Thank you for being part of Campus Arc. At Campus Arc, we greatly value your privacy and are committed to protecting your personal data.
This Privacy Policy applies to all types of users of our platform (website and related services) – including students, community leaders/members, company representatives, and instructors – and explains what data we collect, how we use it, with whom we share it, and how we safeguard it.
By using Campus Arc, you agree to this Privacy Policy and its terms. If you do not agree to this Privacy Policy or any other agreement governing your use of Campus Arc, you may not use Campus Arc.
1. Personal Data We Collect and How We Collect It
When you use the Campus Arc platform or sign up as a member, we collect various types of personal data from you through different means. Below are the categories of data we collect, along with explanations and examples:
Account and Profile Information: This includes information you provide when registering for an account, such as your first and last name, email address, and password. It also includes additional profile details you may optionally provide on your profile page, like your university or company name, department or position, areas of interest, profile photo, résumé or bio, and links to your social media profiles (e.g., LinkedIn, Twitter). These data are provided directly by you during sign-up and when you update your profile.
Contact Details: Information that enables us to contact you, such as the email address you used to sign up and any additional contact email or phone number you provide (phone number is optional). This also covers any contact information you share when reaching out to us for support. We collect these details when you register or if you later add them to your profile. We use your contact details to verify your account, send you notifications, and communicate with you when necessary.
Educational and Professional Information: Details related to your academic or professional background that you may choose to add to your profile. For example, if you are a student, you might provide your school and department and expected graduation year; if you are an instructor or professional, you might list your institution or employer and your title/position. Providing these details is optional and serves to help other members know more about you and to enable relevant matching (e.g., suggesting appropriate events or communities for you).
Platform Usage Data: We automatically collect data about your activities on Campus Arc. This includes records of events you create or register for (event names, dates, etc.), communities (student clubs, groups) you join or manage, and any content or interactions you engage in on the platform (such as posts, comments, likes, and follows). Note: Currently, Campus Arc does not offer a private direct messaging feature between users. If we introduce direct messaging in the future, any private messages you send would remain visible only to you and the intended recipient (not to others), though they could be stored in our system logs. All platform usage data are captured as you use the service, via our applications and servers.
Technical Data and Cookies: When you use our platform, certain technical information is collected from your device and browser automatically. This includes data like your IP address, device type, operating system, and browser type. We also use cookies and similar technologies to collect information about your visits and usage of our site. Currently, Campus Arc only uses essential cookies. These are cookies necessary for the basic operation of the site (for instance, keeping you logged in during a session or remembering your preferences). Under applicable law (including KVKK), such cookies do not require your consent. We do not presently use any analytics or advertising cookies that would require consent. If we introduce analytics, functional, or advertising cookies in the future, we will seek your consent as required by law.
Location Information: Campus Arc does not automatically collect precise GPS location data. However, we may ask you to provide a general location (such as your city or region) on your profile to help tailor content like event recommendations. For example, if you choose to list your city in your profile, we can show you events happening near you. Providing this information is optional. If you do provide it, we will store your location information and use it only for relevant features (e.g., displaying local events), and not for other purposes without your consent.
Legal Consents and Records: We maintain records of any legal consents and agreements you have provided. This includes, for example, records of your explicit consent under KVKK (such as consent for transferring data abroad or receiving marketing communications), your acceptance of our Terms of Use, and your opt-in consent for commercial communications. These records typically include details like the date and time of consent, the version of the document you agreed to, and the IP address used at the time. Such records are kept as evidence of your consent or agreement and to comply with our legal obligations (for example, to demonstrate that we obtained the necessary consent for processing or to fulfill record-keeping requirements under law).
2. How We Use Personal Data (Purposes of Processing)
We use the personal data we collect for the following purposes:
Providing and Managing the Service: We process data as necessary to operate our platform and deliver its core features to you. This includes creating and managing user accounts, allowing logins, enabling profile management, and supporting features like community creation or event registrations. For instance, we need to process your account information so you can log in, to use your profile details to tailor content to your user group, and to allow a student to register for an event or a community leader to access their member list.
Communication and Notifications: We use your data to communicate with you about important account or service-related matters. For example, we will use your email to send password reset links, account verification codes, or security alerts about your account. We also send notifications related to events you have signed up for (such as reminders of upcoming events or notices about event changes) and updates about the platform's features or content that may interest you. Note: Promotional or marketing communications (like newsletters or offers) will only be sent to you if you have given us your consent to receive them. Other service-related announcements (like those about changes to these Terms or Privacy Policy, or critical service notices) may be sent as part of the service, as they are important for all users.
Facilitating User Interaction: Because Campus Arc is a social and networking platform, we use data to facilitate interactions between users. Some of your information is used to let other users find or recognize you. For example, if you join a community, other members of that community can see that you are a member (usually your name on the member list). If you register for an event, your name might be visible to the event organizer and possibly to other attendees. These uses allow users to connect and communicate, which is fundamental to the nature of our service.
Platform Improvement and Support: We process data (often in an aggregated or anonymized form) to understand how users interact with our platform and to improve our services. For example, we might analyze usage patterns to determine which types of events are most popular or which features are used frequently, then use that insight to enhance our content or functionality. We also review feedback and support inquiries to fix issues and improve user guidance. In doing so, we typically either anonymize personal data or use aggregated data so that insights are not tied to specific individuals, whenever feasible.
Security and Abuse Prevention: We process personal data to maintain a secure environment and to prevent fraud, spam, and abuse. This includes monitoring login activity and actions on the platform to detect potential unauthorized access or malicious behavior. For instance, we may use IP addresses and other identifiers to identify multiple failed login attempts or unusual account behavior, and take action such as temporarily locking an account to prevent a breach. We also enforce our Terms of Use through data analysis; for example, investigating reports of prohibited content or behavior may involve reviewing the related data or content.
Legal Compliance: We process and retain personal data to fulfill our legal obligations under applicable law. For example, certain laws may require us to keep records of user consents, transaction histories, or web server logs for a defined period. If a governmental authority lawfully demands information (such as via a court order or investigation), we will process relevant data to comply with that request. Additionally, to the extent needed, we use data to assert our legal rights or defend against legal claims. For instance, if there's a dispute or investigation, we may retain and review logs or communications as evidence, in accordance with law.
Advertising and Marketing (with Consent): As of now, we do not display third-party ads on Campus Arc. In the future, if we introduce advertising, we may use your data (such as interests or activity on the platform) to show you relevant advertisements, but we will do so in line with privacy laws and, where necessary, with your consent. Separately, we may send you promotional communications about Campus Arc's own offerings or events (for example, emails about new features or upcoming programs related to your interests). We will only send you such marketing communications if you have opted in to receive them. Furthermore, any marketing content might be tailored based on your profile and usage (for example, highlighting new programs similar to communities you've joined or events you've shown interest in).
3. Legal Bases for Processing Personal Data
We process your personal data on one or more of the following legal grounds, as permitted by applicable data protection laws (including KVKK):
Contractual Necessity: Many data processing activities are performed so that we can provide our services to you under our agreement (Terms of Use). For example, when you create an account and use our platform, a contract (the Terms of Use) is formed between you and us, and we must process certain data (like your login credentials, and information you post or requests you make on the platform) to fulfill our obligations and enable you to use the platform's features.
Legal Obligation: In some cases, we must process data to comply with a law or regulation. For instance, laws may require us to retain certain data for a fixed period, respond to official requests, or collect consents for specific processing. When we process data to meet a legal obligation, this is our lawful basis.
Legitimate Interests: We may process data to pursue our legitimate interests in a manner that we believe does not override your fundamental rights and freedoms. For example, maintaining the security of our platform, preventing fraud, improving our services, or certain direct marketing to existing users can be based on our legitimate interests. Whenever we rely on legitimate interests, we carefully consider and balance any potential impact on your rights.
Consent: In certain situations, we will ask for your explicit consent to process your data. For instance, transferring your data outside of Türkiye (when required by law) or sending you marketing emails requires your consent under KVKK. If we rely on consent, you have the right to withdraw that consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.
Different processing activities may rely on different bases. For example:
Processing of your account information and profile data is generally necessary to perform our contract with you (Terms of Use) and may also be based on our legitimate interest in providing a personalized and efficient service.
If we were to use non-essential cookies or analytics, that processing would be based on your consent (which we would obtain via a cookie consent banner).
Sending you promotional emails is based on your consent (opt-in) as required by applicable electronic communications regulations.
Sharing data in response to a legal request from authorities would be based on legal obligation.
Campus Arc will only process personal data when there is a valid legal basis to do so. If we ever need to process your personal data for a new purpose not covered by an existing legal basis, we will notify you and obtain your consent if required.
4. Sharing and Transfers of Personal Data
We do not sell or rent your personal data. However, we may share your personal data with third parties in certain scenarios, consistent with the purposes outlined above and as permitted by law:
Service Providers (within Türkiye): At present, we do not have active data-sharing arrangements with any third-party service providers located in Türkiye that would require transferring your personal data (other than as necessary for legal compliance). In the future, if we integrate services that involve local partners (such as a payment gateway for event ticketing or other integrations), we will share the minimum necessary data with those partners to provide the service. For example, if we implement online payments for events, we might share your name and email with a payment processing company to complete transactions. Any such transfer will be done in accordance with applicable laws and, if needed, after obtaining your consent.
Service Providers and Infrastructure (International): A significant portion of our technical infrastructure is based outside of Türkiye. As a result, your personal data may be stored on or processed through servers located in other countries (primarily the United States and/or European Economic Area countries). For instance, we use Amazon Web Services (AWS) for hosting and cloud storage, Neon for database services, Resend for sending emails (such as verification codes or notifications), and Google Analytics for website traffic analysis. These providers act as "data processors" on our behalf – they process data only under our instructions and to the extent necessary to deliver their services (e.g., storing data, sending emails, or providing aggregate analytics). We have contracts with these providers that include data protection clauses. However, since these providers are outside Türkiye, we rely on your explicit consent (as required by KVKK) for the international transfer of personal data. We have clearly described this in our Privacy Notice and obtained your consent at registration for such transfers. We ensure that these providers are reputable and employ robust security measures to protect your data.
Other Users on the Platform: Certain information is shared with other users as part of normal platform functionality and user interactions. For example, if you join a community, other members of that community can see that you are a member (usually your name on the member list). If you register for an event, your name might be visible to the event organizer and possibly to other attendees. Aside from such context-specific cases, we do not disclose your personal contact information (such as your email or phone number) to other users without your explicit consent. In general, information you choose to make public on your profile or through your content (like posts or comments) will be visible to others on the platform, whereas private information (like your contact details) remains private unless you decide to share it yourself.
Legal and Regulatory Disclosures: We may disclose your personal data when required to do so by law or in response to a valid request by a government authority (for example, a court order, subpoena, or law enforcement demand). Additionally, if necessary, we may share information to protect our rights or the rights of others. For instance, if you violate our Terms of Use or if there's an investigation concerning illegal content or activities on the platform, we might share relevant information with our legal counsel and relevant authorities. We also reserve the right to report any activities that we in good faith believe to be unlawful to law enforcement.
5. Cookies and Similar Technologies
We use cookies and similar tracking technologies on our website to enhance your experience and to collect usage data for improvement of our services. Our use of cookies is described in detail in our Cookie Policy, but we provide a summary here:
At this time, we utilize only essential cookies on our site. Essential cookies are necessary for the website's core functionality – for example, to keep you logged in during a session or remembering your preferences. These cookies do not require your consent under KVKK or other privacy laws because they are needed for the service you explicitly request (using our site). We do not use these cookies for analytics or advertising purposes.
We may also use third-party tools like Google Analytics, which involve cookies that collect information about how visitors use our site. Google Analytics, for instance, collects data such as your IP address and device information and provides us with aggregated analysis. We have configured Google Analytics to anonymize IP addresses to protect individual privacy. Importantly, we seek your consent for any analytics cookies: when you first visit our site, you will see a cookie notice where you can consent to or decline analytics cookies. We will not load or use such cookies unless you opt in.
As of the latest update of this policy, we do not use any advertising cookies or tracking pixels on our site. If in the future we decide to implement cookies beyond essential and basic analytics, we will update our Cookie Policy and obtain any necessary consents from you as required by law.
You have control over cookies through your browser settings. You can delete or disable cookies, but please note that doing so might affect certain functionalities of our website. For more detailed information on the cookies we use and how to manage them, please refer to our Cookie Policy.
6. Data Security Measures
We employ a range of technical and organizational measures to protect the personal data we hold from unauthorized access, alteration, disclosure, or destruction. Our website uses TLS/SSL encryption to secure data transmission. We store data on secure servers with robust firewall protection and apply access control mechanisms to ensure that only authorized personnel can access personal data (on a need-to-know basis). We also regularly monitor our systems for possible vulnerabilities and attacks, and we test and update our security measures as needed.
Despite our efforts, no website, database, or system is completely secure or "hacker-proof." The security of your data also depends on you. We encourage you to use unique and strong passwords for your Campus Arc account and to keep your login credentials confidential. If you suspect any unauthorized access to your account, please notify us immediately so we can help secure it.
We have a data breach response plan in place. If we ever experience a data breach that affects your personal data, we will promptly notify you and the relevant authorities as required by law (for example, in Türkiye, we would notify the Personal Data Protection Authority, as required by KVKK). We will provide information on the nature of the breach, the data affected, and any steps we have taken or recommend you take to protect yourself. We are committed to transparency and proactive communication in the unlikely event of a security incident.
7. Data Retention Periods
We retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations. The exact duration for which we keep your data can vary depending on the type of data and the reason we have it. Here is a general overview:
Account and Profile Data: We keep your basic account information (like your name, email, password in hashed form, etc.) and the content in your profile for as long as your account remains active. If you choose to delete your account, we will initiate the deletion or anonymization of your personal data from our active databases (unless we are required to keep some of it longer for legal reasons).
Content and Activity Data: Content you have posted (such as events, posts, comments) and records of your interactions (like likes and follows) are generally retained while your account is active, and for a period after account deletion (if applicable) in case you reactivate or for other legitimate reasons such as legal compliance or dispute resolution. If you delete specific content (e.g., remove a post or comment), that content will no longer be visible to other users, and we aim to remove it from our systems as per our regular clean-up schedules, unless it's necessary to retain (for example, if it was subject to a report and needed for an investigation).
Logs and Technical Records: Our system and security logs (which may include IP addresses, login history, etc.) are usually retained for a finite period for security monitoring, system improvement, and compliance. For example, web server logs might be kept for 6 months (according to local regulations such as Türkiye's 5651 law, which requires 6 months for certain logs). After that period, logs are securely deleted or anonymized. We may retain logs longer if investigating a security incident or if legally required.
Legal and Consent Records: Any data we must keep to fulfill legal requirements (such as records of consents, contract acceptances, communications regarding data subject rights, and other compliance records) will be retained for as long as the law mandates. For example, in Türkiye, explicit consent records might need to be kept for a certain number of years to prove compliance with KVKK. These records will be disposed of securely once they are no longer required.
When we no longer have a legitimate need to keep your personal data, we will either delete it or anonymize it (so that it can no longer be associated with you). For example, data that has been aggregated and anonymized may be retained for analytical purposes, but it will no longer be linked to any individual. We also periodically review the data we store, and erase or anonymize data that is no longer needed.
Please note that when you delete your account or specific data, it may not be immediately removed from all our systems. Due to the nature of backups and caching, your data may remain in encrypted backups or stored in secure archives for a certain period until those backups are cycled out or overwritten. We maintain backup systems for reliability and disaster recovery purposes, and removing data from backups is done according to our backup retention schedule. Rest assured, we treat any data in backups with the same level of security and will delete or anonymize backup data as well when we update our backups.
8. Third-Party Links and Integrations
Campus Arc may contain links to third-party websites or integrate third-party services (like a single sign-on feature using a social network account). If you click on a link to a third-party site or use a third-party service via our platform, you will be directed to that third party's website or service. The fact that we link to a site or service is not an endorsement or representation of any affiliation with that third party, nor is it an endorsement of their privacy or security policies or practices.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. For example, if a student club on our platform links to their official external website or if a sponsor's link is provided on an event page, any data you provide to or that is collected by that external site is governed by that site's privacy policy, not this one. We strongly encourage you to review the privacy policy of every site you visit or service you use.
If we offer a feature that lets you interact with Campus Arc through a third-party service (for instance, logging in via Google or another platform in the future), any data collected by that third party during such interaction (like your login credentials for that service or profile info shared from that account) will be processed under that third party's terms. We will, of course, only implement such features in a way that respects your privacy (asking for only the minimum necessary data), and we will explain clearly what information would be shared in the process, so you can make an informed decision.
9. International Data Transfers
As mentioned, we may transfer and store your personal data on servers located outside of your home country, including outside of Türkiye. Whenever we transfer personal data out of Türkiye, we ensure that appropriate safeguards are in place to comply with Turkish data protection requirements. For transfers to countries that the Turkish Data Protection Authority has not deemed to provide an adequate level of data protection (which currently includes countries like the United States), our primary basis is your explicit consent obtained in accordance with KVKK.
We inform you of the transfer and possible risks, and we ask for your consent, typically during registration or in the relevant consent form (Açık Rıza Metni). You have the right to refuse or withdraw that consent, although doing so may limit certain functionalities (for example, we might not be able to create an account if we can't use our cloud servers to store your data).
In addition to consent, we also take other measures: we work with reputable service providers that participate in international data protection frameworks or have robust privacy and security certifications (for instance, many of our providers maintain certifications like ISO 27001 and SOC 2). We have data processing agreements in place with them that include standard contractual clauses (as adopted in jurisdictions like the EU) or equivalent, obligating them to protect your data to a high standard, regardless of where it is processed.
Our providers are only allowed to process your data to provide services to us and cannot use it for their own unrelated purposes. It's important to note that when data is stored in a foreign country, it might be subject to that country's laws (for example, in rare cases, government authorities in that country could lawfully request access to data for national security or law enforcement reasons). By giving consent to international transfer, you acknowledge that you understand such potential risks.
We will, however, do everything in our power to select service providers and solutions that minimize these risks and to push back against any unlawful or overbroad request for data (within the bounds of applicable law). If in the future Türkiye's data protection authority or laws allow for transfers under a different mechanism (such as an adequacy decision or approved certification mechanism) we may rely on those. We will update our practices and this policy accordingly when relevant.
10. Your Rights and Choices
Under applicable data protection laws (including KVKK), you have certain rights regarding your personal data. We are committed to honoring your rights and have provided mechanisms for you to exercise them. These rights include:
Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to request a copy of the personal data we hold about you, as well as information about how we use it.
Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. (Much of your basic information can be updated by you directly in your account settings.)
Right to Erasure: You have the right to request deletion of your personal data under certain circumstances – for example, if the data is no longer needed for the purposes it was collected, or if you withdraw consent and there is no other legal basis for processing. We will honor such requests to the extent required by applicable law. Please note that certain data cannot be deleted if we have a legal obligation to retain it (for instance, records of transactions might need to be kept for financial regulations), or if deletion is technically unfeasible and we have anonymized the data instead.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in specific situations. For example, if you contest the accuracy of your data, you can request that we restrict processing while we verify or correct the data. Or if you have objected to processing (see next item), you can request restriction until the objection is resolved. When processing is restricted, we can still store your data but will not use it further until the restriction is lifted.
Right to Object: You have the right to object to processing of your personal data that is based on our legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for those purposes. If you object to processing based on legitimate interest, we will evaluate your objection and cease processing the data unless we have compelling legitimate grounds that override your interests or if processing is necessary for legal claims.
Right to Data Portability: To the extent provided by law (this right applies in a similar form under GDPR in the EU), you have the right to obtain personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit that data to another data controller, when the processing is carried out by automated means and based on your consent or on a contract. In practice, this could mean we provide you a file of your basic account information if you request it.
Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. For example, if you have given consent to receive promotional emails, you can opt out later. Withdrawing consent will not affect the lawfulness of processing that was done before the withdrawal, and it might mean we can't provide certain services (for instance, if consent for international data transfer is withdrawn, we might have to deactivate your account since our servers are abroad).
To exercise any of these rights, you can contact us at contact@campusarc.com. Please clearly state your request and the specific right you wish to exercise. For your protection, we may need to verify your identity before fulfilling your request (especially for access, deletion, or copy requests) to ensure that we do not disclose your data to someone else. Verification might involve confirming that you have access to the email associated with your account or requesting additional information as needed.
We aim to respond to all legitimate requests promptly and in any event within the timeframe required by law (which is generally 30 days under KVKK). If we need more time to respond (due to complexity or number of requests), we will inform you of the reason and extension period.
There may be situations where we cannot fully comply with your request, such as:
If your request conflicts with a legal obligation (e.g., we cannot delete your data if we are legally required to keep it for a certain time).
If fulfilling your request could adversely affect the rights and freedoms of others (e.g., deleting communications that involve another individual).
If the data is anonymized or used for statistical purposes where it doesn't personally identify you.
We will explain the reasons in our response if we deny any part of your request.
In addition to these rights, you have choices that you can exercise directly:
You can review and update certain personal data at any time by logging into your account and accessing your profile settings.
You can unsubscribe from marketing emails by using the "unsubscribe" link at the bottom of such emails or by adjusting your communication preferences in your account settings.
If you wish to delete your account, you can do so through your account settings (if that feature is available) or by contacting us at contact@campusarc.com for assistance. Deleting your account will remove your profile and stop us from processing your personal data, except for data we are required or allowed to keep by law.
If you have concerns about how we handle your data or your requests, you have the right to lodge a complaint with the relevant data protection authority. For instance, in Türkiye, the relevant authority is the Personal Data Protection Authority (KVKK). If you reside in the European Economic Area (EEA) or another jurisdiction, you may have the right to file a complaint with your local supervisory authority for data protection. We would appreciate the chance to address your concerns directly first, so we encourage you to contact us with any issues and we will do our best to resolve them.
11. Effective Date and Changes to this Policy
This Privacy Policy is effective as of June, 2025. We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices or to comply with legal requirements. If we make material changes, we will notify you by updating the policy on our website and changing the "last updated" date, and if the changes are significant, we may also notify you via email or through a notice on the Platform.
It's important that you review any updated Privacy Policy, as your continued use of the Platform after the effective date of the changes will be deemed acceptance of those changes. If you do not agree with the changes, you should stop using the Platform and may delete your account. We will always indicate the date the last changes were published and what those changes were, to keep you informed.
In case of any inconsistency between this Privacy Policy and the KVKK-mandated Aydınlatma Metni (the Turkish Privacy Notice) provided to users, the terms of the Aydınlatma Metni will prevail for Turkish users as it contains specific disclosures required under Turkish law. However, both documents are meant to be consistent and complement each other.
If you have any questions or concerns about this Privacy Policy or our data handling practices, you can reach us at contact@campusarc.com. We value your privacy and will continue to take all necessary steps to protect it. Thank you for trusting Campus Arc with your personal data.
