Trust and compliance.

Legal entity

• —Clastrum is the commercial brand of BRNVLY YAZILIM TİCARET ANONİM ŞİRKETİ, a Turkish joint-stock company incorporated on 21 April 2026.
• —MERSİS: 0187176676500001
• —İstanbul Trade Registry: 1137479
• —Tax Office & No: Kadıköy V.D. — 1871766765
• —Registered address: Hasanpaşa Mah. Nabizade Sk. B Blok No: 82, İç Kapı No: 1, Kadıköy / İstanbul, Türkiye
• —Sole director and authorized signatory: Baran Velayı

Data protection — KVKK and VERBİS

BRNVLY YAZILIM TİCARET A.Ş. is registered with the VERBİS Data Controllers Registry maintained by the Personal Data Protection Authority (KVKK Kurumu). Our registration covers the processing activities described in our Privacy Notice.

• —Data Protection Contact (DPO): dpo@clastrum.com
• —Subject rights requests (access, correction, deletion, objection): submit in writing to dpo@clastrum.com or by registered letter to the registered address. We respond within 30 days.

We rely on legitimate interest under KVKK Art. 5(2)(f) for B2B prospect outreach to corporate and business contact addresses. A formal Legitimate Interest Assessment (LIA) has been prepared and is available to regulatory authorities on request. We do not sell personal data.

EU AI Act methodology

We build AI systems for Turkish and international enterprise clients. Our methodology is aligned with the principles of the EU AI Act (Regulation (EU) 2024/1689), which entered into force on 1 August 2024.

• —Risk classification of every AI system we build or advise on, assessed against Annex III and general-purpose AI provisions.
• —Documentation practices consistent with Annex IV technical documentation requirements, applied to all engagements.
• —Human oversight design — we architect systems with explicit human review checkpoints for high-stakes outputs.
• —Transparency to end users — we do not deploy AI systems that conceal their AI nature.
• —Turkish regulatory alignment — we monitor BDDK, SPK, and TCMB AI-related guidance in parallel with the EU Act.

We do not claim EU AI Act certification. No certification scheme has been formally designated by the European Commission as of the date of this notice. We describe our methodology, not a certification status.

Security posture

We are in active preparation for ISO 27001 certification. A gap analysis has been completed and a remediation roadmap is in place. We are not yet certified.

• —Access controls and role-based permissions
• —Encryption of data at rest and in transit
• —Incident-response procedures
• —Vendor security assessment
• —Employee security training

We do not claim certification or compliance before it is awarded.

Technology partnership — Spark Engine

Clastrum holds a Strategic Technology Partnership with Spark Engine (sparkengine.ai). This partnership provides clients with access to complementary capabilities and a mutual-reference framework under a three-year co-marketing and co-sell arrangement with a defined revenue-share structure.

Data residency

• —Primary web infrastructure: clastrum.com is hosted on Vercel, Frankfurt region (fra1), on EU territory.
• —Operational data (CRM and outreach): processed within our internal platform at the same Vercel Frankfurt deployment.
• —Client project data: data residency is agreed with each client at engagement kickoff. Enterprise and BFSI engagements default to on-premises or Turkish-region cloud (Azure Turkey North / AWS eu-central-1) unless the client specifies otherwise.
• —AI model inference: we use both third-party API-based models and self-hosted open-weight models. For regulated-sector clients, we default to on-prem or private-cloud inference with contractual data-processing agreements.

Cookie and tracking disclosure

clastrum.com uses cookies and equivalent tracking technologies only with your explicit consent, managed through our cookie consent banner. Analytics (Google Analytics 4) and LinkedIn Insight Tag are not activated until you accept the relevant category.

• —Strictly necessary cookies (session management, security) operate without consent.
• —You may withdraw consent at any time by revisiting the cookie preference panel in the site footer.