for security purposes only)

4. Legal Basis for Processing (GDPR Art. 6)

  • Consent: Contact form submissions and optional newsletter
  • Legitimate interest: Anonymous analytics to improve our tools, security monitoring

5. Cookie Policy

We use minimal cookies:

  • Essential cookies: Locale preference (en/tr) — strictly necessary, no consent required
  • Analytics: We use a privacy-friendly, cookieless analytics solution. No tracking cookies are placed.
  • We do NOT use: advertising cookies, third-party tracking pixels, social media trackers, or fingerprinting

6. Third-Party Links

We may link to external formation service providers in the future. Currently we do not display paid partner links or receive affiliate commissions from third-party formation services.

7. Data Transfers

We do not transfer personal data outside the EU/EEA unless adequate safeguards are in place (Standard Contractual Clauses or adequacy decisions). Our hosting infrastructure is located in the EU.

8. Your Rights (GDPR & KVKK)

Under both GDPR and KVKK, you have the right to:

  • Access: Request a copy of any personal data we hold about you
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ('right to be forgotten')
  • Restriction: Limit how we process your data
  • Data portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: At any time, without affecting prior lawful processing

9. Data Retention

Contact form data: deleted within 30 days of resolution. Technical logs: 7 days. We do not retain any simulator input data (it never reaches our servers).

10. Children's Privacy

Our services are not directed at individuals under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be highlighted on our website. Continued use after changes constitutes acceptance.

12. Contact & Complaints

For privacy requests or complaints: [email protected]. You also have the right to lodge a complaint with your local data protection authority (for EU: your national DPA; for Turkey: KVKK/Kişisel Verileri Koruma Kurumu).