Privacy Policy

Last updated: 2026-05-12

This Privacy Policy explains how Talya Global Lojistik Hizmetleri ("we", "us", "our") collects, uses, stores and shares personal data when you use ShipScanner (the "Service"). We comply with the Turkish Personal Data Protection Law (KVKK) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data we collect

We collect only the data we need to operate the Service:

  • Account data: name, work email, company (optional), hashed password.
  • Verification data: phone number (Free tier only, used to deter abuse).
  • Billing data: billing address, plan, Stripe customer ID. Full card numbers are never stored on our servers — they live with Stripe.
  • Usage data: the queries you run (origin/destination pairs, container numbers you track), timestamps, the plan tier they were charged against. Used to compute quota and improve the product.
  • Technical data: IP address, browser user-agent, language, the page that referred you to us. Used for security, abuse prevention and aggregate analytics.
  • Communications: support tickets, feedback you submit through the in-app composer, your replies to system emails.

2. Why we collect it (legal basis)

  • Contract: to provide the Service you signed up for (account, billing, schedule/tracking queries).
  • Legitimate interests: security monitoring, fraud and abuse prevention, product analytics, customer support.
  • Consent: optional marketing emails (we ask once, opt-out is one click in every email footer).
  • Legal obligation: tax records, financial reporting, responding to court orders or regulatory requests.

3. How long we keep it

  • Account data: for the life of your account, then deleted within 30 days of account closure (or anonymised if needed for legal record-keeping).
  • Billing records: 10 years, as required by Turkish tax law (VUK).
  • Usage and access logs: 12 months rolling, then aggregated and personal identifiers removed.
  • Marketing consent: until you unsubscribe.

4. Who we share it with

We do not sell personal data. We share it only with the following categories of processors, each bound by a written Data Processing Agreement:

  • Stripe — payment processing.
  • Vercel — hosting and edge delivery.
  • Kolaybase — application database (located in EU/Türkiye region).
  • Email delivery providers — transactional email (sign-up confirmation, password reset, billing receipts).
  • Logistics data partners — when you submit a query, the origin/destination pair and date are sent to the relevant carrier feed to retrieve schedules. The query is not associated with your account identifier in those onward requests.
  • Authorities — only when compelled by a valid legal order, and only to the minimum extent required.

5. International transfers

Some of our processors operate outside Türkiye and the EEA (notably Stripe in the US). Such transfers rely on the European Commission's Standard Contractual Clauses or equivalent KVKK-approved mechanisms. The carriers we query operate globally; their data residency is governed by their own policies.

6. Your rights

Subject to KVKK / GDPR you may request:

  • Access to the personal data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion of your data ("right to be forgotten") subject to legal retention obligations.
  • Restriction or objection to certain processing activities.
  • Data portability — a machine-readable export of the data you supplied.
  • Withdrawal of consent for activities that rely on consent (e.g. marketing).

Send requests to info@talyasmart.com. We aim to respond within 30 calendar days.

7. Security

Passwords are hashed with industry-standard algorithms. Data in transit is protected by TLS 1.2+. Database access is gated by role-based authorisation and audited. Sensitive operator actions (admin role changes, plan overrides) are logged to an immutable audit log. We do not promise an impenetrable system — no online service can — but we work to make a breach unlikely and its impact small.

8. Cookies

See our Cookie Policy for the cookies we set, what they store and how to opt out.

9. Children

The Service is not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a minor has signed up, contact us and we will delete the account.

10. Changes to this Policy

We will announce material changes by email and a prominent in-app banner at least 14 days before they take effect. The "Last updated" date at the top reflects the current version.

11. Contact and complaints

Privacy questions: info@talyasmart.com. Other support: info@talyasmart.com.

If you are not satisfied with our response you have the right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Kurumu, kvkk.gov.tr) or, where applicable, your national EU data protection authority.

This Privacy Policy is a plain-language description of our data practices. It is not legal advice — for advice tailored to your situation consult a qualified attorney.