privacy policy.

This Privacy Policy describes how Yigitcan Gencdal ("we", "us", or "our") collects, uses, and discloses your personal information when you visit or use services on curlynull.com (the "Site").

Information We Collect
We collect the following types of information:

1. Personal Information: We don't sell or process your personal information. However, as we stated in the How We Use Your Information section on why we do this, we collect:
 
- IP addresses
- Device details
- Nicknames and email addresses (when you contact us through our contact page)
- Any other personal information you provide to us voluntarily

2. Usage Data:
- Information about how you use our Site, collected through the privacy-focused Cloudflare Analytics and/or any analytics provider we might choose.

Data Security and Infrastructure
We implement industry-standard security measures to protect your data and ensure the reliable operation of our Site. Our security infrastructure includes:

1. Server and Hosting Security:
- Hosted on Hetzner's premium German servers, ensuring compliance with strict EU data protection standards
- Benefit from Hetzner's enterprise-grade data center security:
  * ISO/IEC 27001 certified data centers
  * ISO 14001 certified environmental management
  * Physical security measures
  * Climate control systems
- Regular security patches and system updates
- Firewall configuration with strict access rules
- DDoS protection through Hetzner and Cloudflare
- Regular security audits and monitoring

 Environmental Commitment:
  - Our hosting provider Hetzner implements numerous green initiatives:
  * 100% renewable energy usage for all data centers in Germany
  * District heating utilization
  * Energy-efficient cooling systems
  * Heat recovery systems
  * High-efficiency power supplies
  * Energy-optimized server hardware
  * PUE (Power Usage Effectiveness) optimization

2. Data Protection:
- Full SSL/TLS encryption (HTTPS) for all data transmission
- Secure cipher suite configuration
- HTTP/3 support for enhanced security and performance
- HSTS (HTTP Strict Transport Security) implementation
- Regular security headers audit and implementation

3. Web Application Security:
- Web Application Firewall (WAF)
- Geographic access restrictions to prevent malicious traffic (as detailed in our Terms of Service)
- Rate limiting to prevent brute force attacks
- Input validation and sanitization
- Protection against common web vulnerabilities:
  * Cross-Site Scripting (XSS)
  * SQL Injection
  * Cross-Site Request Forgery (CSRF)
  * File inclusion vulnerabilities
  * Command injection

4. Monitoring and Response:
- Automated security monitoring
- Real-time threat detection
- Automated blocking of suspicious IP addresses
- Regular security log analysis
- Incident response procedures in place

5. Compliance and Best Practices:
- Implementation of OWASP security recommendations
- Regular security testing and vulnerability assessments
- Compliance with GDPR security requirements
- Implementation of security headers:
  * Content-Security-Policy
  * X-Content-Type-Options
  * X-Frame-Options
  * X-XSS-Protection
  * Referrer-Policy

6. Access Control:
- Strict authentication for administrative access
- IP-based access restrictions for administrative functions
- Secure password policies

7. Proactive Security Measures:- Dynamic threat response based on observed attack patterns
- Blocking of known malicious hosts and IP ranges
- Specific hosting providers may be blocked if:
  * Persistent attacks originate from their networks
  * They fail to respond to abuse reports
  * They demonstrate inadequate security practices
- Regular review and updates of blocked IP ranges and hosts
- Transparent documentation of blocked regions and providers in our Terms of Service

Note: While we strive to maintain maximum accessibility, we prioritize the security of our users and infrastructure. Blocking decisions are made based on concrete security threats and are regularly reviewed. Users accessing our site through legitimate means from blocked providers may contact us through our Contact page for resolution.

How We Use Your Information
We use the collected information for the following purposes:

1. To provide and maintain our Site
2. To analyze and improve our services
3. To respond to your inquiries
4. To detect, prevent, and address technical issues or potential attacks such as DDoS on our Site
5. To comply with legal obligations

Cookies
We use cookies to analyze Site usage and to help protect our Site from attacks. You can control cookies through your browser settings.

Third-Party Services

We use the following third-party service(s):

1. Cloudflare: For website performance and security. Please refer to Cloudflare's privacy policy for more information.

Data Retention and Deletion
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy. If you wish to request deletion of your data, please contact us by visiting the contact page. We will process your request in accordance with applicable laws.

International Data Transfers
Your information may be transferred to and processed in countries other than the country you reside in. These countries may have data protection laws that are different from the laws of your country.

GDPR Compliance
For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). You have the right to:

1. Access your personal data
2. Correct inaccurate personal data
3. Request erasure of your personal data
4. Object to processing of your personal data
5. Request restriction of processing your personal data
6. Request transfer of your personal data
7. Withdraw consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

California Privacy Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

1. Right to Know: You can request information about the personal information we've collected about you over the past 12 months, including:
  - Categories of personal information collected
  - Sources of the information
  - Purpose for collecting the information
  - Categories of third parties with whom we share the information

2. Right to Delete: You can request that we delete the personal information we have collected about you, subject to certain exceptions.

3. Right to Opt-Out: If we sell personal information, you have the right to opt-out of that sale. However, we do not currently sell personal information.

4. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights under CCPA, please contact us using the information in the "Contact Us" section. We may need to verify your identity before responding to your request.

United States Visitors
While our website is hosted in Germany, we recognize that we may have visitors from the United States, including California. We strive to comply with applicable U.S. privacy laws, including the CCPA as outlined above.

Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us
If you have any questions about this Privacy Policy, please visit:

The Contact page

Last updated: 24.10.2024