Privacy Policy

1. Introduction

SolarFlow ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based Enterprise Resource Planning platform for solar EPC companies (the "Service"), accessible at solarflowerp.com.

2. Information We Collect

We collect the following categories of information:

• Account Information: Name, email address, phone number, company name, and job title when you register.
• Business Data: Leads, projects, proposals, installations, inventory, and other operational data you enter into the platform.
• Payment Information: Billing details processed securely through iyzico. We do not store credit card numbers on our servers.
• Usage Data: Log files, IP addresses, browser type, pages visited, and feature usage analytics.
• Cookies: Session cookies for authentication and preference cookies for theme and language settings.

3. How We Use Your Information

• Providing and maintaining the Service, including account management and customer support.
• Processing payments and managing subscriptions through our payment processor (iyzico).
• Sending transactional emails (verification, password reset, notifications) via our email service (Resend).
• Analyzing usage patterns to improve features, performance, and user experience.
• Ensuring security, preventing fraud, and complying with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share data with:

• Service Providers: iyzico (payments), Resend (email), Vercel (hosting), and PostgreSQL database providers — only as necessary to deliver the Service.
• Legal Requirements: If required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

5. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.3) and at rest (AES-256), role-based access control (RBAC) with 62 granular permissions, complete audit logging of all data modifications, multi-tenant data isolation ensuring your business data is never accessible to other tenants, and regular security assessments.

6. Cookies

We use essential cookies required for authentication and session management, and optional analytics cookies (Google Analytics) to understand how you use the Service. You can disable analytics cookies in your browser settings without affecting core functionality.

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your personal data for specific purposes.

8. Data Retention

We retain your account data for as long as your account is active. Business data (projects, leads, etc.) is retained for the duration of your subscription. Upon account deletion, personal data is removed within 30 days. Anonymized analytics data may be retained indefinitely. Backups are rotated on a 90-day cycle.

9. KVKK Compliance (Turkey)

For users in Turkey, we comply with the Kişisel Verilerin Korunması Kanunu (KVKK — Personal Data Protection Law No. 6698). As data controller, we process personal data based on legitimate business interests and explicit consent. You may exercise your KVKK rights by contacting us at info@solarflowerp.com.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: