Skip to main content
KVKK (Kişisel Verilerin Korunması Kanunu) is Turkey’s personal data protection law, broadly aligned with GDPR principles. If your pipelines process documents containing Turkish personal data, FlexOrch detects Turkey-specific identifiers, masks them before dataset export, and logs all processing activity to a tamper-evident audit trail.
FlexOrch is a technical tool, not a legal compliance service. Its outputs support KVKK compliance workflows but do not constitute legal advice. Consult your data protection officer (DPO) or qualified legal counsel to confirm your specific obligations under KVKK.

Detected Turkish PII types

FlexOrch recognizes the following Turkish personal data types out of the box. Each is mapped to its relevant KVKK category.
IdentifierDescriptionKVKK Category
national_id_trT.C. Kimlik NoKimlik verisi
tax_id_trVergi Kimlik NoFinansal veri
phone_trTurkish mobile or landline numberİletişim verisi
iban_trTurkish IBAN (TR prefix)Finansal veri
emeklilik_noSGK Emeklilik sicil noSosyal güvenlik verisi
isyeri_sicil_noSGK İşyeri sicil noÇalışma verisi
bagkur_noBağ-Kur sicil noSosyal güvenlik verisi

Mask PII before export

Masking replaces raw personal data values with typed placeholders in your exported datasets, so that downstream systems — including LLM training pipelines — never receive raw Turkish PII. Export a dataset with masking applied: 
curl "https://api.flexorch.com/v1/datasets/{id}/export?format=jsonl" \
  -H "X-API-KEY: dfx_your_key_here" \
  -o dataset_masked.jsonl
Masked fields use clearly typed placeholders. For example: 
{
  "text": "Başvuranın kimlik numarası [MASKED_NATIONAL_ID_TR] ve IBAN'ı [MASKED_IBAN_TR] olarak kaydedilmiştir."
}
Raw values are never included in the export payload. The original values remain in your document store only for the retention period defined by your plan.

Export the audit trail

All pipeline executions are logged automatically. You can export the full audit log at any time — in JSON or CSV — to supply records to your DPO or a supervisory authority. 
curl "https://api.flexorch.com/v1/audit/export?format=json" \
  -H "X-API-KEY: dfx_your_key_here" \
  -o audit_log.json
Each audit record includes the event timestamp, event type, document ID, and outcome. Raw document content and PII values are never included in the audit log. See the NIS2 Audit Export page for a full description of audit log fields.

Data processor status

FlexOrch Technology processes document data on behalf of its customers as a data processor under KVKK Article 12. For data processing inquiries or to request a Data Processing Agreement (DPA), contact privacy@flexorch.com.