At BackupSec, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
This policy complies with:
- General Data Protection Regulation (GDPR)
- Turkish Personal Data Protection Law (KVKK/6698 sayılı Kişisel Verilerin Korunması Kanunu)
- Other applicable data protection laws and regulations
1. Data Controller
BackupSec acts as the data controller for the personal data we collect and process. For questions about this policy or your data, contact us at:
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, job title
- Contact Information: Information submitted through contact forms or support requests
- Billing Information: Payment details, billing address (processed by third-party payment processors)
- Technical Information: Backup environment details, infrastructure configuration (as provided by you)
2.2 Information We Collect Automatically
- Usage Data: Platform interactions, feature usage, session duration
- Device Information: IP address, browser type, operating system, device identifiers
- Analytics Data: Anonymous aggregate statistics via CloudFlare Web Analytics (no cookies, no personal tracking)
2.3 Backup Environment Data
- Monitoring Data: Job status, session results, backup infrastructure metrics
- Configuration Data: System settings, security configurations (metadata only, not actual backup data)
- Audit Logs: Configuration changes, access logs, security events
Important: We do NOT access, store, or process your actual backup data or the data being backed up. We only collect metadata and telemetry from your backup infrastructure.
3. How We Use Your Information
We process your personal data for the following purposes:
3.1 Service Delivery
- Provide ZeroMon monitoring and ZeroTAM advisory services
- Monitor backup infrastructure health and performance
- Generate reports and dashboards
- Provide technical support and troubleshooting
3.2 Communication
- Send service notifications and alerts
- Respond to inquiries and support requests
- Provide product updates and important notices
- Send marketing communications (with your consent)
3.3 Service Improvement
- Analyze usage patterns to improve our services
- Develop new features and functionality
- Conduct research and analytics
3.4 Legal and Security
- Comply with legal obligations
- Detect and prevent fraud or abuse
- Protect our rights and property
- Ensure platform security
4. Legal Basis for Processing (GDPR/KVKK)
We process your personal data based on:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interest: Service improvement, security, fraud prevention
- Legal Obligation: Compliance with laws and regulations
- Consent: Marketing communications, optional features (you may withdraw consent at any time)
5. Data Sharing and Disclosure
5.1 Service Providers
We share data with trusted third-party service providers who assist in:
- Cloud hosting and infrastructure (CloudFlare, AWS, Azure, etc.)
- Payment processing
- Email and communication services (Formspree)
- Analytics and monitoring tools (CloudFlare Web Analytics - privacy-focused, no cookies)
- Security and spam prevention (Google reCAPTCHA)
All service providers are contractually bound to protect your data and process it only according to our instructions.
5.2 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before any such transfer.
5.3 Legal Requirements
We may disclose your data when required by law, court order, or government authority.
5.4 With Your Consent
We may share data for other purposes with your explicit consent.
6. International Data Transfers
Your data may be transferred to and processed in countries outside Turkey and the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission and Turkish Data Protection Authority
- Adequacy decisions by relevant authorities
- Other appropriate transfer mechanisms as required by GDPR and KVKK
We notify the Turkish Data Protection Authority within 5 business days of any cross-border transfers as required by KVKK amendments.
7. Data Retention
We retain your personal data only as long as necessary for:
- Active Accounts: Duration of service plus 1 year
- Billing Records: 10 years (legal requirement)
- Support Tickets: 3 years
- Audit Logs: 1 year
- Marketing Data: Until consent is withdrawn
After retention periods expire, we securely delete or anonymize your data.
8. Your Rights
Under GDPR and KVKK, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Data Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent for consent-based processing
- Complaint: Lodge a complaint with supervisory authorities (Turkish Data Protection Authority or your local authority)
To exercise your rights, contact us at contact@backupsec.com. We will respond within 30 days.
9. Security
We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS/SSL) and at rest (AES-256)
- Access controls and authentication
- Regular security audits and vulnerability assessments
- Employee training on data protection
- Incident response procedures
While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
11. Cookies and Tracking Technologies
11.1 Analytics
We use CloudFlare Web Analytics, a privacy-focused analytics service that does NOT use cookies or track individual users. This service collects anonymous aggregate data about:
- Page visits and views
- Geographic location (country-level only)
- Device types and browsers
- Traffic sources (referrers)
CloudFlare Web Analytics is fully GDPR and KVKK compliant. No personal data is collected, and no consent is required.
11.2 Security & Anti-Spam
We use Google reCAPTCHA on our contact form to prevent spam and abuse. reCAPTCHA may use cookies for security purposes:
- Cookie Name: _GRECAPTCHA
- Duration: 180 days
- Purpose: Prevent spam and malicious form submissions
- Category: Strictly Necessary (required for form operation)
These cookies are classified as "strictly necessary" under GDPR/KVKK and do not require consent as they are essential for the security and operation of our contact form.
11.3 Managing Cookies
You can manage your browser settings to block or delete cookies at any time. However, blocking the reCAPTCHA cookie may prevent you from submitting our contact form. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block all cookies from specific websites
- Delete all cookies when you close your browser
12. Third-Party Links
Our services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to registered users
- Prominent notice on our website
- In-app notification
Continued use of our services after changes constitutes acceptance of the updated policy.
14. Data Protection Contact
For KVKK compliance and data protection inquiries, you can contact us at:
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
16. Supervisory Authority
You have the right to lodge a complaint with the relevant data protection authority:
- Turkey: Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu - KVKK)
Website: www.kvkk.gov.tr
- EU/EEA: Your local data protection authority
Note: This Privacy Policy is provided as a template and should be reviewed by legal counsel to ensure full compliance with your specific business practices, jurisdictions, and applicable laws. Consult with a qualified attorney before publication.