Privacy Policy

At BackupSec, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, contact channels, and services.

BackupSec serves customers in Turkey, across Europe, and globally. This policy is intended to explain our data practices consistently for customers, prospects, and website visitors across those regions.

Product deployment note: BackupSec is designed for on-prem deployment. Your backup data, telemetry, metadata, and infrastructure configuration remain inside your environment during normal product operation and are not transmitted to BackupSec or third parties unless you explicitly choose to share limited materials for support or evaluation.

This policy complies with:

• General Data Protection Regulation (GDPR)
• Turkish Personal Data Protection Law (KVKK/6698 sayılı Kişisel Verilerin Korunması Kanunu)
• Other applicable data protection laws and regulations

1. Data Controller

BackupSec acts as the data controller for personal data collected through our website, contact channels, and any materials voluntarily shared with us for evaluation or support. For questions about this policy or your data, contact us at:

• Email: contact@backupsec.com
• Contact Form: backupsec.com/#cta

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, job title
• Contact Information: Information submitted through contact forms or support requests
• Billing Information: Payment details and billing address, if commercial arrangements require them
• Optional Support Information: Environment details, screenshots, logs, or configuration notes that you explicitly choose to share during evaluation, onboarding, or support

2.2 Information We Collect Automatically

• Website Usage Data: Visits, page views, and referral information related to our public website
• Device Information: Browser type, operating system, and approximate technical identifiers generated during website access
• Analytics Data: Anonymous aggregate statistics via CloudFlare Web Analytics (no cookies, no personal tracking)

2.3 Backup Environment Data

BackupSec does not collect backup job data, telemetry, configuration data, audit logs, or the underlying protected content from your production environment during normal operation. The product runs on-prem inside your environment.

Important: We do NOT access, store, or process your actual backup data, backup metadata, telemetry, or infrastructure configuration unless you explicitly provide limited materials to us for troubleshooting, support, or evaluation.

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 Service Delivery

• Respond to demo, sales, and support requests
• Deliver ZeroMon and ZeroTAM services for on-prem deployments
• Review information you explicitly choose to share for troubleshooting or advisory work
• Provide technical support and troubleshooting

3.2 Communication

• Send service notifications and alerts
• Respond to inquiries and support requests
• Provide product updates and important notices
• Send marketing communications (with your consent)

3.3 Service Improvement

• Analyze public website usage patterns to improve our site and messaging
• Develop new features and functionality
• Conduct research based on feedback, support requests, and voluntary customer input

3.4 Legal and Security

• Comply with legal obligations
• Detect and prevent fraud or abuse
• Protect our rights and property
• Ensure platform security

4. Legal Basis for Processing (GDPR/KVKK)

We process your personal data based on:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Service improvement, security, fraud prevention
• Legal Obligation: Compliance with laws and regulations
• Consent: Marketing communications, optional features (you may withdraw consent at any time)

5. Data Sharing and Disclosure

5.1 Service Providers

We use trusted third-party service providers for limited website and business operations. These providers do not receive your production backup data, telemetry, metadata, or environment configuration as part of normal product operation.

• Website analytics and performance measurement (CloudFlare Web Analytics)
• Contact form handling and inbound inquiry routing (Formspree)
• Security and spam prevention for the website contact form (Cloudflare Turnstile)
• Payment processing, if required for commercial transactions

All service providers are contractually bound to protect your data and process it only according to our instructions.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before any such transfer.

5.3 Legal Requirements

We may disclose your data when required by law, court order, or government authority.

5.4 With Your Consent

We may share data for other purposes with your explicit consent.

6. International Data Transfers

BackupSec product data does not leave your on-prem environment during normal operation. However, limited website inquiry, communication, billing, or support data may be processed by third-party providers in different countries or regions, depending on where you are located and which services are used. When cross-border processing occurs, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission and Turkish Data Protection Authority
• Adequacy decisions by relevant authorities
• Other appropriate transfer mechanisms as required by GDPR and KVKK

We apply these safeguards only where cross-border processing is actually involved for website, communication, or administrative workflows.

7. Data Retention

We retain personal data only as long as necessary for legitimate business, legal, or support purposes:

• Contact Form Submissions: Up to 24 months
• Billing Records: As required by applicable law
• Support Tickets and Voluntarily Shared Support Materials: Up to 3 years, unless deleted sooner
• Website Analytics: As retained by the privacy-focused analytics service in aggregated form
• Marketing Data: Until consent is withdrawn

After retention periods expire, we securely delete or anonymize your data.

8. Your Rights

Under GDPR and KVKK, you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for consent-based processing
• Complaint: Lodge a complaint with supervisory authorities (Turkish Data Protection Authority or your local authority)

To exercise your rights, contact us at contact@backupsec.com. We will respond within 30 days.

9. Security

We implement industry-standard security measures to protect the data we actually receive and process:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Access controls and authentication
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response procedures

While we strive to protect website, contact, and support data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Cookies and Tracking Technologies

11.1 Analytics

We use CloudFlare Web Analytics, a privacy-focused analytics service that does NOT use cookies or track individual users. This service collects anonymous aggregate data about:

• Page visits and views
• Geographic location (country-level only)
• Device types and browsers
• Traffic sources (referrers)

CloudFlare Web Analytics is fully GDPR and KVKK compliant. No personal data is collected, and no consent is required.

11.2 Security & Anti-Spam

We use Cloudflare Turnstile on our contact form to prevent spam and abuse. Turnstile may process technical connection and browser integrity signals, such as IP address, user-agent, TLS fingerprint, sitekey, and related interaction data, for security verification purposes.

• Provider: Cloudflare, Inc.
• Purpose: Prevent spam, bot abuse, and malicious form submissions
• Category: Strictly necessary security processing for form operation
• Scope: Public website contact form only

This anti-spam protection applies only to the public website form and is separate from on-prem product operation. For more information, please refer to Cloudflare's Turnstile privacy documentation.

11.3 Managing Cookies

You can manage your browser privacy and security settings at any time. However, blocking strictly necessary security mechanisms or browser storage used by anti-abuse services may prevent you from submitting our contact form. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific websites
• Delete all cookies when you close your browser

12. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to registered users
• Prominent notice on our website
• In-app notification

Where required by law, we will obtain any necessary consent before applying material changes. Otherwise, the updated policy will take effect on the published effective date.

14. Data Protection Contact

For KVKK compliance and data protection inquiries, you can contact us at:

• Email: contact@backupsec.com
• Subject: "Data Protection Inquiry"

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Email: contact@backupsec.com
• Contact Form: backupsec.com/#cta

If a signed customer agreement, order form, or data processing addendum applies to your organization, that document may supplement this policy for the covered relationship.

16. Supervisory Authority

You have the right to lodge a complaint with the relevant data protection authority:

• Turkey: Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu - KVKK)
  Website: www.kvkk.gov.tr
• EU/EEA: Your local data protection authority