Privacy Policy

Lorenta Technologies operates Lorenta, an AI-powered market simulation platform. We're based in EU / TR and subject to applicable data protection laws including the EU General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK — Law No. 6698), and the EU AI Act.

Data Controller: Lorenta Technologies. Contact: info@lorentaidea.com

Lorenta's 100 simulated personas are fully synthetic — they are not scraped from real people's profiles, opinions, or behavioral data. They are statistical constructs trained on aggregated market research patterns. No real human's identity underpins them.

When you submit a business idea for simulation, our system processes it to generate responses from these personas. Your idea is used transiently during simulation. We do not use it to train AI models. We do not share it with third parties. We do not read it for competitive intelligence.

In plain terms: your idea goes in, feedback comes out, and we don't keep it around to do anything shady with it.

Lorenta's simulation engine is classified as a general-purpose AI system used for market research and decision support — not in a high-risk category as defined by EU AI Act Annex III.

Simulated persona feedback is explicitly synthetic and labeled as such. No output should be construed as a legal, financial, or clinical recommendation.

We maintain technical documentation and risk assessments in line with Article 11 requirements and update them as our system evolves.

Under GDPR and KVKK, you have the right to access, correct, delete, or port your personal data. You can also object to or restrict processing, and withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at info@lorentaidea.com. We'll respond within 30 days (GDPR) or the applicable KVKK timeframe. We won't make it difficult. We won't ask for unnecessary proof. We'll just do it.

If your data is transferred outside the EU/EEA or Turkey, we ensure appropriate safeguards are in place — Standard Contractual Clauses (SCCs) for EU transfers, and equivalent measures for other jurisdictions — in line with GDPR Chapter V and KVKK Article 9.

Our infrastructure providers (cloud hosting, CDN) are contractually bound to handle your data in compliance with applicable law.

We use a limited set of sub-processors: cloud infrastructure (hosting and storage), payment processing (Stripe), and error monitoring (anonymized crash logs). We do not use advertising networks. We do not sell data to data brokers. We do not integrate with social media platforms for tracking.

A full list of sub-processors is available upon request at info@lorentaidea.com.

We use TLS in transit, AES-256 encryption at rest, access controls, and regular security audits. No system is perfectly impenetrable — but we operate like a company that actually cares about this, not one that discovers a breach two years after the fact.

In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay.

Lorenta is not intended for individuals under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from minors. If you believe we have, contact us immediately.

If we make material changes, we'll notify you via email or an in-app banner at least 14 days before they take effect. Cosmetic or legal clarifications may be updated without notice — we'll always post the updated date below.

Last updated: June 1, 2025

Email us at info@lorentaidea.com. If you're in the EU and feel we haven't resolved your concern, you have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, BfDI in Germany, KVKK Board in Turkey).