PRIVACY POLICY

Last updated: April 9, 2026

At Samanlik Agricultural Listing Platform, the security of your personal data is our top priority. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and what your rights are, in accordance with Turkish Law No. 6698 on the Protection of Personal Data (KVKK).

1. Data Controller

TAUST Teknoloji Yazilim ve Danismanlik Hizmetleri (hereinafter referred to as the "Company") is the data controller under Turkish Law No. 6698 (KVKK).

Contact: dev@taustteknoloji.net

2. Personal Data We Collect and Purposes

a) Identity and Contact Information

• Data collected: Full name, email address, phone number.
• Purpose: Account creation, user identity verification, and facilitating communication between users.

b) Listing Content

• Data collected: Uploaded images, equipment descriptions, and technical details.
• Purpose: Maintaining platform functionality and providing listing services.

c) Location Data

• Data collected: GPS location data (only with your explicit permission).
• Purpose: Region-based filtering of listings and displaying them on a map.
• You can use the application without granting location permission. You can revoke this permission at any time through your device settings.

d) Payment Information

• Payment transactions are processed through Iyzico payment infrastructure in compliance with PCI-DSS standards.
• Your credit card information is never stored on the Company's servers; transactions are securely handled directly by Iyzico.

e) Device and Usage Data

• Data collected: Device model, operating system type and version, app version, crash logs, anonymous usage statistics.
• Purpose: Ensuring application stability, detecting errors, and improving user experience.
• This data is collected automatically and is not directly linked to your personal identity.

f) Notification Data

• Data collected: Push notification device token.
• Purpose: Delivering listing updates, message notifications, and platform announcements.
• You can disable notifications at any time through your device settings.

3. Third Parties and International Data Transfers

Your personal data is shared with the following service providers only to the extent necessary for the operation of the service:

• Firebase / Google LLC (USA): Authentication (Firebase Authentication), cloud database (Cloud Firestore), push notifications (Firebase Cloud Messaging), crash reports (Firebase Crashlytics), and anonymous usage analytics (Firebase Analytics).
• Iyzico (Turkey): Secure processing of payment transactions.

International Data Transfer: Within the scope of Firebase services, your personal data may be transferred to Google LLC servers (USA) outside the European Economic Area (EEA). These transfers are carried out in accordance with Google's Standard Contractual Clauses (SCC) and additional security measures, in compliance with Article 9 of the KVKK.

Your personal data will not be shared with any third party other than those listed above, except where required by law (court orders, prosecution requests, etc.).

4. Legal Basis for Data Processing

Your personal data is processed based on the following legal grounds:

• Performance of a contract (KVKK Art. 5/2-c): Account creation, listing placement, payment transactions.
• Legitimate interest (KVKK Art. 5/2-f): Application security, error detection, service improvement.
• Explicit consent: Location data processing.
• Legal obligation (KVKK Art. 5/2-d): Statutory data retention requirements.

5. Data Retention Period

• Your personal data is actively stored for the duration of your membership.
• If you delete your account, your personal data will be permanently deleted from our systems within 30 days.
• Data required to be retained under legal obligations (payment records, invoices, etc.) will be kept for the periods prescribed by applicable legislation and deleted thereafter.
• Anonymized statistical data, which does not qualify as personal data, may be retained indefinitely.

6. Account Deletion and Right to Data Erasure

Account deletion is irreversible. Upon your deletion request:

• Your profile information, listings, and all associated data will be permanently removed.
• Your message history with other users will be anonymized.
• Data subject to legal retention requirements (payment records) will be kept until the end of the applicable retention period, then deleted.

7. Your Rights

Under Article 11 of the KVKK, you have the following rights:

• To learn whether your personal data is being processed,
• To request information about the processing if your data has been processed,
• To learn the purpose of data processing and whether data is used in accordance with its purpose,
• To know the third parties to whom your personal data has been transferred, domestically or abroad,
• To request correction of personal data if it is incomplete or inaccurately processed,
• To request deletion or destruction of personal data under the conditions set forth in Article 7 of the KVKK,
• To request that correction, deletion, and destruction operations be notified to third parties to whom the data has been transferred,
• To object to any result arising against you through the exclusive analysis of processed data via automated systems,
• To claim compensation for damages arising from unlawful processing of your personal data.

You can submit your requests in writing to dev@taustteknoloji.net. Your requests will be responded to free of charge within 30 days at the latest.

8. Data Security

The following technical and administrative measures are implemented to protect your personal data against unauthorized access, loss, alteration, or disclosure:

• TLS/SSL encrypted data transmission,
• Secure authentication via Firebase Authentication,
• Data access control through Firestore security rules,
• Role-based access authorization system,
• Regular security assessments and updates.

9. Cookies and Tracking Technologies

The Samanlik mobile application does not use cookies. Anonymous usage data collected by Firebase Analytics is used solely for improving application performance. No third-party advertising or tracking technology is used.

10. Age Restriction and Children's Privacy

The Samanlik application is intended for users aged 18 and over, as it involves commercial listings and financial transactions.

We do not knowingly collect personal data from individuals under the age of 18. If it is determined that a minor has created an account, the account and all associated personal data will be deleted immediately.

If you become aware that a child has shared personal information, please report it immediately to dev@taustteknoloji.net; appropriate action will be taken as soon as possible.

11. Changes to This Policy

This Privacy Policy may be updated in line with legislative changes or application updates.

• Significant changes will be communicated to users via in-app notifications.
• The current version will always be accessible from within the app and at samanlikapp.com/privacy_policy_en.html.
• Your continued use of the application constitutes acceptance of the updated policy.

12. Contact

If you have any questions, requests, or complaints regarding our privacy policy or the processing of your personal data, you can contact us:

• Email: dev@taustteknoloji.net
• Company: TAUST Teknoloji Yazilim ve Danismanlik Hizmetleri