Sosyal KöprüPrivacy Policy

This Privacy Policy describes how Kulga Yazılım ve Telekomünikasyon Limited Şirketi ("Company", "Sosyal Köprü", "we", "our" or "us") collects, uses, shares and protects your personal information when you use our social media management platform. This policy has been prepared in accordance with the Turkish Personal Data Protection Law (KVKK) and the European Union General Data Protection Regulation (GDPR).

By using the Sosyal Köprü platform or creating an account, you agree to the practices described in this Privacy Policy. Please read this document carefully.

1. DATA CONTROLLER AND CONTACT INFORMATION

Under this Privacy Policy, Kulga Yazılım ve Telekomünikasyon Limited Şirketiis responsible for processing your personal data.

2. ABOUT OUR PLATFORM

Sosyal Köprü is a B2B SaaS (Software as a Service) platform that enables businesses to manage their social media accounts from a single location. Through our platform, you can share content, schedule posts, and track analytics on social media platforms such as Instagram, Facebook, LinkedIn, X (Twitter), YouTube and TikTok.

3. PERSONAL DATA WE COLLECT

To provide our services, we may collect your personal data in the following categories:

3.1. Identity and Contact Data

• First and last name
• Email address
• Phone number (optional)
• Password information (in encrypted format)
• Profile picture (optional)

3.2. Company and Billing Information

• Company/institution name
• Tax number
• Tax office information
• Company address
• City and country information
• Billing information

3.3. Social Media Account Information

• Connected social media platforms (Instagram, Facebook, LinkedIn, X, YouTube, TikTok)
• Account IDs and usernames
• API access tokens (in encrypted format)
• Account type information (personal, business, etc.)
• Follower counts and account statistics
• Avatar/profile picture URLs

3.4. Content and Media Data

• Content created through our platform
• Uploaded media files (images, videos)
• Hashtag and mention information
• Content templates
• Scheduled posts and calendar data

3.5. Technical and Device Information

• IP address
• Browser type and version
• Operating system information
• Device type and unique identifiers
• Session information and access times
• Data collected through cookies

3.6. Payment and Transaction Information

• Payment method information (via Iyzico integration)
• Transaction history and billing records
• Subscription plan information
• Accounting data via Parasut integration

3.7. Usage and Analytics Data

• Platform usage statistics
• Monthly post counts
• Social media performance data
• Feature usage reports
• Support requests and communication records

4. PURPOSES OF PROCESSING PERSONAL DATA

We process your personal data for the following purposes:

1. Service Provision: To provide and improve our social media management platform services
2. Account Management: To create, verify and manage your user account
3. Social Media Integration: To establish secure connections with Instagram, Facebook, LinkedIn, X, YouTube and TikTok platforms
4. Content Management: To perform content creation, editing, scheduling and sharing operations
5. Payment Processing: To process secure payments via Iyzico integration
6. Billing: To manage e-invoice and accounting operations via Parasut integration
7. Customer Support: To provide technical support and resolve customer issues
8. Security: To ensure platform security and prevent abuse
9. Analytics and Reporting: To provide usage statistics and performance reports
10. Communication: To send important updates, security alerts and service notifications
11. Legal Obligations: To comply with Turkish Republic and European Union laws
12. Research and Development: To conduct analysis and development studies to improve service quality

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

We process your personal data based on the following legal grounds under Article 5 of KVKK and Article 6 of GDPR:

5.1. Performance of Contract (KVKK Art.5/2-c, GDPR Art.6/1-b)

Data processing activities necessary for the establishment and performance of the service contract are covered under this basis.

5.2. Consent (KVKK Art.5/1, GDPR Art.6/1-a)

We process data based on your explicit consent for marketing communications, preference-based features and optional services.

5.3. Legitimate Interest (KVKK Art.5/2-f, GDPR Art.6/1-f)

We process data for our legitimate business interests such as platform security, service development, analytics and customer satisfaction.

5.4. Legal Obligation (KVKK Art.5/2-b, GDPR Art.6/1-c)

We process data to fulfill our legal obligations stipulated by Turkish Republic and European Union laws.

6. SHARING AND TRANSFER OF PERSONAL DATA

We may share your personal data in the following situations and with the following persons/institutions on a limited basis:

6.1. Technology Partners and Service Providers

• Supabase: Database services and data storage
• Vercel: Web hosting and application deployment services
• Iyzico: Secure payment processing services
• Parasut: E-invoice and accounting services
• Cloudflare R2 Storage: Secure storage of media files and user content
• CDN Providers: Content delivery network services

6.2. Social Media Platforms

We share necessary data with the following platforms within the scope of API integrations:

• Meta (Facebook, Instagram): Content sharing and analytics data
• LinkedIn: Professional network content management
• X (Twitter): Tweet and media sharing
• Google (YouTube): Video content management
• TikTok: Short video content sharing

6.3. Legal Obligations

We may share data with legal authorities in the following situations:

• Court orders and legal requests
• Personal Data Protection Authority requests
• Tax office and financial advisory obligations
• Cybersecurity and crime prevention activities

6.4. Business Transfers

In case of company merger, sale, restructuring or bankruptcy, your personal data may be transferred as part of the transaction.

7. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to countries outside Turkey for the provision of our service:

7.1. Transfers within the European Union

Data transfers to countries with adequacy decisions under GDPR may be performed.

7.2. Third Country Transfers

For transfers to the US and other third countries:

• Standard Contractual Clauses (SCCs) are used
• Data Processing Agreements (DPAs) are signed
• Appropriate security measures are taken
• Compliance with KVKK and GDPR provisions is ensured

8. DATA SECURITY AND PROTECTION MEASURES

8.1. Technical Security Measures

• Encryption: All data is encrypted with AES-256 standard
• SSL/TLS: Data transmission is protected with HTTPS protocol
• Access Control: Multi-factor authentication system
• Firewall: Advanced firewall and DDoS protection
• Regular Backup: Automatic and encrypted backup system with Cloudflare R2 Storage geographic redundancy
• Security Monitoring: 24/7 security monitoring and log analysis

8.2. Organizational Security Measures

• Staff training and awareness programs
• Security policies and procedures
• Regular security audits
• Incident response plans
• Data minimization principles

8.3. Data Storage Locations and Infrastructure

Your data is stored in secure data centers and cloud infrastructure:

• Primary Servers: Turkey and European data centers (Supabase infrastructure)
• Media Storage: Cloudflare R2 Storage global network for fast and secure access
• Backup Servers: Automatic backup in geographically distributed locations
• CDN Network: Global content delivery network for optimized access
• Security Certifications: ISO 27001, SOC 2 certified data centers
• Data Replication: Multi-region redundancy with 99.999% durability

8.4. Data Retention Periods

We retain your personal data for the following periods:

• Active Account Data: For the duration the account is active
• Billing Records: 10 years as required by tax legislation
• Communication Records: 3 years
• Log Records: 1 year
• Marketing Consents: Until consent is withdrawn

9. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies on our platform to improve user experience and optimize our services. For detailed information, please review ourCookie Policy.

10. DATA SUBJECT RIGHTS (KVKK AND GDPR)

Under Article 11 of KVKK and Articles 15-22 of GDPR, you have the following rights:

10.1. Fundamental Rights

1. Right to Information: To learn whether your personal data is being processed
2. Right of Access: To request information about your processed data
3. Right to Rectification: To request correction of incomplete or incorrect data
4. Right to Erasure: To request deletion or destruction of your data
5. Right to Object: To object to specific processing activities
6. Right to Data Portability: To receive your data in a structured format
7. Right to Restriction: To request limitation of data processing

10.2. Exercising Your Rights

To exercise your data subject rights, you can:

• Send an email to privacy@sosyalkopru.com
• Use the "Account Settings" section within the platform
• You must submit your application with identity verification documents

We will respond to your applications within a maximum of 30 daysfree of charge. The response time may be extended up to 60 days depending on the complexity of the request.

11. DATA BREACH NOTIFICATION

In case of a personal data security breach:

• KVKK: We notify the Personal Data Protection Authority within 72 hoursfrom the moment we become aware of the breach
• GDPR: We notify the relevant Supervisory Authority within 72 hoursfrom learning of the breach
• Data subjects are also informed in high-risk situations
• Necessary security measures are taken immediately

12. CHILDREN'S PRIVACY

The Sosyal Köprü platform is not designed for individuals under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we accidentally discover that we have collected information belonging to a child under 18, we immediately delete this information.

For users under 16, parental/guardian consent is required under GDPR.

13. POLICY CHANGES

We may update this Privacy Policy from time to time. Regarding significant changes:

• We will send email notifications
• We will publish prominent announcements on the platform
• We will announce significant changes at least 30 days in advance

You can always access the current version through the platform.

14. COMPLAINT RIGHTS

For complaints regarding personal data processing:

14.1. For Turkey

• Personal Data Protection Authority
• Web: kvkk.gov.tr
• Application system: VERBİS

14.2. For European Union

• Data Protection Authority of your country of residence
• European Data Protection Board (EDPB) website

15. CONTACT

For questions about this Privacy Policy or our personal data processing practices: