Legal & Security Center
Kiryon is built for service operations where customer data matters. This page summarizes our membership, usage, delivery, privacy, and KVKK principles in a clear, user-friendly format.
Transparent by design
Our goal is to protect your business with clear rules, strong security practices, and data rights that put users first. Enterprise customers can request additional legal and security addendums.
This content is a high-level summary; detailed terms, data processing addendums, and privacy policies apply where relevant.
Key Commitments
- The service is delivered digitally; no physical delivery.
- You retain data ownership and control.
- Access is protected with role-based permissions.
- Data export and deletion requests are supported.
- Payment details are not stored on the platform.
- Material changes are communicated in advance.
- Privacy and security are built into our operations.
Enterprise Security Approach
Kiryon aligns with enterprise security expectations through process discipline and technical controls. The focus is to minimize access, ensure traceability, and maintain service continuity.
- Encrypted data in transit (TLS).
- Role-based access, auditing, and activity logs.
- Backup and recovery processes for continuity.
- Data retention and deletion policies across the lifecycle.
Confidentiality
Data is processed with purpose limitation and minimal access.
Integrity
Records are protected against unauthorized change and inconsistencies.
Availability
Backups and recovery plans support uninterrupted service.
Technical and Organizational Controls
Kiryon applies layered security practices to protect critical data. Controls cover authentication, access management, monitoring, and operational security.
Data Lifecycle
Data follows consistent rules across collection, processing, storage, backup, and deletion. You stay in control through KVKK-aligned request flows.
Collection
Only the minimum data required to deliver the service is collected.
Processing
Data is processed within its defined purpose by authorized roles.
Storage
Data is stored in secure environments with access logging.
Deletion
Deletion/anonymization is available upon request.
Membership Agreement (Summary)
Access, usage rights, and responsibilities are summarized here alongside account security and service scope. The full agreement is accepted during sign-up.
- Usage rights and responsibilities
- Account security
- Service scope
- Updates and change notices
Delivery & Refund (Digital Service)
Kiryon is a digital service; delivery is fulfilled once access is provided. Cancellation and refunds follow subscription terms.
- Service is provided digitally
- Cancellation/refund follows the agreement
- Payment required to continue after trial
Privacy & Security
Personal data is processed only to deliver the service. Access is limited, and processing activities are designed to be transparent.
- SSL and secure communication
- Role-based authorization
- No card data stored on platform
- Backup and export
- Data minimization and purpose limitation
- Logging and traceable activity history
Privacy Principles
Kiryon follows data minimization, purpose limitation, and transparency. Your data remains yours and under your control.
- Clear data subject rights and request processes.
- Purpose-limited processing and transparent sharing.
- No unnecessary data collection or indefinite retention.
Access and Audit
Sensitive actions are logged and access changes are traceable to ensure accountability.
- Role- and permission-based access control.
- Audit logs for change and access history.
- Session and account security safeguards.
Your KVKK rights
Under KVKK you may submit requests regarding your personal data and limit processing where applicable.
- Access to personal data
- Request correction
- Delete/anonymize
- Object to processing
- Portability
Incident Response
Security incidents are handled with rapid detection, containment, and transparent notification when needed.
- Anomaly detection and incident classification.
- Containment and long-term remediation actions.
- Customer notification with impact mitigation steps.
Business Continuity
Backups, restore processes, and capacity planning are core to service continuity.
- Regular backups and recovery validation.
- Capacity monitoring and scaling practices.
- Operational monitoring for critical services.
Retention and Deletion
Data is retained according to contractual and legal requirements. Deletion/anonymization is available via request.
- Deletion or anonymization upon request.
- Access and export options after contract termination.
- Clear KVKK-aligned request process.
Subprocessors and Transfers
Infrastructure providers and subprocessors are used to deliver the service securely. Sharing is limited by contractual and technical safeguards.
- Data is shared only to provide the service.
- Subprocessors adhere to security and privacy standards.
- A subprocessors list is available upon request.
Enterprise Requests
Enterprise customers can request DPAs, security addendums, audit questionnaires, and contractual adjustments.
- Data Processing Addendum (DPA) support.
- Security questionnaires and compliance documentation.
- Custom SLA and support options.
Contact
Reach us for legal requests.