Privacy
Policy

As Framedeep ("we", "our" or "the company"), we absolute respect the privacy of all individual and corporate customers who visit our website and benefit from our services (software development, digital design, consultancy services, etc.).

This Privacy Policy covers personal and corporate data processing operations in accordance with international standards (including GDPR), especially the Law on Protection of Personal Data No. 6698 ("KVKK"). We code your commercial secret projects; therefore, privacy is not just a procedure but the cornerstone of our business model.

As a technology studio, we collect the following data for the healthy functioning of our service process:

Identity & Corporate Information: Name, surname, title, company name, tax/company registration numbers, social profile links.

Contact Information: Corporate and personal email addresses, phone (including WhatsApp/Telegram), company headquarters and billing addresses.

Project & Architectural Data: Contact forms, project briefs (documents, PDFs, etc.), source code (if provided), API keys, server access information, and meeting/briefing notes.

Transaction & Financial Data: Payment history for technology services (We do not store credit card info, processed via certified providers like Stripe).

Technical and Traffic Data: IP address, access date/time, device type/OS, browser type, and security logs.

In the software architectures or digital projects we develop, your data cannot be sold, rented, or marketed as a commercial commodity. It is processed for the following limited purposes:

To prepare and execute service or product contracts (web platform, custom software, AI integration, etc.).

To provide technical support (SLA), resolve software bugs in applications or infrastructure.

To detect in-service security breaches and perform cyber attack (DDoS, SQL Injection, etc.) analysis.

To create evidence in legal disputes if requested by legal authorities.

To carry out billing, accounting, and tax processes in accordance with the law.

In software processes, our company may come into contact with customer-specific API keys (Amazon AWS, Google Cloud, OpenAI API, etc.), database dumps, and commercial algorithms.

It should be clearly stated that; all work you do with Framedeep is under the protection of a "Non-Disclosure Agreement" (NDA) as standard. Your source code cannot be open-sourced or sold as a direct "clone" to different industrial projects without your permission. All passwords you share with us for software development are stored in temporary .env files and are securely deleted from our systems after development.

As Framedeep, we utilize state-of-the-art AI tools (Claude 3.5, OpenAI Whisper, GPT-4, etc.) while building our digital ecosystems. However, "sensitive business rules" and "personal customer data" containing your private project logic are definitely not uploaded unsupervised to external endpoints as general-purpose AI model training data.

In our AI-supported operations, care is taken to process your company/project data in isolation through Enterprise-level models that provide the Zero Data Retention rule. Your private commercial secrets cannot be used for model training.

Due to the nature of being a global agency, your data may be transferred to reliable service providers based abroad but compatible with GDPR/KVKK:

Code and Server Storage: Vercel, AWS (Amazon Web Services), Digital Ocean, GitHub and GitLab.

Database Services: Supabase, MongoDB Atlas, PostgreSQL service providers (Provided they are kept encrypted).

Communication, CRM & Analysis: Slack, Linear, Google Analytics 4, Notion, PostHog.

Your data is not shared with any 3rd party for advertising/targeting purposes other than the sustainability of our company activities.

We use Heatmap, cookie, and local storage technologies to detect performance bottlenecks of our website and to understand UI/UX metrics. Data is processed by performing identity masking (anonymization). You can block cookies from your browser's privacy settings at any time.

As industrial-grade software engineers, we prioritize security. In order to prevent unauthorized access or leakage of your data;

We implement dynamic data encryption (AES-256 etc.), SSL Certifications (TLS 1.2+), server panels using Two-Factor Authentication (2FA/MFA) and regular pentest audits. Access of company employees or affiliated developers to customers' critical db rows is restricted.

As the relevant party, in accordance with KVKK provisions;

Learning the purposes of use of your personal data and requesting a detailed document (Data Subject Access Request),

Requesting the correction of incorrect or incomplete data,

Requesting the withdrawal / destruction of design or content materials sent via contact form ("Right to Erasure / To be Forgotten"),

Requesting the compensation of damage in case of unlawful processing of your personal data.

Your data is protected until the end of legal book-keeping periods from project delivery, and when this period is completed, it is destroyed irreversibly. For questions regarding this Privacy Policy, your contract requests, or to seek your rights, you can reach us immediately through our official channel: