Your trust is the foundation of our engineering.
Where we store your data, who accesses it, which standards we meet, and what we do when you find a vulnerability — all transparent.
Compliance Roadmap
We are in pre-launch; KVKK + GDPR compliance is live, SOC 2 and ISO 27001 are the next milestones.
KVKK LIVE
Turkish PDPL. Data on Türkiye-EU border, DPA provided.
GDPR LIVE
EU data protection. Hetzner Germany data center, Article 28 DPA ready.
SOC 2 Type 1 2026 Q4
Gap analysis complete (score 5.0/10). 90-day hardening + auditor scheduling.
SOC 2 Type 2 2027 Q4
12-month observation window after Type 1.
ISO 27001 2028
Parallel effort after SOC 2 Type 2.
ISO 27701 UNDER REVIEW
Privacy information management — extension of KVKK.
Security engineering
Where we are strong, where we are improving — clearly.
Password hash + 2FA (super admin) + brute force lockout + API scope. SSO PoC (Entra ID), prod-ready 2026 Q3.
Multi-layer backup (master + tenant + integrity + off-site). Restore otomasyon (5 dk). HA cluster 2027 Q1.
Git versioning + RFC süreç + versioned DB migrations + CI lint/test/OpenAPI validate. 2-eyes review zorunluluğu sıradaki.
TLS 1.2+ in transit. AES-256 at-rest (PDKS credentials). Column-level PII encrypt 2026 Q3.
Structured logger (JSON) + Sentry + audit log + cron monitor + health.php. SIEM (Datadog/Splunk) sıradaki.
Hetzner + Groq + Sentry + iyzico. Formal vendor register + DPA inventory 2026 Q3.
Downloadable resources
For compliance / vendor risk teams answering a security questionnaire.
Architecture and data location
Where your data lives and how it is protected.
Within EU borders under GDPR. Türkiye DC option on the Enterprise plan.
Each customer has its own MySQL DB. Cross-tenant reads are technically impossible.
Daily full backup + weekly integrity check + offsite GPG AES256.
Single-tenant restore: ~5 minutes (automated). Master DB restore: ~30 minutes.
Have a compliance or security questionnaire?
48-hour response for vendor risk assessments.
Get in touch →