Legal & Compliance

Privacy Policy

Last Updated: December 25, 2025

Back to Legal HubCookie Policy

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, recording, storage, organization, alteration, disclosure, transfer, deletion, etc.

Data Subject: The natural person whose personal data is processed.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system; in this context, the Company.

2. What Data Do We Collect?

2.1 Directly Provided Data

Information directly provided by the User includes:

  • For account creation and management: name, surname, email address, password, communication preferences, and similar account information along with necessary billing information.
  • Payment-related information is processed through third-party payment service providers with secure infrastructures (iyzico and/or similar PCI-DSS compliant third-party payment service providers). The Company does not directly access, process, or store sensitive payment data such as credit card numbers, CVV, or expiration dates. This information is processed solely by the relevant payment service provider (iyzico and/or similar PCI-DSS compliant third-party payment service providers) in accordance with their own privacy policy and security standards. The Company can only access limited technical information related to the payment process, such as transaction status, invoice information, and verification data.
  • For payments made by bank transfer/EFT, limited transaction data such as sender name, bank name, amount, and description transmitted by the banking system is processed by the relevant bank. The Company accesses this data only to verify that payment has been made and to create accounting records; it does not process this data within the application for other purposes except where required for legal retention obligations and audit processes.

You can access iyzico's privacy policy at: https://www.iyzico.com/gizlilik-politikasi

2.2 Automatically Collected Data

To ensure the security, performance, and usability of our Services, certain personal data is automatically collected. This data is obtained from records technically generated during system operations, information transmitted through browsers, or through analytics tools.

  • IP Address: is automatically recorded with requests sent to our systems through your internet connection. This information is used to ensure session security, support authentication processes, prevent misuse, and generate general traffic statistics.
  • Device Information: (such as device type, model, screen resolution) and browser type and operating system information are obtained from technical data transmitted by your browser or application. This information enables services to display correctly across different devices and platforms, performance optimization, and error detection.
  • Cookies: and similar tracking technologies are used for session management, remembering user preferences, personalizing content and language settings, and analyzing site traffic. Users can manage their cookie preferences through browser settings at any time.
  • Log Records: are automatically created by web servers, firewall (WAF) systems, and CDN infrastructures. These records are necessary for detecting system errors, investigating security incidents, and ensuring uninterrupted service delivery.
  • Page view data, usage statistics, and error reports:may be collected through analytics and error tracking tools. This data helps us improve our products and services, detect performance issues, and enhance user experience by analyzing user behaviors at an anonymous level.
  • Location Information:(if available) is derived from IP address or location data optionally shared by the user. This information is used for security verification, regional content delivery, and statistical analyses.

3. Purposes of Processing Personal Data and Legal Bases

The personal data we collect is processed to ensure that our services are provided in a secure, uninterrupted, and user-oriented manner; to fulfill legal obligations; and to improve user experience. In this context, your personal data may be used for the following purposes in accordance with Article 5 of KVKK (Turkish Personal Data Protection Law) and applicable data protection legislation:

Service Provision and Contractual Obligations

Personal data is processed for the provision of our products and services, creation of user accounts, authentication operations, operation of technical infrastructure, execution of billing and payment processes, provision of customer support, and fulfillment of contractual obligations.

Legal Basis: Performance of Contract (KVKK Art.5/2-c)

Security and Fraud Prevention

Personal data is processed to protect the security of our systems, user accounts, and your data; to detect and prevent unauthorized access, misuse, data breaches, fraud, or attack attempts; to analyze security incidents; and to take necessary technical/administrative measures.

Legal Basis: Legitimate Interest (KVKK Art.5/2-f)

Performance, Analysis, and Product Development

Personal data is processed to perform performance optimization by examining service usage statistics, detect errors, increase software stability, analyze user behaviors at an anonymous level, develop new features, and improve user experience. These operations are conducted in a manner that does not violate users' fundamental rights and freedoms.

Legal Basis: Legitimate Interest (KVKK Art.5/2-f)

Communication, Notification, and Support Processes

Personal data is processed to communicate with users regarding account, security, updates, maintenance, or support matters; to send notifications and announcements; and to respond to user requests or complaints.

Legal Basis: Performance of Contract (KVKK Art.5/2-c)

Marketing and Information Activities (With Explicit Consent)

Subject to user consent, personal data may be processed for providing information about new products, campaigns, updates, and offered services; using analysis and tracking technologies to personalize user experience; and sending user satisfaction surveys or feedback forms. Users have the right to withdraw their explicit consent at any time.

Legal Basis: Explicit Consent (KVKK Art.5/1)

Fulfillment of Legal Obligations

Personal data is processed to fulfill obligations arising from tax, accounting, commercial, and data protection legislation; to respond to requests duly submitted by authorized public institutions, courts, or regulatory authorities; obligations related to prevention of crimes such as money laundering, terrorism financing, or fraud; and obligations to notify relevant authorities in case of data security breaches.

Legal Basis: Legal Obligation (KVKK Art.5/2-ç)

Protection of Legal Rights

Personal data may be processed for the establishment, exercise, or defense of the Company's legal rights.

Legal Basis: Establishment, Exercise, or Protection of Rights - (KVKK Art.5/2-e)

Risk, Audit, and Corporate Operations Management

Personal data is processed to conduct internal audit, risk management, compliance controls, business continuity planning, and corporate reporting processes; to monitor system performance; and to detect potential risks in advance.

Legal Basis: Legitimate Interest - ( KVKK Art.5/2-f)

Backup, Data Retention, and Business Continuity

Personal data is processed to ensure service continuity, prevent data loss, implement disaster recovery plans, and maintain operational security sustainably.

Legal Basis: Performance of Contract - (KVKK Art.5/2-c ) / Legitimate Interest - (KVKK Art.5/2-f)

Merger, Transfer, and Restructuring

Personal data may be processed to conduct necessary sharing and transfer processes while ensuring data security in case of merger, transfer, or restructuring of the Company.

Legal Basis: Legitimate Interest - (KVKK Art.5/2-f)

Provision of Software Analysis Services

Personal data is processed to analyze software components, dependencies, and related data uploaded to the Platform by the User; detect security vulnerabilities; determine license types; and create risk reports.

Legal Basis: Performance of Contract - (KVKK Art.5/2-c)

Protection of Vital Interests (Exceptional Cases)

Personal data may be processed to protect the vital interests of the User or a third party (for example, in serious security incidents or emergencies).

Legal Basis: (KVKK Art.5/2-d)

Public Interest or Request by Authorized Authority

Upon duly submitted request by legally authorized public institutions, personal data may be processed or shared to a limited extent within the scope of public order, security, or crime prevention.

Legal Basis: (KVKK Art.5/2-ç, Art.5/2-a)

4. Cookies and Tracking Technologies

Our website and services may use cookies, web beacons, pixel tags, local storage objects, and similar tracking technologies to improve user experience, measure site performance, implement security measures, and personalize content.

These technologies may be placed by our Company (first-party cookies) as well as by our business partners, analytics service providers, or advertising platforms (third-party cookies). Information collected through cookies generally consists of anonymized data such as device type, browser information, IP address, session duration, visited pages, and click history.

Cookies and similar technologies may be used for the following purposes:

  • Essential Cookies: Required for the secure operation of the website, login, authentication, and execution of basic functions. Disabling these cookies may cause the service to not function properly.
  • Performance Cookies: Used to measure site traffic, analyze user behaviors at an anonymous level, detect errors, and improve performance. These cookies help us understand, for example, how often visited pages or certain features are used.
  • Functionality Cookies: Used to remember user preferences (such as language selection, theme, or session settings) and provide a more personalized experience.
  • Advertising and Targeting Cookies(With Explicit Consent): May be used to show content or advertisements suitable to the user's interests, measure the effectiveness of marketing campaigns, and analyze user trends. Such cookies are activated only with the user's explicit consent.
  • Security and Fraud Prevention: Certain tracking mechanisms may be activated to detect suspicious activities, strengthen authentication processes, and prevent misuse.

Users may change their cookie preferences or disable certain categories at any time through browser settings or, if available, through a cookie management panel. However, if certain cookies are disabled, some parts of the website or services may not function fully.

5. With Whom Is Data Shared?

Your collected personal data may be shared with the following third parties for the effective and secure provision of our services:

  • Service Providers: Service providers offering web hosting, cloud infrastructure, payment processing, email delivery services, analytics and reporting tools, customer support systems, and security and monitoring solutions. These parties process and manage your data only on our behalf and in accordance with our privacy policy.
  • Legal and Financial Advisors: Data may be shared with lawyers, financial advisors, and independent auditors within the scope of conducting legal processes, audit activities, and financial reporting.
  • Group Companies: Data may be shared with our Company's affiliates and group companies for service provision, internal management, and reporting purposes.
  • Legal Obligations and Official Authorities: Your personal data may be shared with relevant legal authorities, courts, audit institutions, and public authorities in accordance with laws, court decisions, or official requests.
  • Merger, Acquisition, and Asset Transfer Situations: In processes of merger, acquisition, asset sale, or restructuring of all or part of our Company, your personal data may be transferred to new authorized parties. In such cases, all necessary measures are taken to protect data security and confidentiality.
  • Advertising and Analytics Partners (With Explicit Consent): Data may be shared with third-party partners collaborating for marketing, advertising, and user behavior analysis purposes, based on explicit consent previously given by the user. Data shared in this scope is processed in accordance with the respective business partners' own privacy policies and KVKK requirements.

6. International Data Transfer

Collected personal data may be transferred to countries outside Turkey within the scope of service execution, hosting, or technical support activities. This transfer is carried out in accordance with Article 9 of KVKK and applicable data protection legislation.

In this context, personal data may be transferred:

  • To countries declared by the Personal Data Protection Board to have adequate protection levels,
  • In countries without adequate protection, provided that data controllers in Turkey and the relevant foreign country commit to adequate protection in writing and obtain Board permission,
  • Subject to the application of appropriate security measures such as standard contractual clauses (SCC) or binding corporate rules approved by relevant data protection authorities,
  • Or in the presence of other conditions stipulated in KVKK (including explicit consent).

The Company enters into data processing agreements with service providers and infrastructure partners to whom it transfers data abroad and takes necessary technical and administrative measures to ensure the security of transferred data.

7. Data Retention Periods

Personal data is retained for as long as necessary to fulfill the processing purpose. Data may be retained for longer periods due to legal retention obligations, resolution of disputes, or security requirements. In this context:

  • Account data: Retained as long as the account is active. Upon account closure, it is kept in "pending deletion" status for thirty (30) days for legal obligations and potential disputes; after this period, it is deleted, destroyed, or anonymized.
  • Invoice and financial records: Retained for legal retention periods stipulated under Tax Procedure Law No. 213 and Turkish Commercial Code No. 6102 (at least 5-10 years).
  • Traffic data and log records: Retained for periods stipulated under Law No. 5651 on Regulation of Publications on the Internet and related secondary legislation (at least 1-2 years).

Upon expiration of retention periods, personal data is deleted, destroyed, or anonymized within the framework of the Company's personal data retention and destruction policy.

8. Security Measures

The Company implements appropriate technical and administrative measures, taking into account current technical capabilities and cost factors, to prevent unlawful processing and access to personal data in accordance with Article 12 of KVKK. These measures include:

  • Data encryption (during transfer and storage)
  • Access controls and authorization mechanisms
  • Regular security audits
  • Web Application Firewall (WAF)
  • Personnel training and confidentiality commitments

However, no electronic transmission or storage method is completely secure. The Company makes all reasonable efforts to apply the highest security standards but does not guarantee absolute security.

When the Company detects a security breach affecting personal data, it makes necessary notifications in accordance with KVKK and relevant legislation and informs affected users within a reasonable time.

9. Your Rights

Pursuant to Article 11 of KVKK, you have the following rights as a data subject:

  • To learn whether your personal data is being processed,
  • To request information if your personal data has been processed,
  • To learn the purpose of processing your personal data and whether it is used in accordance with its purpose,
  • To know the third parties to whom your personal data is transferred domestically or abroad,
  • To request correction of your personal data if it has been incompletely or incorrectly processed,
  • To request deletion or destruction of your personal data under the conditions stipulated in Article 7 of KVKK,
  • To request notification of operations performed pursuant to items (e) and (f) to third parties to whom your personal data has been transferred,
  • To object to any result arising against you through analysis of processed data exclusively by automated systems,
  • To claim compensation for damages incurred due to unlawful processing of your personal data.

You have the right to withdraw your consent at any time for data processing activities based on your explicit consent. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

To exercise these rights, you may apply to info@enocsi.com. Your applications will be concluded within thirty (30) days at the latest. If the process requires additional cost, the tariff determined by the Personal Data Protection Board may apply.

10. Children's Privacy

The Platform is not intended for persons under 18 years of age. The Company does not knowingly collect personal data from children under 18.

If it is determined that data belonging to a person under 18 has been collected without the Company's knowledge, or if reported by a parent/guardian, the relevant personal data will be deleted without delay. In such cases, the Company may be contacted at info@enocsi.com.

11. Redirection to Third-Party Platforms and Disclaimer

Our services may occasionally contain links to websites, applications, or services belonging to third parties. These links are provided solely for the user's convenience. Third-party platforms operate completely independently from our Company and are subject to their own privacy policies. Therefore, our Company has no control or responsibility over personal data collected, stored, or processed on these platforms. Users are advised to review the privacy policies of the platforms to which they are redirected.

12. Policy Changes

This Privacy Policy may be updated from time to time. Updates are published on our website and the last update date is indicated. In case of significant changes, users are informed via email or in-system notification.

13. Governing Language

This Privacy Policy has been prepared in Turkish and translated into English for informational purposes only. In the event of any discrepancy, ambiguity, or inconsistency between the Turkish and English versions, the Turkish version shall prevail and be deemed authoritative.

14. Who We Are

ENOCSI holds the status of "Data Controller" under KVKK and related regulations. You may reach us through the contact information provided below.

Company: ENOCSI YAZILIM TEKNOLOJİLERİ ANONİM ŞİRKETİ

Address: Fenerbahçe Mah. İğrip Sok. No:13 İç Kapı No:1, Kadıköy 34726 Istanbul, Turkey

Contact: info@enocsi.com (for KVKK Article 11 requests)

On this page

Read Cookie Policy
Read Terms of Use