PRIVACY POLICY AND KVKK CLARIFICATION TEXT

1. IDENTITY OF THE DATA CONTROLLER

In accordance with the Law on the Protection of Personal Data ("KVKK"), Simur Teknoloji Anonim Şirketi ("Simur Teknoloji" or "Company") acts as the data controller. This clarification text explains how the personal data of individuals ("User") using the KAF-AI (https://kaf.simur.org) platform is processed and protected.

2. YOUR PROCESSED PERSONAL DATA AND PURPOSES OF PROCESSING

Our Company processes the following data during your use of the platform for the relevant purposes:

  • Identity and Contact Data: Name, surname, email address, phone number, and corporate company information; processed for the purposes of account creation, invoicing (via systems such as Paraşüt), and communicating with you.
  • Financial Data: Credit card information used for purchases on the platform is not stored by our Company. This data is transmitted directly to the BDDK-licensed Moka payment infrastructure. Our Company only processes the payment success status and masked card information for invoicing and dispute management purposes.
  • Transaction Security Data: IP address, log records, login/logout dates/times; processed to fulfill legal obligations (Law No. 5651) and to ensure system security.
  • Third-Party API Data: Your SEO performance data retrieved from Google Search Console, WordPress, and other integrations that you connect by providing consent for the performance of KAF-AI services, are processed solely to provide you with analysis and automation services and are not used for any other purpose.

3. COOKIES AND ANALYTIC TOOLS

First and third-party cookies are used to improve our platform and analyze visitor behavior. Analytical tools such as Google Analytics, Yandex Metrica, and Meta (Facebook) Pixel for advertising/remarketing processes may be used on our site. You can manage your cookie preferences through your browser settings.

4. TRANSFER OF PERSONAL DATA AND INTERNATIONAL CONNECTION

Your personal data may be transferred within the scope of legal obligations and service performance to:

  • E-invoice integrators (e.g., Paraşüt) for invoicing processes,
  • Licensed payment institutions (e.g., Moka) for payment processes,
  • Electronic communication service providers for notification processes,
  • Overseas-based cloud server and hosting service providers with data security standards, due to the platform's infrastructure needs.

5. RETENTION PERIOD AND PROTECTION OF PERSONAL DATA

Your personal data is stored for the periods specified in the relevant legislation (e.g., 3 years for contract records, 5 years for financial records) and is deleted or anonymized at the end of these periods. Our Company takes technical and administrative measures, such as SSL certificates, data encryption, and access authorization, to ensure the security of your data.

6. RIGHTS OF THE DATA SUBJECT (KVKK ARTICLE 11)

Within the scope of Article 11 of the KVKK, you have the right to learn whether your data is being processed, to know whether it is used in accordance with its purpose, to request the correction of incomplete/incorrectly processed data, and to request its deletion when legal conditions arise. You can submit your applications to us via the [email protected] address.