Privacy Policy

Last Updated: April 28, 2026

biletalarmi.com ("Company" or "we") is committed to protecting the privacy of our users and transparently processing the data we collect. This Privacy Policy describes the types of personal data we collect through the biletalarmi.com website and services, the purposes of collection, retention periods, with whom the data is shared, and your rights regarding your data. biletalarmi.com is an independent platform that offers a free alarm service to users via email, Telegram, or web push notifications when a vacant seat becomes available for TCDD train tickets, and it has no organic or representative relationship with TCDD Taşımacılık A.Ş.

1. Data We Collect and Purposes of Collection

We collect certain personal data to provide and improve our services. The data we collect and the purposes for their use are detailed below:

a. Data Provided Directly by You:

• Email Address (Required): Collected to send TCDD train ticket vacant seat alarms to you via email. It forms the basis of the alarm service.
• Telegram chat_id (Optional): If you wish to receive notifications via Telegram, we collect this identifier when you interact with our Telegram bot. Its purpose is to send alarm notifications to your Telegram account.

b. Automatically Collected Data:

• IP Address: Automatically collected to ensure the security of our services, prevent misuse, and prevent system overload (rate limit).
• User-Agent Information: Information such as the type, version, and operating system of your web browser or device. Used to detect bot activities and implement security measures.
• Cookie Preferences: Used to record your choices made via the cookie banner and is mandatory for legal compliance.
• Usage Data: Anonymized or pseudonymized data, such as which pages you visit and how long you use the service, may be used to analyze and improve service quality (Google Analytics - only with your consent).

2. Retention Period of Collected Data

Your personal data will be stored for as long as you actively use the alarm service or for the duration required by our legal obligations. When you cancel an alarm or cease using the service, your data will be deleted within the relevant legal periods or immediately. It may be necessary to store data for longer periods due to legal obligations or in the event of a legal dispute.

3. Sharing of Personal Data

Your personal data will not be shared with third parties without your explicit consent or unless there is a legal obligation. However, in the cases specified below, your data may be transferred to a limited and necessary extent:

• Service Providers: Your data may be shared to a limited extent with third parties from whom we receive technical infrastructure services, such as email delivery services, Telegram API integration, and web push notification services, for the purpose of fulfilling the service. These providers are obligated to process your data only on our behalf and according to our instructions.
• Analytics and Security Services: Anonymized or pseudonymized data may be shared with third-party analytics and security providers such as Google Analytics (if the user gives consent) and Cloudflare Turnstile. These services help us monitor our website's performance and protect against bot attacks.
• Legal Obligations: In accordance with court orders, legal regulations, or requests from authorized public institutions and organizations, your personal data may be shared with legal authorities.

4. Cookies

Cookies are used on our website. For detailed information about cookies, you can review our Cookie Policy.

5. Security of Your Data

We take all technical and administrative measures to ensure the security of your personal data. We use methods such as encryption, firewalls, access controls, and regular security audits to prevent unauthorized access, data loss, misuse, or disclosure. However, no data transmission or storage method over the internet is 100% secure. Therefore, we cannot guarantee the absolute security of your data.

6. GDPR and KVKK Compliance

Our Company acts in compliance with the principles of both the Personal Data Protection Law No. 6698 (KVKK) and the European General Data Protection Regulation (GDPR) regarding the protection of personal data. Within this scope, we process your data in accordance with law and fairness principles, observe the principle of data minimization, and ensure transparency.

7. Data Subject Rights

In accordance with Article 11 of the KVKK and the relevant articles of the GDPR, you have the following rights regarding your personal data:

• To learn whether your personal data is processed,
• To request information if your personal data has been processed,
• To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom your personal data is transferred domestically or abroad,
• To request the rectification of your personal data if it is incomplete or incorrectly processed,
• To request the deletion or destruction of your personal data,
• To request that these rectification, deletion, or destruction operations be notified to third parties to whom your personal data has been transferred,
• To object to the occurrence of a result against you by means of analyzing your processed data exclusively through automated systems,
• To demand the compensation of damages if you suffer damage due to the unlawful processing of your personal data.

To exercise these rights, you can submit your requests in writing or by other methods determined by the Personal Data Protection Board to the email address or to the address .

8. Changes to Our Policy

This Privacy Policy may be updated from time to time. Significant changes to the policy will be published on our website and, if necessary, you will be informed via email. You are advised to review the policy regularly.