Legal & Compliance

Privacy Policy

Last updated: September 12, 2025

Back to Legal HubCookie Policy

Introduction

This Privacy Policy explains how ENOCSI (“we”, “us”, “our”) collects, uses, discloses, and safeguards personal data when you use our websites, products, and services, including enocsi.com and app.enocsi.com. Read together with our Cookie Policy.

We follow the principles of data minimization and privacy by design. Except where required to operate the service or by law, we avoid collecting directly identifying information.

Who we are (Data Controller)

Data Controller: ENOCSI YAZILIM TEKNOLOJİLERİ A.Ş., Fenerbahçe Mah. İğrip Sok. No:13 İç Kapı No:1, Kadıköy 34726 İstanbul, Türkiye.
Primary contact: info@enocsi.com (GDPR Art. 12–23 / KVKK Art. 11 requests).

Minimal data design (what we store)

  • Application DB: We store tenant_id (a pseudonymous internal identifier). We do not store name, surname, or email in our application database.
  • Authentication: Session/identifier values are processed to keep you signed in. Depending on your identity provider, attributes may be exchanged at login, but we do not persist name/email in our DB.
  • Payments & invoicing: Handled by iyzico/iyzipay. Card and invoice data are processed/stored by iyzico. ENOCSI does not store card numbers.
  • Contact form (enocsi.com only): If you contact us, we process the information you submit (e.g., name, email, message) to respond. This is separate from the app.
  • Logs & security: We may process IP and diagnostic events to maintain security and reliability.

Data we process (by context)

Context
Category
Examples
Where stored
Legal basis
Retention
App (app.enocsi.com)
Account / Tenant
tenant_id (pseudonymous internal identifier). No name, no email stored in our application DB.
ENOCSI application DB (TR/EU cloud)
Contract performance; Legitimate interests (account integrity)
Active subscription + 12 mo. (audit); then delete/aggregate
App (session)
Authentication
Session tokens/identifiers from auth provider. Email/name not persisted in our DB.
Secure session store; httpOnly cookies
Contract performance; Legitimate interests (security)
Session lifetime
Security & logs
Telemetry
IP, timestamps, error/diagnostic logs (may be personal data under GDPR).
Log storage (EU-based where feasible)
Legitimate interests (security, reliability); Legal obligations
90–180 days (typical); extended if incident/defense
Payments (checkout)
Billing & payments
Payment card & invoice details processed by iyzico/iyzipay. ENOCSI does not store card data.
iyzico/iyzipay systems (independent controller)
Contract performance; Legal obligations (finance/tax) by iyzico
Per iyzico policy & law; not stored in our DB
Website (enocsi.com)
Contact form
Name, email, message content (only if you submit the form on enocsi.com).
ENOCSI inbox/helpdesk or CRM (limited access)
Legitimate interests (responding to requests); Consent (marketing follow-up if opted-in)
Resolve + 12 mo. (support trace); or earlier on request
Cookies
Strictly necessary
Auth/session, CSRF, checkout flow, fraud/3DS (see Cookie Policy).
Browser cookies; first/third party
Essential service; Legitimate interests
Per cookie (see Cookie Policy)
Cookies
Analytics/Functional
Aggregated usage metrics, A/B experiments (only after consent).
Analytics tools (configured with consent gating)
Consent (GDPR Art.6(1)(a); KVKK açık rıza)
Per tool limits (e.g., 13 months); see Cookie Policy

Notes: Payment processing and invoicing are performed by iyzico/iyzipay as a separate controller. See our Cookie Policy for cookie categories and durations.

How we use data

  • Provide and operate the service at a tenant level (pseudonymous identifiers).
  • Authenticate users and maintain secure sessions.
  • Process payments via iyzico and meet invoicing/legal obligations (handled by iyzico).
  • Maintain security, prevent fraud/abuse, and debug issues.
  • Respond to messages sent through the website contact form.
  • Comply with applicable laws and enforce terms.

Sharing & roles (processors/controllers)

We may share limited data with trusted service providers acting as processors (e.g., hosting and log infrastructure such as AWS/Azure/Hetzner/DigitalOcean/OVHcloud; analytics tools where consented; helpdesk/CRM for contact form). Such processing is governed by data-processing agreements and appropriate safeguards.

For payments and invoicing, iyzico/iyzipay acts as an independent controller and determines the purposes of processing required to perform payment and comply with financial/tax law. ENOCSI does not store card details in its DB.

We may also disclose data when required by law or to protect our rights, safety, or the rights of others (e.g., law enforcement requests, dispute resolution).

International transfers

Where data is transferred internationally, we implement appropriate safeguards (e.g., Standard Contractual Clauses or equivalent mechanisms) to protect personal data according to applicable law.

Data retention

We retain personal data only as long as necessary for the purposes above or as required by law. Retention varies by category (see table). Where feasible, we aggregate or anonymize data. You can request deletion consistent with applicable law.

Security

We use administrative, technical, and organizational measures (encryption in transit, access controls, monitoring, backups, least-privilege, 2FA where applicable) to protect data against unauthorized access, alteration, or loss. No method is 100% secure; we continuously improve our safeguards.

Your rights & requests

Under GDPR (Arts. 12–23) and KVKK (Art. 11), you may request access, rectification, deletion, restriction, objection, portability, and may withdraw consent at any time (without affecting prior lawful processing). You may also lodge a complaint with your data protection authority.

We will respond within 1 month (GDPR) / 30 days (KVKK). We may need to verify your identity.

Manage cookie consent

Changes to this policy

We may update this policy to reflect operational or legal changes. We will post the updated version here and revise the “Last updated” date above.

Contact

ENOCSI YAZILIM TEKNOLOJİLERİ A.Ş. — Fenerbahçe Mah. İğrip Sok. No:13 İç Kapı No:1, Kadıköy 34726 İstanbul, Türkiye. For privacy inquiries: info@enocsi.com.

On this page

Read Cookie Policy
Read Terms of Use