Privacy Policy

01Data Controller

Orchesta ("we", "us") is the data controller for personal data processed through orchesta.io.

Brand

Orchesta

Contact

[email protected]

Web

orchesta.io

02Data We Collect

This is a static marketing site. There is no account, no sign-up and no forms that store your input. We process only:

• Server & access logs: IP address, browser/device info, requested pages and timestamps — recorded by our server and by Cloudflare to operate and secure the site.
• Analytics: aggregate usage statistics via Google Analytics — collected only after you accept the cookie banner. IP addresses are anonymised.
• Local storage: small browser entries for your cookie-consent choice and language preference (see the Cookie Policy).
• Email you send us: if you write to our contact address, we receive your message and email address — only because you chose to contact us.

We do not collect special categories of data (health, biometric, financial, etc.), and the site is not directed at children under 13.

03Purposes

• Operate, secure and maintain the website
• Detect and block abusive or malicious traffic
• Understand aggregate usage to improve the site (only with your consent)
• Respond to messages you send us by email
• Comply with legal obligations

04Legal Basis

We process data under the following legal bases:

• Legitimate interest — operating, securing and maintaining the site (GDPR Art. 6(1)(f), KVKK Art. 5/2(f))
• Consent — analytics cookies, granted via the cookie banner (GDPR Art. 6(1)(a), KVKK Art. 5/1)
• Legitimate interest — handling email correspondence you initiate (GDPR Art. 6(1)(f), KVKK Art. 5/2(e))
• Legal obligation — responding to lawful requests from authorities (GDPR Art. 6(1)(c), KVKK Art. 5/2(ç))

05Service Providers & Transfers

We do not sell your data. The site is self-hosted on our own server; we rely on two infrastructure providers:

Cloudflare

DNS, CDN and reverse proxy / DDoS protection. Processes request metadata (IP, headers) to route and protect traffic. Global infrastructure.

Google Analytics

Aggregate analytics, provided by Google. Loaded only after you accept the cookie banner. Operated by Google LLC (United States).

These providers operate globally, so data may be processed outside your country. Transfers are covered by GDPR-compliant standard contractual clauses or equivalent safeguards under KVKK Art. 9. We may also disclose data where required by law.

06Retention

• Server & access logs: kept short-term for security and diagnostics, then rotated out (typically within 30 days).
• Analytics data: retained by Google Analytics per its configured retention window (default 14 months).
• Email correspondence: kept as long as needed to handle your request and for reasonable follow-up.

07Your Rights

Under GDPR Art. 15-22 and KVKK Art. 11 you have the right to:

• Confirm whether your personal data is processed
• Request information about the processing
• Request correction of inaccurate data
• Request erasure under certain conditions
• Object to processing based on legitimate interest
• Withdraw analytics consent at any time (see the Cookie Policy)
• Lodge a complaint with a supervisory authority

To exercise your rights, write to [email protected]. We respond within 30 days at the latest.

08Security

We use reasonable technical measures to protect the site and any data it processes: HTTPS encryption end to end, a Cloudflare protective layer, restricted server access and security headers.

No internet transmission is ever completely secure, so we cannot guarantee absolute security.

09Cookies

The site uses a strictly necessary language preference entry and — only with your consent — Google Analytics cookies. We do not use advertising or profiling cookies. Full detail is in the Cookie Policy.

10Changes

We may update this policy from time to time. The current version is always on this page — check the "last updated" date at the top.

11Contact

Questions about this Privacy Policy or your personal data: [email protected]