REVLO COOKIE POLICY

• Cookie: Small text files saved to your browser or device when you visit a website.
• Similar Technologies: Includes pixel tags, SDKs, web beacons, or local storage technologies.
• Required Cookies: Cookies necessary for the secure, stable, and correct operation of the website.
• Functional Cookies: Personalize user experience by remembering language, region, or session preferences.
• Analytical Cookies: Measure site performance and user interaction by analyzing user behavior.
• Advertising / Targeting Cookies: Cookies used to deliver content or advertisements based on your interests.
• Third-Party Cookies: Cookies placed by service providers other than Revlo (e.g., Google Ads, Meta, LinkedIn, Cloudflare).
• SDK (Software Development Kit): Software development tools that track user behavior similar to cookies in mobile applications.
• DNT (Do Not Track): A signal offered by browsers indicating that users do not want to be tracked.
• Google Consent Mode: Technical infrastructure that communicates consent status to Google services.
• Anonymization: Modification of personal data so that it cannot be associated with a specific person.

The Revlo website utilizes cookies to ensure secure and stable operation and to enhance user experience. The types of cookies we use are:

1.1. Required Cookies (Session and Security)

• Session cookie (session_id): Secure session management - Duration: Until browser closes
• CSRF token: Protection against cross-site request forgery - Duration: 24 hours
• Cloudflare security cookies (__cf_bm, __cfruid): DDoS protection - Duration: 30 minutes

1.2. Functional Cookies

• Language preference (lang_pref): Remembers selected language - Duration: 1 year
• Region setting (region): Location-based content - Duration: 6 months
• Theme preference: Dark/light mode - Duration: 1 year

1.3. Analytical Cookies

• Google Analytics (_ga, ga*, _gid): Visitor analysis - Duration: 2 years / 24 hours
• Microsoft Clarity: Heat map and session recording - Duration: 1 year

1.4. Advertising / Targeting Cookies

• Google Ads (gcl*, gac): Campaign performance - Duration: 90 days
• Meta Pixel (_fbp, _fbc): Facebook/Instagram ads - Duration: 90 days
• LinkedIn Insight (_li_dcdm_c, li_gc): B2B targeting - Duration: 180 days

1.5. Google Consent Mode v2 Compliance

Revlo uses Google Consent Mode v2 technology, which has been mandatory since March 2024. Google Consent Mode v2 ensures that advertising and analytical tags behave according to user consent status; Revlo activates this system only for categories where consent has been obtained.

• Disables cookies when consent is not given
• Maintains basic measurements with anonymized ping signals
• Automatically communicates consent status to Google

Revlo may use some cookies together with third-party providers. These providers offer security, analytics, and advertising services.

Main third parties used:

• Google Ads / Google Analytics: Advertising performance and conversion measurement
• Meta (Facebook/Instagram): Retargeting and ad campaign management
• LinkedIn Ads: B2B targeted advertising and content interaction measurement
• Cloudflare / Microsoft Azure: Hosting, security, CDN optimization

These providers may process data in the European Economic Area (EEA), United Kingdom, or USA.

Data Transfer to USA:

Data transfer to US-based providers such as Meta, Google, and Microsoft is carried out within the scope of the EU-US Data Privacy Framework (DPF). Standard Contractual Clauses (SCCs) are also applied as a backup mechanism.

Revlo requires these providers to have security certifications such as ISO 27001 or SOC 2.

Third-Party Cookie Control:

Users can also manage cookie preferences from third-party providers' own platforms:

• Google Ads settings: https://adssettings.google.com
• Meta ad preferences: https://www.facebook.com/settings?tab=ads
• LinkedIn ad settings: https://www.linkedin.com/psettings/guest-controls
• Microsoft privacy: https://account.microsoft.com/privacy

This policy has been prepared within the framework of GDPR (EU 2016/679), ePrivacy Directive (2002/58/EC), and KVKK (6698).

• Required Cookies: Necessary for basic functions of the website (legitimate interest).
• Functional, Analytical, and Advertising Cookies: Activated only with explicit user consent.

Users can give or withdraw consent through the cookie banner or preferences panel.

No non-essential cookies are placed unless consent is given.

KVKK Compliance:

This policy has been prepared in accordance with the following articles of KVKK No. 6698:

• Article 5: Data processing conditions (explicit consent and legitimate interest)
• Article 10: Obligation to inform
• Article 11: Data subject rights

Data Minimization:

Revlo applies the data minimization principle. Only the minimum data necessary for specified purposes is collected. IP addresses are automatically anonymized in Google Analytics (last octet masked: 192.168.1.xxx).

A cookie banner is shown upon first access to www.revloai.com and Revlo AI platforms.

User can:

• Accept all cookies,
• Accept only required cookies,
• Or make category-based selections.

Users can change their consent at any time via the "Cookie Preferences" link at the bottom of the page.

Consent preferences are device and browser specific; consent may be requested again when accessing from different devices.

Do Not Track (DNT) Signals:

Revlo technically detects browser Do Not Track (DNT) signals. However, since the DNT standard is not legally binding, the cookie banner is displayed even if DNT is active, and manual consent from the user is expected. When consent is not given, non-essential cookies are definitely not placed.

Consent records are securely stored for audit purposes.

Data that may be processed within the scope of advertising and analytical cookies:

• IP address (in anonymized form),
• Browser and device type,
• Pages visited, clicks and interaction information,
• Campaign source, referral URL,
• Ad display and click history.

Revlo does not create individual user profiles with this data; ad targeting is only done at anonymous segment levels and data is not sold or shared with third parties for commercial purposes.

Data Categories Processed:

• ✓ Required Cookies: Session ID, security tokens (do not contain personal data)
• ✓ Functional Cookies: Language, theme, region preferences (do not contain personal data)
• ✓ Analytical Cookies: Anonymized IP, browser/device information, page view statistics
• ✓ Advertising Cookies: Ad ID, click history, campaign source

All analytical and advertising data is processed in anonymized or pseudonymized form.

On Revlo www.revloai.com webpage and Revlo AI platforms, AI-powered analysis systems may be used for advertising performance and user experience optimization.

In these processes, cookie data is anonymized and evaluated only in aggregated analyses. Individual user identity inference is not performed.

Data Use in AI Models:

Cookie data is NOT USED for training AI models. AI-powered analyses are only used for:

• Real-time optimization (e.g., ad budget distribution)
• Aggregated trend analysis (e.g., most visited hours)
• Anomaly detection (e.g., bot traffic filtering)

and individual user tracking is not performed in these processes.

Users can access cookie preferences through browser settings or the banner.

They can also delete existing cookies or block new cookies through the browser.

Disabling required cookies may restrict some functions of the website.

Browser-based management links:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Mobile Application and SDK Control:

Revlo mobile applications or integrations on third-party platforms may use SDKs (Software Development Kits). These SDKs use device identifiers similar to cookies:

• iOS: IDFA (Identifier for Advertisers) - Settings > Privacy > Advertising
• Android: GAID (Google Advertising ID) - Settings > Google > Ads

Users can reset or disable these identifiers from device settings.

Additional Privacy Tools:

• Browser extensions such as Ghostery, Privacy Badger
• Brave Browser's built-in tracker blocker
• Ad blockers such as uBlock Origin

Required Cookies:

• Session cookies: Until browser closes
• CSRF tokens: 24 hours
• Cloudflare security: 30 minutes

Functional Cookies:

• Language/theme preferences: 1 year
• Region settings: 6 months
• Session remember: 30 days

Analytical Cookies:

• Google Analytics (_ga): 2 years (GA4 standard)
• Google Analytics (_gid): 24 hours
• Microsoft Clarity: 1 year

Advertising / Targeting Cookies:

• Google Ads: 90 days
• Meta Pixel: 90 days
• LinkedIn Insight: 180 days (6 months)

Third-party provider cookie durations are subject to their own policies. Revlo ensures these durations do not exceed 12 months.

Revlo services are not intended for users under 18 years of age and we do not knowingly collect cookie data from individuals under 18.

If we learn that data has been collected from a user under 18 by mistake:

• ✓ Data is immediately deleted
• ✓ Relevant cookies are cleared
• ✓ Deletion request is sent to third-party providers

Parents or guardians have the right to request deletion of data they believe belongs to their children.

Revlo may update this policy in line with changes in legislation or technology.

If cookie types change, user consent may be requested again.

The current version enters into effect when published on the website.

You can exercise your rights of access, correction, deletion, or objection under KVKK Article 11 by writing to info@revloai.com. Applications are responded to within 30 days.

Revision History:

═══════════════════════════════════════

• v1.0 (October 28, 2025): Initial publication
  • GDPR, ePrivacy and KVKK compliant structure
  • Google Consent Mode v2 support
  • Detailed cookie categories and durations

═══════════════════════════════════════

Important changes will be communicated to users via email or site notification.

For more detailed information about all processes related to the processing of your personal data (other than cookies) and your data subject rights under KVKK/GDPR, please review our Main Privacy Policy.

You can contact us for your questions or requests:

Email: info@revloai.com
Address: Revlo Artificial Intelligence and Software Inc. Pınarbaşı Mh. Hürriyet Cd. Antalya Teknokent Uluğbey Ar-Ge 2 Binası No: 34/8125, Konyaaltı/Antalya, Turkey