Privacy Policy
Last updated: July 15, 2026
GDPR, CCPA, CAN-SPAM, and CASL compliant
1. Introduction & Scope
Welcome to bigebesikci.com (the "Website"). I, Bige Besikci Yaman ("I," "me," "my," or "we"), respect your privacy and am committed to protecting your personal data. This privacy policy explains how I collect, use, store, and share your personal information when you visit this website, sign up for my newsletter, download lead magnets, or contact me for consulting services.
This policy is designed to comply with:
- GDPR (EU General Data Protection Regulation) for EU/UK residents
- CCPA (California Consumer Privacy Act) for California residents
- CAN-SPAM Act (USA) for email marketing
- CASL (Canada's Anti-Spam Legislation) for Canadian subscribers
- ePrivacy Directive for cookie and tracking compliance
2. Personal Data I Collect
I collect personal data in different ways and for different purposes. Here's what I collect and how:
2.1 Data You Voluntarily Provide
- Contact Forms: When you fill out the contact form, I collect your name, email, phone (optional), and message.
- Lead Magnet Forms: When you download the SaaS Growth Audit Checklist or other lead magnets, I collect your email, first name, last name, and company stage/business information.
- Newsletter Signup: When you subscribe to my newsletter, I collect your email address and optionally your first name.
- Consulting Engagement: If you become a consulting client, I may collect additional information including company details, budget information, and project scope.
2.2 Data Collected Automatically
- Technical Data: Browser type, operating system, IP address, pages visited, time spent on pages, referring website.
- Device Information: Device type, screen resolution, language preferences.
- Cookies & Tracking: Information stored via cookies, web beacons, and tracking pixels (see Section 5 on Cookies).
- Analytics Data: How you interact with the website (clicks, scrolls, form interactions) via Google Analytics.
- Usage Data: Which lead magnets you download, which blog posts you read, which CTAs you click.
2.3 Data Categories
- Identity Data: First name, last name, company name (optional).
- Contact Data: Email address, phone number (optional).
- Business Data: Company stage, industry, business challenge, budget information.
- Technical Data: IP address, browser type, device type, cookies, tracking IDs.
- Usage Data: Pages visited, content downloaded, CTAs clicked, engagement metrics.
3. Legal Basis for Data Processing
Under GDPR, I only process your data when I have a valid legal basis. Here's the basis for each use:
3.1 Explicit Consent
- Marketing emails: You explicitly consent by signing up for my newsletter or filling out a form that includes an opt-in checkbox.
- Lead magnet delivery: You consent by filling out the form to download the checklist/resource.
- Analytics cookies: You consent by accepting cookies (where applicable).
3.2 Legitimate Interest
- Website analytics: I have a legitimate interest in understanding how visitors use my site to improve user experience and identify service demand.
- Fraud prevention: I have a legitimate interest in detecting and preventing spam/abuse.
- Business development: I have a legitimate interest in following up with consulting inquiries.
3.3 Contractual Necessity
- Consulting engagement: If you become a client, data processing is necessary to perform our consulting agreement.
4. How I Use Your Personal Data
4.1 Lead Magnet Delivery
When you download the SaaS Growth Audit Checklist or other resources, I use your email to:
- Send you the PDF resource immediately
- Send you follow-up emails with related content (unless you unsubscribe)
- Segment you for personalized marketing (e.g., by SaaS stage)
4.2 Newsletter & Email Marketing
When you subscribe to my newsletter, I use your email to:
- Send you bi-weekly growth insights and marketing strategy content
- Offer consulting services and case studies (periodically)
- Share new blog posts and resources
Frequency: Approximately 2 emails per week. You can unsubscribe anytime via the link in every email.
4.3 Consulting & Service Delivery
If you contact me about consulting services or become a client, I use your data to:
- Respond to your inquiry
- Assess fit and prepare a proposal
- Deliver consulting services
- Invoice and manage the engagement
4.4 Website Analytics & Improvement
I use technical and usage data to:
- Understand which content resonates with visitors
- Improve website performance and user experience
- Identify high-intent visitors for targeted outreach
- Measure marketing effectiveness (Google Analytics)
4.5 Communications & Support
I use your contact information to:
- Respond to inquiries submitted via contact form
- Provide customer support for lead magnets or services
- Send transactional emails (confirmation, receipts, etc.)
4.6 Legal & Compliance
I may use your data to:
- Comply with legal obligations (tax, law enforcement requests)
- Protect against fraud or security threats
- Enforce my Terms of Service
5. Cookies & Tracking Technologies
5.1 What Are Cookies?
Cookies are small files stored on your device that help websites remember your preferences and track your activity. I use cookies and similar technologies (web beacons, pixels) to enhance your experience.
5.2 Types of Cookies I Use
- Essential Cookies: Required for website functionality (dark mode toggle, form submission). Cannot be disabled.
- Analytics Cookies: Google Analytics to track visitor behavior and website performance. (Optional)
- Marketing Cookies: Google Tag Manager and Brevo to track form submissions and marketing effectiveness. (Optional)
- Social Media Cookies: If you interact with embedded LinkedIn/Twitter content.
5.3 Your Cookie Choices
You can control cookies through:
- Browser Settings: Disable cookies in your browser (may break some features).
- Opt-Out Links: Google Analytics provides an opt-out browser extension.
- Cookie Banner: When visiting (in future update), you'll be able to reject non-essential cookies.
5.4 Third-Party Cookies
The following third parties set cookies on my website:
- Google Analytics: Tracks page views, user behavior, traffic sources.
- Google Tag Manager: Tracks form submissions and marketing events.
- Brevo (Sendinblue): Tracks email engagement and form submissions.
- Firebase (Google): Provides website hosting and performance monitoring.
6. Third-Party Data Sharing & Vendors
6.1 Who I Share Your Data With
I do NOT sell your personal data. However, I share your data with the following vendors to deliver services:
6.2 Essential Vendors
- Brevo (Sendinblue): Email marketing platform
- What data: Email, name, company stage, engagement data
- Purpose: Send newsletters and marketing emails
- Legal basis: Data Processing Agreement (DPA) in place
- Link to privacy policy: brevo.com/legal/privacy
- Google Analytics & Firebase: Website analytics and hosting
- What data: IP address, browser info, pages visited, events
- Purpose: Track website performance and user behavior
- Legal basis: DPA in place via Google's terms
- Link to privacy policy: policies.google.com/privacy
- Google Tag Manager: Event tracking
- What data: Form submissions, CTA clicks, conversions
- Purpose: Track marketing performance
- Legal basis: DPA in place
6.3 Optional Vendors
The following are only used if you interact with them:
- LinkedIn: If you click "Connect on LinkedIn"
- Twitter/X: If you click social links
- Calendly (if added): For scheduling consulting calls
6.4 Data Retention by Vendors
Each vendor retains your data according to their policy:
- Brevo: Keeps data while you're subscribed; deletes 12 months after unsubscribe
- Google Analytics: Retains data for 38 months by default; you can adjust retention in settings
- Firebase: Follows Google's data retention policy (varies by service)
7. Data Retention & Deletion
7.1 How Long I Keep Your Data
- Newsletter Subscribers: As long as you're subscribed. 12 months after unsubscribe, data is deleted.
- Lead Magnet Downloads: 12 months after last engagement (email open or click). Then deleted.
- Contact Form Inquiries: 24 months (for follow-up and legal records). Then archived/deleted.
- Consulting Clients: 3 years after engagement ends (for legal/tax compliance).
- Analytics Data: 38 months (Google's default). You can adjust in your account.
7.2 Your Right to Deletion (GDPR)
If you're in the EU/UK, you have the right to request deletion of your data at any time. To request deletion:
- Send a request to: hello@bigebesikci.com
- Include: Your email address and request for deletion
- I will delete your data within 30 days (or explain if I need to keep it for legal reasons)
8. Your Data Rights (GDPR & CCPA)
8.1 If You're in the EU/UK (GDPR Rights)
- Right to Access: Request a copy of all data I hold about you
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Ask me to limit how I use your data
- Right to Data Portability: Get your data in a portable format
- Right to Object: Opt out of marketing communications (unsubscribe link in emails)
8.2 If You're in California (CCPA Rights)
- Right to Know: Request what personal information I collect
- Right to Delete: Request deletion of your data
- Right to Opt-Out: Opt out of data sales (I don't sell, but you can request)
- Right to Non-Discrimination: I won't discriminate if you exercise your rights
8.3 How to Exercise Your Rights
To request any of the above, email: hello@bigebesikci.com with:
- Your full name
- Email address
- Specific request (access, deletion, correction, etc.)
I will respond within 30 days (45 days for complex requests).
9. Data Security
9.1 How I Protect Your Data
- Encryption: Data in transit is encrypted via SSL/TLS (HTTPS)
- Secure Hosting: Website hosted on Firebase (Google), which has enterprise-grade security
- Vendor Security: All vendors (Brevo, Google) comply with SOC 2 and GDPR standards
- Access Control: Only I have access to your data; no employees or contractors
- No Sensitive Data: I don't store payment info, SSN, health data, or other sensitive categories
9.2 Data Breach Notification
In the unlikely event of a data breach:
- I will notify affected individuals within 72 hours (GDPR requirement)
- I will notify relevant authorities if required
- You will receive an email with details and recommended actions
10. International Data Transfers
10.1 Where Your Data Is Stored
Your data is stored in the United States (Firebase, Google servers). If you're in the EU/UK, this is an "international transfer" covered by:
- Standard Contractual Clauses (SCCs) with Google and Brevo
- Data Processing Agreements (DPAs) that ensure adequate protection
- Google's EU-US Data Privacy Framework participation
11. Children's Privacy
This website is not intended for children under 13. I do not knowingly collect data from children. If I learn I've collected data from a child, I will delete it immediately.
12. Third-Party Links & External Sites
This website contains links to third-party sites (LinkedIn, Twitter, blog platforms, etc.). I am NOT responsible for their privacy practices. When you leave my site, you are subject to their privacy policies. Please review their policies before sharing data.
13. Disclaimer: Not Legal Advice
I am a marketing consultant, not a lawyer. This privacy policy is not legal advice. It explains how I handle your data for marketing purposes. Consult a lawyer for legal compliance in your specific jurisdiction.
14. Changes to This Privacy Policy
I may update this policy as laws change or my practices evolve. When I make material changes, I will:
- Update the "Last updated" date at the top
- Send you an email notification (if required by law)
- Post a notice on this page
Your continued use of the website after changes means you accept the updated policy.
15. Contact & Questions
If you have questions about this privacy policy, how I handle your data, or want to exercise your data rights:
Email: hello@bigebesikci.com
Website: bigebesikci.com
Response Time: I will respond within 5 business days
If You're in the EU/UK:
You also have the right to lodge a complaint with your data protection authority (e.g., ICO in the UK, local DPA in your country).
16. Summary of Your Rights at a Glance
- ✅ Unsubscribe anytime: Click link in any email
- ✅ Request your data: Email hello@bigebesikci.com
- ✅ Delete your data: Request deletion via email (within 30 days)
- ✅ Opt out of analytics: Use Google Analytics opt-out extension
- ✅ Disable cookies: Browser settings (may affect functionality)
- ✅ Object to processing: Email to request limitation
This privacy policy is GDPR, CCPA, CAN-SPAM, and CASL compliant. Last updated: July 15, 2026