Privacy Policy

At ÖzgürKod, we value your privacy. This policy explains how your personal data is collected, used, stored, and protected. By using our platform, you agree to this policy.

1. Data Controller

Data Controller: ÖzgürKod
Address: Çekmeköy, İstanbul, Türkiye
Email: [email protected]

We act as a data controller under the Turkish Data Protection Law (KVKK No. 6698) and the GDPR where applicable.

2. Personal Data Collected

2.1 Data Collected Directly From You

Account Creation:

• First name, last name
• Email address
• Phone number
• Company information
• Job title

Payment Information:

• Billing details (name, address, tax ID)
• Credit card information (via secure payment provider)

Platform Usage:

• Your customer database (data uploaded to CRM)
• Communication records (email, phone, messaging)
• Documents and files
• Customization preferences

2.2 Automatically Collected Data

• IP address
• Browser type and version
• Device information (OS, device type)
• Usage data (access times, click data)
• Cookies and similar technologies
• Log records

3. Purposes and Legal Bases for Processing

Purpose	Legal Basis
Service delivery and account management	Contractual necessity
Customer support	Contractual necessity
Payment processing and billing	Legal obligation
Security and fraud prevention	Legitimate interest
Product development and analytics	Legitimate interest
Marketing communications	Explicit consent

4. Use of Data

4.1 Core Service Delivery

• Enabling use of the CRM platform
• Account creation and authentication
• Storing and processing your customer data
• Running integrations (WhatsApp, Telegram, etc.)

4.2 Communication & Support

• Providing customer support
• Service update notifications
• Resolving technical issues
• Sending training and onboarding materials

4.3 Platform Development

• Usage analytics and performance monitoring
• Error detection and fixing
• Developing new features
• Improving user experience

4.4 Security & Compliance

• Fraud and abuse detection
• Vulnerability detection and remediation
• Legal compliance
• Providing necessary documents in legal proceedings

5. Data Sharing

5.1 Who Do We Share Your Data With?

Third-Party Service Providers:

• Cloud Infrastructure: AWS, Google Cloud (data storage)
• Payment Processors: Stripe (secure payments via Shopify)
• Email Services: SendGrid (transactional emails)
• Analytics Tools: Google Analytics (usage analytics)

Note: All third-party providers have signed data protection agreements and are KVKK/GDPR compliant.

5.2 Legal Obligations

We may share your data in the following cases:

• Court order or legal request
• Public safety and public order
• Criminal investigation
• Tax audit and financial controls

5.3 Business Transfer

In the event of a merger, acquisition, or asset sale, your data may be transferred. You will be notified in advance.

6. Data Security

6.1 Technical Security Measures

• Encryption: TLS/SSL for data transfer, AES-256 for data storage
• Access Control: Role-based access control (RBAC)
• Two-Factor Authentication (2FA): For account security
• Regular Security Scans: Penetration testing
• Firewall and DDoS Protection
• Automated Backups: Daily data backups

6.2 Organizational Measures

• Employee training and confidentiality agreements
• Least privilege principle
• Data access logs and monitoring
• Incident response plans

7. Data Retention Periods

Data Type	Retention Period
Account information	While account is active + 3 years
Customer data (CRM)	While account is active
Invoice and payment records	10 years (tax regulation requirement)
Communication records	3 years
Log records	1 year
Marketing consent	Until consent is withdrawn

After Account Cancellation: When you cancel your account, your data is retained for 30 days for recovery purposes. After this period, all data is permanently deleted (except legal retention requirements).

8. Cookie Policy

8.1 Types of Cookies We Use

Essential Cookies:

• Session management
• Security verifications
• Preference records

Analytics Cookies:

• Google Analytics (usage statistics)
• Hotjar (user behavior analysis)

You can manage cookie preferences through your browser settings.

9. Your Rights Under KVKK and GDPR

Under Article 11 of KVKK and the GDPR, you have the following rights:

1. Right to Information: Know whether your personal data is being processed
2. Right of Access: Request information about your processed data
3. Right to Rectification: Request correction of inaccurate or incomplete data
4. Right to Erasure: Request deletion of data under certain conditions
5. Right to Object: Object to data processing
6. Data Portability: Request transfer of your data to you or another controller
7. Right Against Automated Decisions: Object to decisions made solely by automated systems

9.1 How to Exercise Your Rights

• Email: [email protected]
• Contact Form: Contact Page

Response Time: Your request will be answered within 30 days.

10. For Shopify Store Users

This app is installed via the Shopify App Store. The app accesses customer name, email, phone number, order details, and shipping information through the Shopify API. This data is used solely for sending WhatsApp notifications and syncing customers to your CRM. Your data is never shared with or sold to third parties. When you uninstall the app, your Shopify webhook subscriptions and API access tokens are automatically revoked. Your CRM data is deleted after 30 days.

11. Data Breach Notification

In the event of a breach compromising personal data security, affected users will be notified via email, and required legal authorities will be notified within 72 hours.

12. Policy Updates

We may update this privacy policy from time to time. Significant changes will be notified via email and announced on the platform.

13. Contact & Complaints

Data Protection Officer:

• Email: [email protected]
• Address: Çekmeköy, İstanbul, Türkiye
• Phone: +90 542 154 43 45