Privacy Policy
At Doğanay Siber Emniyet Teknolojileri ("DSET"), we take our responsibility to protect your privacy seriously. This policy explains what information we collect while you use our services, how we use it and what your rights are.
1. Information We Collect
1.1 Information You Provide Directly
- Contact form: name, email, phone, organization, message content, service selection, urgency
- Service request: device information, damage/fault description, expected outcome
- Contract: billing address, tax number, bank details
- DSET AI chat: chat content (anonymized, session-based)
1.2 Information Collected Automatically
- IP address (anonymized/hashed)
- Browser information (User-Agent) and device type
- Pages visited, time spent
- Referring site (Referrer)
Important: DSET does not use third-party tracking tools such as Google Analytics, Facebook Pixel or similar. Only anonymous access logs are kept on our own server.
1.3 Data Processed During Service (Data Recovery / Digital Forensics)
When you receive a data recovery or digital forensics service, all content on your device technically becomes readable by DSET. This content:
- is accessed only by the authorized personnel performing the operation
- is stored in an encrypted, network-isolated environment
- is destroyed to the DOD 5220.22-M standard after the service is completed
- is never shared with any other customer or third party
- is not examined without a court order (even in digital forensics, only within the requested scope)
2. How We Use Information
- To provide the service you have requested
- To improve service quality
- To fulfil legal obligations (tax, courts)
- To detect security breaches (fail2ban, IP whitelisting)
- To send newsletters / announcements with your explicit consent
3. Information Sharing
Except in the cases below, your information is not shared with any third party:
- Legal obligation (court decision, public prosecutor)
- Your explicit consent (e.g. participation in partner-university training)
- Contracted service providers (accountant, legal advisor) — under a KVKK-compliant agreement
Data is not transferred abroad.
4. Data Security
DSET complies with the standards of its own cybersecurity services:
- Connection encrypted with TLS 1.3 (certificate: Let's Encrypt)
- Database encrypted and accessible from localhost only
- Admin panel: 2FA TOTP, IP whitelist, audit log
- Regular security audits and penetration testing
- Employee training and non-disclosure agreements (NDA)
5. Retention Periods
- Contact form: 2 years
- Service contract: 10 years
- Recovered / examined data: 30-90 days
- Access logs: 12 months
- DSET AI chat log: 30 days
- Newsletter subscription: until you unsubscribe
6. Children's Privacy
DSET services are intended for individuals aged 18 and over. We do not knowingly collect data from users under 18. If we detect children's data we delete it immediately.
7. Policy Changes
We notify you of any significant changes to this policy via the home-page announcement banner and by email (for newsletter subscribers). The current version of the policy is always published on this page.
8. Contact
For privacy questions and complaints: [email protected] or +90 536 662 38 09.