Legal

Privacy Policy

Last updated: May 30, 2026

This Privacy Policy explains how backlex ("the Service", "we") collects, uses, stores, and protects your personal data when you use the backlex.com website or the backlex managed cloud. By using the Service you agree to the practices described in this policy.

1. Information We Collect

To provide the Service we collect:

  • Account information — the name, email address, and password you provide at sign-up. Passwords are stored only as a one-way hash, never in plain text.
  • Organization & project data — the organizations, projects, and billing configuration you create.
  • Session & authentication data — session tokens issued at sign-in and security-related logs.
  • Usage data — technical records of how you interact with the Service (IP address, browser type, access times).

2. How We Use Information

We use the information we collect only to:

  • Create your account, authenticate you, and manage your session.
  • Provide, maintain, and improve the Service.
  • Process billing and payments.
  • Keep the Service secure and prevent unauthorized access.
  • Communicate with you about important service matters.
  • Meet our legal obligations.

3. Sharing of Information

We do not sell your personal data. We share it only:

  • With service providers who help us operate the Service and process data on our behalf and under our instructions (e.g. cloud infrastructure and payment providers).
  • When required by a legal obligation or a valid official request.
  • With your explicit consent.

4. Data Security

We apply reasonable technical and organizational measures — such as encryption, access control, and secure authentication — to protect your data against unauthorized access, alteration, and loss. No method of transmission or storage is 100% secure.

5. Data Retention

We keep your personal data only while your account is active or as long as needed to fulfil the purposes described in this policy. When you delete your account, your data is removed within a reasonable period, subject to any legal retention obligations.

6. Data Residency

You can choose the region where your data is processed (e.g. Türkiye, EU, or global). The EU and Türkiye regions are offered in line with KVKK and GDPR requirements. Your selected region determines where your data is stored.

7. Cookies & Sessions

We use strictly necessary cookies and similar technologies to keep you signed in and to authenticate you. These are essential to the core operation of the Service; blocking them in your browser may prevent parts of the Service from working correctly.

8. Your Rights

Under applicable law (e.g. KVKK and GDPR) you have the right to access, correct, delete, or restrict the processing of your data, and to request a copy of it. To exercise these rights, contact us at the address below.

9. Third-Party Services

The Service may use third-party infrastructure, authentication, and payment providers. These providers only access the data needed to deliver the Service and are subject to their own privacy obligations.

10. Changes

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date on this page.

11. Contact

For questions about this Privacy Policy or your personal data, contact us at hi@backlex.com.