Privacy Policy

Neophran Software Technologies is the data controller for the processing described below.

Registered address: Söğütözü Mahallesi 2177. Cadde, Ankara, Türkiye. Contact: [email protected]. Telephone: +90 312 285 13 63.

We collect personal data only when you provide it voluntarily, or when it is generated automatically by standard web infrastructure.

• Contact form submissions: name, email, company, message and any attachments you upload.
• Engagement correspondence: emails and documents you share with us during scoping, delivery and support.
• Technical logs: IP address, browser agent, timestamps and pages visited, kept by our hosting and edge providers.
• Cookies: see our separate Cookies Policy for details.

We process personal data for the following purposes only:

• Responding to enquiries and preparing proposals.
• Delivering the services we are engaged for, including project management, source control and deployment.
• Meeting legal, tax and accounting obligations.
• Maintaining the security and integrity of our systems (logs, audit, incident response).

Under the KVKK (Türkiye) and GDPR (EU/EEA), we rely on the following legal bases:

• Your explicit consent, where applicable (for example, when you submit a contact form).
• Performance of a contract, to deliver the services agreed with your organisation.
• Legitimate interests, to operate a secure website and respond to enquiries.
• Legal obligation, to meet tax, accounting and regulatory requirements.

We do not sell personal data to third parties. We share data with service providers who act as data processors under written agreements.

• Cloud infrastructure (AWS, GCP, Azure, Vercel) for hosting and delivery.
• Email providers (Resend, Google Workspace) for transactional and business email.
• Version control and project management (GitHub, Linear, Notion) where you provide access during an engagement.
• Legal, audit and accounting partners where required by law.

Some of our processors operate outside Türkiye or the EU. Where this is the case, we use providers that support contractual safeguards (Standard Contractual Clauses or equivalent) and, where possible, select regions within Türkiye or the EU for storage.

We keep personal data only for as long as necessary for the purposes described, or as required by law.

• Contact form submissions: 24 months from last contact, unless a longer retention is required by an ongoing engagement.
• Engagement correspondence and project artifacts: duration of the engagement plus statutory retention (typically 10 years for accounting-relevant items under Turkish law).
• Technical logs: 12 months by default, shorter where provider defaults are lower.

Under the KVKK (Article 11) and GDPR (Articles 15-22), you have the following rights regarding your personal data:

• To know whether we process your data and, if so, to request access.
• To request correction of inaccurate or incomplete data.
• To request deletion, subject to any legal obligation that requires us to retain it.
• To object to or restrict processing under certain circumstances.
• To receive your data in a structured, machine-readable format (portability).
• To lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Kurumu) or your EU supervisory authority.
• To exercise any of these rights, email [email protected]. We respond within 30 days.

We protect personal data with technical and organisational measures including access controls, encryption in transit, dependency scanning, incident response procedures and staff training.

No system is perfectly secure. If a breach occurs that affects your data, we will notify you and the relevant authorities within the timeframes required by law.

We may update this policy to reflect changes in our services, applicable law or our processor arrangements. The 'last updated' date at the top of this page indicates the most recent revision.

For questions, requests or complaints regarding this policy, contact us at [email protected] or +90 312 285 13 63.