GitSec Privacy Policy

Effective Date: January 15, 2025

GitSec ("we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information. We are compliant with GDPR (EU) and KVKK (Turkey) regulations.

1. Data Collection

We collect the following types of information:

• Personal Data: Name, email address, company name, and billing information (processed via Stripe).
• Repository Data: Repository contents, commit history, and metadata required for backups.
• Usage Data: Login times, API usage logs, and feature interaction metrics.
• Technical Data: IP address, browser type, and device information.

2. How We Use Your Data

• Service Provision: To perform backups, restores, and storage operations.
• Billing: To process payments and send invoices.
• Communication: To send service notifications, security alerts, and support responses.
• Improvement: To analyze usage patterns and improve GitSec features.

3. Data Storage & Security

• Location: You can choose your data residency region: Turkey, EU (Germany/Ireland), or US.
• Encryption: Data is encrypted using AES-256-GCM at rest and TLS 1.3 in transit.
• Retention: We retain your data as long as your subscription is active plus 30 days after cancellation.

4. Data Sharing

We NEVER sell your data. We share data only with trusted third-party processors essential for the Service:

• Stripe: For payment processing.
• AWS / Azure: For encrypted cloud storage (based on your region selection).
• Legal Requirements: We may disclose data if required by law (e.g., court order).

5. User Rights (GDPR & KVKK)

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Deletion: Request the deletion of your account and data ("Right to be Forgotten").
• Portability: Export your data in a machine-readable format.
• Rectification: Correct inaccurate personal data.

To exercise these rights, email privacy@gitsec.io.

6. Cookies

• Essential Cookies: Required for authentication and session management.
• Analytics: Optional cookies (e.g., Google Analytics) to help us understand site usage. You can opt-out via cookie settings.

7. Data Breach Notification

In the event of a data breach, we will notify affected users and relevant authorities within 72 hours of discovery.

8. Turkish Users (KVKK Information)

For users in Turkey, your data is processed in accordance with the Law on Protection of Personal Data No. 6698 (KVKK). GitSec Inc. acts as the Data Controller.

• Contact for KVKK: kvkk@gitsec.io

9. Contact Us

• Privacy Inquiries: privacy@gitsec.io
• Data Protection Officer (DPO): dpo@gitsec.io