Privacy Policy

This Privacy Policy explains how Nevascholar.com ("Nevascholar", "we", "us") collects, uses, discloses, stores, and protects personal data when you access our websites, applications, and related services (the "Services").

We comply with the EU General Data Protection Regulation (GDPR). We practice privacy by design and by default throughout our product and engineering lifecycle and continually assess risk to maintain appropriate technical and organizational measures.

For the purposes of GDPR, Nevascholar.com is the Controller of personal data processed through the Services.

Primary contact for privacy questions and rights requests: info@nevascholar.com. If required under Article 27 GDPR, Nevascholar will appoint an EU/UK representative and publish their contact details in this Policy.

This Policy applies to personal data about website visitors, registered users, trial users, business contacts, and prospective customers processed in connection with the Services.

For enterprise customers, where Nevascholar processes personal data strictly on their instructions, the parties' Data Processing Agreement (DPA) governs; in such cases Nevascholar acts as a Processor and the enterprise customer remains the Controller.

• Account Data:Name, email address, authentication credentials, profile settings, language and time-zone preferences.
• User Content:Prompts, uploaded files, drafts, feedback and other content you submit to the Services in the course of academic writing assistance.
• Usage and Log Data:Feature usage, clickstream, timestamps, diagnostic and performance logs, error and crash reports, and telemetry related to quality and reliability.
• Device and Technical Data:IP address, device identifiers, operating system, browser type and version, locale, referrer, and approximate location inferred from IP.
• Communications:Support requests, survey responses, email preferences and marketing subscriptions.
• Billing Data:Payment tokens and limited billing details handled by our PCI-compliant payment processor; Nevascholar does not store full card PANs on its systems.
• Special Categories:Nevascholar does not intend to collect special category data. If you include such data in your User Content, we will process it only where a lawful basis under GDPR applies.

• Directly from you when you create an account, submit content, communicate with us, or configure settings.
• Automatically from your use of the Services through cookies, pixels, SDKs, logs and similar technologies.
• From limited third parties such as payment processors or optional social login providers, subject to their own privacy disclosures.

Model Training and Evaluation: By default, we do not use customer content to train our models. If you opt in through settings or a separate agreement, we process such content for model training/evaluation under Consent (Art. 6(1)(a)); you may withdraw at any time.

We use strictly necessary cookies for authentication and security; preference cookies to remember settings; analytics cookies to understand usage and improve performance; and, where applicable, marketing cookies to measure campaigns.

You can manage cookies via your browser settings and our consent banner. For non-essential cookies we rely on your consent. For more information please read our Cookie Policy.

On selected pages (such as contact and newsletter forms), we use Google reCAPTCHA v3 to estimate whether activity is likely to come from a human user and to protect the Services from spam, automated abuse, credential stuffing, and similar threats.

reCAPTCHA analyzes browser and device signals and related technical data and transmits them to Google for this security and fraud-prevention purpose. Google provides reCAPTCHA to us as a processor for those limited purposes; we remain the controller for explaining this processing to you in this Policy. The lawful basis aligns with the "Security & Abuse Prevention" purpose described above (including legitimate interests and, where applicable, legal obligations).

reCAPTCHA may set a strictly necessary cookie (for example _GRECAPTCHA) so the check can run. See this section together with "Cookies and Similar Technologies" for context.

Where personal data is transferred outside the EEA/UK, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Addendum (IDTA) and/or EU–US Data Privacy Framework. We also perform transfer impact assessments and apply supplementary measures where needed.

We retain personal data only as long as necessary for the purposes set out in this Policy and then delete or anonymize it according to our retention schedule. Typical periods include:

• Account data: account lifetime plus 24 months
• Usage logs: up to 12 months
• Backups: up to 35 days
• Billing records: as required by applicable law
• Support tickets: up to 24 months

See Annex A for the full retention schedule.

We implement technical and organizational measures appropriate to the risk, including:

• Encryption in transit and at rest
• Least-privilege access control and MFA
• Network segmentation and continuous monitoring
• Vulnerability management and regular testing
• Employee security training
• An incident response program with post-incident reviews

We do not make decisions producing legal or similarly significant effects solely by automated processing. If we introduce such processing in the future, we will implement safeguards and provide the right to obtain human review, express your point of view, and contest decisions.

You have the following rights regarding your personal data:

• Access: request a copy of personal data we hold about you
• Rectification: request correction of inaccurate data
• Erasure: request deletion of your data ("right to be forgotten")
• Restriction: request that we limit how we use your data
• Data Portability: receive your data in a structured, machine-readable format
• Object: object to processing based on legitimate interests
• Withdraw Consent: where processing is based on consent, you may withdraw at any time
• Supervisory Authority: lodge a complaint with your local data protection authority

Submit your request to info@nevascholar.com. We will verify your identity and respond without undue delay, and in any event within one month, extendable as permitted by law.

Our Services are not directed to children under 16 and we do not knowingly collect personal data from them. If you believe a child has provided personal data, contact us so we can delete it.

We may disclose personal data:

• To service providers acting as Processors under written data protection terms
• To comply with laws or lawful requests from competent authorities
• To protect the rights, property, or safety of Nevascholar, users, or the public
• In connection with business transactions such as a merger, acquisition, financing, or sale of assets

There is currently no uniform industry standard for recognizing browser "Do-Not-Track" or similar preference signals. If standards are adopted that we must follow, we will update this Policy accordingly.

If you are accessing Nevascholar from Türkiye, please refer to our privacy notice written within the scope of Turkish Personal Data Protection Code no. 6698 (Data Protection Law). That notice (Website Privacy Disclosure) provides additional information about how your data is processed in accordance with Turkish law.

We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will post the updated version with a new effective date and, where material, provide additional notice.