TR | EN
← Home

Privacy Policy

Updated: 2026-05-09

**PRIVACY POLICY** This Privacy Policy describes how **GNC Arge Danışmanlığı ve Yazılım Hizmetleri Sanayi Ticaret Limited Şirketi** (''Shipots'', ''we'', ''the company'') processes personal data of its visitors and users (''you'') regarding the Shipots service. ### 1. Data Controller - **Title:** GNC Arge Danışmanlığı ve Yazılım Hizmetleri Sanayi Ticaret Limited Şirketi - **Address:** Ayazağa Mah. Kemerburgaz Cad. Vadistanbul Park 7C Blok No:7 D, No:15 Sarıyer/İstanbul, Türkiye - **Mersis:** 0396163377100001 - **E-mail:** info@shipots.com - **Support:** destek@shipots.com - **KEP (Registered e-mail, TR):** gncargedanismanligi@hs06.kep.tr - **Phone:** +90 532 557 99 31 ### 2. Data Collected - **Account:** name, company, tax/ID, e-mail, phone, password (hashed) - **Billing:** address, city, country - **Payment:** card data is **not stored on our side**; processed by PayTR. We only receive transaction reference and payment type. - **Usage:** IP, browser, device, visited pages, logs - **Operational:** ship, crew, voyage, finance data entered into the app ### 3. Purposes Service delivery, account management, subscription renewal, payment collection, invoicing, security, fraud prevention, customer support, legal obligations. ### 4. Legal Basis Performance of contract, legal obligation, legitimate interest (KVKK Art. 5); explicit consent for marketing communications. ### 5. Third-Party Sharing - Payment: PayTR (Türkiye) - Hosting: Natro (Türkiye) - SMTP/e-mail: Natro - E-invoice integrator: İŞNET NetteFatura (nettefatura.isnet.net.tr) - **Push notification infrastructure:** Google LLC — Firebase Cloud Messaging (FCM) and Apple Push Notification Service (APNs). Only an anonymous **device token** is shared with these services so your device can receive notifications. Notification content (task title, message text) passes through Apple/Google servers but is used solely to deliver the notification to you. - Public authorities when legally required ### 6. Retention Account data: subscription + 10 years. Logs: min. 2 years (Turkish Law No. 5651). Invoices: 10 years (VUK). ### 7. Security Measures HTTPS (TLS 1.2+), bcrypt password hashing, role-based access control, daily backups, access logs, NDAs with employees. ### 8. Cookies See our [Cookie Policy](/en/legal/cookies). ### 9. Your Rights (KVKK Art. 11) To exercise your rights contact info@shipots.com: information, correction, deletion, objection, portability, opposition to automated processing. ### 10. Mobile Application (Shipots Mobile) - **Camera permission:** Used only for QR code scanning (workplace check-in/out, equipment identification). Camera images are **never transmitted off-device or stored on the server**; they are processed on-device only for decoding. - **Internet permission:** Required for data synchronization with the Shipots server. - **Notification permission:** Requested to send push notifications about assigned tasks and important system events. If denied, the app continues to work; you simply will not receive push notifications. - **Device notification token (FCM token):** An anonymous device identifier produced by Google FCM is stored on our servers so we can target push notifications to your device; it is removed when you sign out. The token does not contain personal identifiers; it is only used to address notifications. - **SecureStorage:** Your authentication token (JWT) is kept in the OS encrypted keystore on the device. - **Device model and app version:** Stored when you contact support to help us diagnose issues quickly. - **Not collected:** Location, contacts, microphone, SMS, health data or file system access are **not used**. The advertising identifier (IDFA / AAID) is **not collected**. ### 11. Children's Privacy Shipots is **not directed at children under 13**. We do not knowingly collect personal data from users under 13. If you believe a child's data has been processed, contact info@shipots.com — any such records will be deleted within 30 days. ### 12. Account and Data Deletion To request deletion of your account and associated personal data: 1. Use **Settings → Delete My Account** in the mobile app or web panel, or 2. Send a request from your registered e-mail to **info@shipots.com** or **destek@shipots.com**. Requests are completed **within 30 days**. Records subject to legal retention (Turkish Commercial Code, Tax Procedure Law, Law No. 5651) are retained for the required period; all other personal data are deleted or anonymized. ### 13. Changes This policy may be updated; the current version is always posted on this page. Last update: 9 May 2026