Finvane Terms Privacy KVKK Full disclaimer Legal Notice
Privacy

Privacy Policy

This policy explains account data handled by Finvane and the service providers used to operate the research workspace.

Last updated: June 18, 2026

1. Controller and contact

Data controller: UTKU ÇEKEN. Privacy requests can be sent to [email protected].

2. Minimal data we process

For account access, Finvane stores only the data needed to create and protect a public account: email address, password hash, email verification state, account role or disabled status, account timestamps, verification and password-reset token hashes, token status, session token hashes and session timestamps.

For security and abuse prevention, Finvane can process session cookie data, request metadata, IP-derived rate-limit keys, Turnstile validation results or error codes and technical logs.

For workspace operation, Finvane processes request parameters needed to return the requested chart view: selected BTCUSDT interval, historical start and end date/time, timezone context and live interval requests. If research notifications are enabled, Finvane also stores the selected notification interval, enabled or disabled state, observed condition keys and email delivery status metadata. Backend logs can store operational summaries such as account id, symbol, interval, candle count, event count, notification delivery status and delayed-price fallback count.

The browser can store local interface preferences such as selected replay interval, replay dates and live interval so the workspace can reopen with the same UI state.

3. Purposes

Finvane uses account data to provide account access, verify email ownership, reset passwords, keep sessions secure, deliver Historical Signal Replay, Live Signal Workspace and optional research notification features, prevent abuse, investigate service problems and maintain security.

Account-security, transactional and user-enabled research notification emails can be sent for registration, verification, password flows and selected research conditions. Marketing email is not implied by this transactional or user-enabled research notification flow and must be handled separately if it is introduced.

4. Cookies, local storage and security controls

Finvane uses a session cookie for authenticated public access. The production cookie is set with browser security attributes and is used to recognize a logged-in session.

Local storage is used only for workspace UI preferences such as interval and date selections. Clearing browser storage removes these local preferences.

Cloudflare security controls and Turnstile may evaluate browser, network and request signals to defend login, registration and password reset endpoints from abuse when those controls are enabled.

5. Service providers

Finvane currently relies on production hosting, edge security, bot protection, transactional email delivery and market-data connectivity to operate the service. This can include Hetzner for hosting, Cloudflare for edge/security controls, Brevo for account email delivery and exchange-originated market data endpoints for BTCUSDT market data.

Provider processing, geographic routing and storage details must be read together with the KVKK notice and the providers' applicable documentation.

6. Retention and protection

Finvane retains account, session, token and technical security records for service operation, account lifecycle, abuse prevention and legal needs only as long as required for those purposes. Authentication secrets are not stored as plain passwords; session and account token records are stored as hashes where applicable.

Expired tokens, expired or revoked sessions and stale unverified accounts are subject to automated or operator-triggered cleanup. Workspace output is generated for display in the browser; Finvane does not maintain exchange execution records for public users.

No internet service can promise absolute security. Finvane applies practical security controls, but users must also protect their credentials and devices.

7. Requests and contact

Privacy questions and requests can be sent to [email protected]. Turkey-specific personal data information and rights are also described in the KVKK notice page.

Terms Privacy KVKK Full disclaimer Legal Notice