Privacy Policy
Last updated: May 2026
1. Who We Are
FromTurk is operated by Istanbul Studio ("we", "us"). For privacy questions: [email protected]. See also our KVKK Disclosure (Turkish data protection).
2. Data We Collect
- Account data: name, business name, email, phone, country, role.
- Trade activity: RFQs sent/received, quotes, messages, supplier interactions.
- Payment data: handled by our payment service provider iyzico Ödeme Hizmetleri A.Ş. (a payment institution licensed by the Banking Regulation and Supervision Agency of Türkiye - BDDK). FromTurk does NOT store full card numbers, CVV, or any sensitive card data; we only retain transaction metadata (order ID, last 4 digits, amount, country, currency, status).
- Usage data: IP address, browser, device, pages visited, timestamps.
- Cookies: see our Cookie Policy.
3. How We Use Data
- Provide and improve the Service
- Process subscriptions and issue invoices
- Facilitate connections between buyers and verified Turkish suppliers
- Send transactional and (with consent) marketing communications
- Detect fraud, abuse, and policy violations
- Comply with legal obligations
4. Legal Basis
We process personal data under: contract performance, legitimate interest, consent (marketing/cookies), and legal obligation.
5. Sharing
We share data with: iyzico (for payment processing, fraud prevention, and BDDK regulatory compliance), hosting and infrastructure providers, analytics providers, email delivery providers, and other suppliers/buyers on the platform when you initiate an RFQ or unlock a supplier profile. We do not sell personal data.
6. International Transfers
Personal data is primarily processed in Türkiye. Data may also be transferred to the EU and the United States through our infrastructure providers. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
7. Retention
Account and transaction data are retained while your account is active and for up to 10 years afterwards for tax, accounting, and audit purposes (as required by Turkish Tax Procedure Law and applicable e-commerce regulations), then deleted or anonymized.
8. Your Rights
Subject to applicable law (GDPR, Turkish Personal Data Protection Law No. 6698 - KVKK), you have the right to access, rectify, delete, restrict, port, or object to processing of your data, and to withdraw consent. Email [email protected]. You may also lodge a complaint with your local data-protection authority (in Türkiye: the Personal Data Protection Authority - KVKK).
9. Security
We use TLS encryption in transit, encryption at rest for sensitive fields, access controls, and routine audits. Payment card data is handled exclusively by iyzico under PCI-DSS compliance and is never accessible to FromTurk staff. No system is 100% secure; please use a strong unique password.
10. Children
The Service is not directed to children under 18 and we do not knowingly collect their data.
11. Changes
We may update this policy and will post changes here with a new "last updated" date.