1. SSL and Data Transmission Security

2. User Access, Data Sharing and Authorization

• Account Security: No one can access your SmartyData company account and data unless invited by you as a user or administrator.
• Technical Support Authorization: In case of a technical or system malfunction, only authorized SmartyData technical personnel can access the relevant data for the purpose of identifying and resolving the problem, upon your explicit permission or support request given from within your account.
• Log Records: As with standard web servers, log files are kept on the SmartyData platform for security and statistical purposes. These files; Your IP address includes standard technical information such as your internet service provider (ISP), browser characteristics, operating system, entry and exit pages, and transaction times. These records are not used for any purpose other than security audits and performance analysis and do not violate your personal privacy. Sharing with Third Parties: User information is not shared with third parties except for the purpose of making payments, billing, or fulfilling legal obligations. SmartyData is obliged to provide information and documents requested by authorized authorities in accordance with the law within the scope of judicial or administrative investigations. Contact Information: Information such as the user's email address, postal address, and telephone number is used by SmartyData for product delivery, operational notifications, billing, and standard information procedures. Campaign, promotion and new product notifications may also be sent with the user's consent.

3. User Passwords and Account Security

4. Data Backup and Storage

5.Cloud-Based Security Advantages

6. Google API and User Data Policy

SmartyData uses Google Analytics API services to enable our users to analyze and report on their e-commerce performance. In accordance with the Google API Services User Data Policy and Google API Terms of Service, our processes for accessing, using, storing, and sharing Google user data are detailed below:

• 6.1. Data Accessed (Scopes and Data Types): With the user's explicit consent, the following authorization scopes are requested via the Google OAuth2 authorization flow: https://www.googleapis.com/auth/analytics.readonly (Read-only Google Analytics Data) and https://www.googleapis.com/auth/analytics. Within the scope of the integration, the following specific data categories are accessed via Google Analytics 4 (GA4) APIs:
  • E-Commerce Dimensions: Product/item names (itemName), product IDs (itemId), brand (itemBrand), category Items (itemCategory), page paths (pagePath), geographic location information (Country, City), session sources/channels (sessionSource, sessionMedium, sessionCampaignName, sessionPrimaryChannelGroup), device/operating system details (deviceCategory, operatingSystem), and date information.
  • E-Commerce Metrics:Number of product views (itemsViewed), number of products purchased (itemsPurchased), number of items added to cart. (itemsAddedToCart), number of payment initiations/completions (itemsCheckedOut), product revenue (itemRevenue), conversion rates, number of users (totalUsers, activeUsers, newUsers), session metrics (sessions, bounceRate, engagedSessions) and related e-commerce event numbers (eventName: purchase, add_to_cart, remove_from_cart etc.).
• 6.2. Data Usage and Purpose: The accessed Google Analytics data is processed solely to provide the core functionality of the SmartyData platform. This data is used to create dashboards such as user purchase journey analysis on e-commerce sites, performance of traffic acquisition channels, device/demographic-based user behavior reporting, and revenue/activity comparison graphs. Google Analytics data is not processed for any other purpose.
• 6.3. Data Sharing: Reporting and user data obtained through Google Analytics APIs are absolutely not sold, transferred, or shared with third parties, advertising networks, or data brokers for these purposes. Tokens and analytics data are stored encrypted only in the data centers where we receive technical infrastructure services (in our MongoDB infrastructure).
•  6.4. Data Storage and Protection: Google OAuth2 authorization tokens (Access Token, Refresh Token) and synchronized analytics data are stored securely in our highly secure MongoDB database in encrypted form. Token renewal is performed on the server side (Server-to-Server) in offline access mode (access_type: offline) and via secure TLS 1.3 protocols.
• 6.5. Data Storage and Deletion: Synchronized analytics data and authorization tokens are stored as long as the user's Google Analytics integration is active on SmartyData. When the user cancels the integration or closes their SmartyData account, all data and tokens retrieved via Google APIs are permanently deleted from our systems within 30 days. Users can also request the immediate deletion of data by sending an email to info@smartydata.com.

7. Application and Communication

To exercise your rights under the KVKK (Personal Data Protection Law) and to submit an application, you can personally deliver your requests with a wet-signed petition to our address Esentepe Mah. Haberler Sok. No:13 Şişli / İstanbul, send them via notary public, or send them with a secure electronic signature to info@smartydata.com.

This information text has been created within the scope of the legal compliance processes of the SmartyData platform operated by Tekrom Teknoloji A.Ş..