Security & Trust Center

Enterprise-Grade Security & Compliance

Your data is protected by industry-leading security standards, regular audits, and enterprise compliance certifications.

SOC 2 Type II

Annual audit

ISO 27001

Certified

GDPR

Compliant

KVKK

Compliant

Certifications

Industry-Leading Certifications

Your trust is backed by internationally recognized security standards

SOC 2 Type II

Annual security controls audit

Verified by independent auditors

ISO 27001

Information security management

Internationally recognized standard

GDPR Compliant

EU data protection regulation

Full compliance since 2018

KVKK Compliant

Turkish data protection law

Local data residency available

Additional Security Measures

256-bit SSL encryption

Regular penetration testing

Third-party security audits

Vulnerability management program

24/7 security monitoring

Incident response plan

Security Overview

4 Pillars of Security

Comprehensive protection across every layer

Data Encryption

•256-bit AES encryption
•Data at rest protection
•Data in transit (TLS 1.3)
•Encrypted backups

Access Control

•SSO integration
•Multi-factor authentication
•Role-based permissions
•Session management

Compliance

•SOC 2 Type II certified
•ISO 27001 certified
•GDPR compliant
•KVKK compliant

Monitoring

•24/7 system monitoring
•Real-time threat alerts
•Comprehensive security logs
•Full audit trails

Data Protection

Technical Security Details

Comprehensive encryption and privacy controls

Data Encryption

Data in Transit

TLS 1.3 encryption
Perfect forward secrecy
Certificate pinning
Secure WebSockets

Data at Rest

AES-256 encryption
Encrypted databases
Encrypted file storage
Encrypted backups

Key Management

Hardware security modules (HSM)
Key rotation policies
Separate encryption keys per customer
Secure key storage

Privacy Controls

Data Rights

Right to access your data
Right to deletion (erasure)
Right to data export
Right to rectification

Privacy by Design

Data minimization
Purpose limitation
Storage limitation
Pseudonymization where possible

Third-Party Audits

Annual penetration tests
Vulnerability scans
Security assessments
Compliance audits

Compliance

Regulatory Compliance

We maintain the highest standards of regulatory compliance

SOC 2 Type II

Annual audit of security controls by independent auditors

What it covers:

Security
Availability
Processing integrity
Confidentiality
Privacy

Last audit: December 2025

GDPR Compliance

EU General Data Protection Regulation

What it covers:

Lawful basis for processing
Data subject rights
Data protection by design
Data breach notification
Data processing agreements
International data transfers

ISO 27001

Information security management system (ISMS) certification

What it covers:

Risk assessment
Security policies
Asset management
Access control
Incident management

Certificate: ISO/IEC 27001:2022

KVKK (Turkey)

Turkish Personal Data Protection Law compliance

What it covers:

Data controller registration
Explicit consent mechanisms
Data inventory (VERBIS)
Cross-border transfer rules
Local data residency option

Access Control

Enterprise Authentication

Secure access controls designed for enterprise needs

Single Sign-On (SSO)

Supported:

SAML 2.0OAuth 2.0Azure ADOktaGoogle WorkspaceOneLogin

Benefits:

No password needed
Centralized control
Reduced security risk
Better user experience

Multi-Factor Authentication

Supported:

Authenticator appsSMS verificationEmail verificationHardware tokensBiometric options

Benefits:

Global requirement option
Per-user enforcement
IP-based rules
Conditional access

Role-Based Access Control

Supported:

AdminManagerUserViewerCustom roles

Benefits:

Granular permissions
Feature-level access
Data-level access
Comprehensive audit logs

Additional Security Features

Session timeout controls

IP allowlisting

Activity logging

Password policies

Account lockout protection

Device management

API key management

Infrastructure

Enterprise-Grade Infrastructure

Built on world-class cloud infrastructure for reliability and performance

Cloud Infrastructure

Provider: AWS (Amazon Web Services)
Deployment: Multi-region, auto-scaling
Load Balancing: Global distribution
CDN: CloudFront for fast delivery

Network Security

Isolation: VPC with private subnets
DDoS Protection: AWS Shield enabled
WAF: Web Application Firewall
Segmentation: Network micro-segmentation

Uptime & Reliability

SLA (Enterprise): 99.9% uptime guarantee
SLA (Standard): 99.5% uptime guarantee
Monitoring: 24/7 system monitoring
Failover: Automated failover

Backup & Recovery

Frequency: Hourly automated backups
Retention: 30-day retention period
RTO: 4-hour recovery time
Redundancy: Geographic redundancy

99.9%

Uptime SLA

< 100ms

Global Latency

Geographic Regions

24/7

Monitoring

Infrastructure Certifications

AWS Security Best PracticesISO 27001 Certified InfrastructureSOC 2 Type II CompliantPCI DSS Ready

Security Process

How We Maintain Security

Ongoing commitment to security through regular audits and testing

Continuous

Daily/Weekly

Automated vulnerability scanning
Log monitoring & analysis
Real-time threat detection
Backup verification
Security team review
Patch management

Quarterly

Every 3 Months

Penetration testing
Vulnerability assessments
Security training for team
Policy review & updates
Incident response drills
Access review audit

Annually

Yearly

SOC 2 Type II audit
ISO 27001 recertification
Third-party security review
Disaster recovery test
Business continuity update
Risk assessment review

Additional Security Processes

Vulnerability disclosure program

Bug bounty program

Incident response plan (< 24h notification)

Security awareness training

Code security reviews

Dependency scanning

Secure development lifecycle

Change management process

Data Residency

Choose Your Data Location

Keep your data where your business requires it

🇪🇺

European Union

Data Centers: Frankfurt, Dublin
Compliance: GDPR
Processing: EU only
Data Transfer: Standard contractual clauses

🇺🇸

United States

Data Centers: US East, US West
Compliance: SOC 2, ISO 27001
Processing: US only
Data Transfer: Privacy Shield successor framework

🇹🇷

Turkey

Data Centers: Istanbul
Compliance: KVKK
Processing: Turkey only
Data Transfer: Local data residency required

Need a Different Region?

We can accommodate custom data residency requirements for enterprise customers. Contact our team to discuss your specific needs.

Security Team

Dedicated Security Experts

Our security team is here to help with reviews, questions, and concerns

Our Security Team

Enterprise security expertise

50+ years combined enterprise security experience
Certified security professionals (CISSP, CISM, CEH)
Former security leaders from Fortune 500 companies
24/7 on-call security response team
Dedicated compliance and audit team
Regular security training and certifications

Contact Security

Security Documentation

Download everything you need for your security review

Security Whitepaper

Comprehensive security architecture and practices overview

PDF

Data Processing Agreement

GDPR-compliant DPA template ready for your legal team

PDF

Security Questionnaire

Pre-filled security answers for procurement processes

PDF

Compliance Certificates

SOC 2 Type II and ISO 27001 certificates package

ZIP

Need Additional Documentation?

We can provide custom security documentation, vendor questionnaires, and audit reports for enterprise customers.

Questions About Security?

Our security team is here to help with enterprise security reviews, questionnaires, and technical questions.

SOC 2 Type II certifiedISO 27001 certifiedGDPR & KVKK compliant

Trusted by 500+ enterprises worldwide