Privacy & KVKK

Privacy Policy

This document explains how personal data collected through the RTMPlatform website is processed by GrowthPulse Analitik Çözümler Ltd. Şti., the legal entity behind the product.

Version: 2.0Effective date: 19 November 2025Last updated: 19 November 2025
Contents

1. Data Controller

RTMPlatform is a product operated by GrowthPulse Analitik Çözümler Yazılım ve Yönetim Danışmanlığı Ltd. Şti., the legal data controller under Turkey's KVKK (Law No. 6698 on the Protection of Personal Data).

Controller Details:

  • Legal name: GrowthPulse Analitik Çözümler Yazılım ve Yönetim Danışmanlığı Ltd. Şti.
  • Address: Yenişehir Mah. Ankara Cad. No:403/1, 34912 Pendik/İstanbul, Türkiye
  • Phone: +90 (216) 218 00 90
  • Mersis No: 0411115787200001
  • General email: info@growthpulse.com.tr
  • Website: www.growthpulse.com.tr
  • KVKK Officer: Cemil Bilgiç
  • KVKK contact: kvkk@growthpulse.com.tr

2. Data Collection and Processing Purposes

We collect personal data through the following channels on the RTMPlatform website:

Contact Form

Data collected

  • Name and surname
  • Work email address
  • Phone number (optional)
  • Company/organization name
  • Role or job title
  • Message content
  • IP address and cookie identifiers

Purpose

  • Establishing initial contact
  • Evaluating service requests
  • Preparing responses and proposals
  • Following up with interested parties

Retention: Form submission date + 2 years

Demo Request Form

Data collected

  • Name and surname
  • Work email address
  • Company name
  • Role or job title
  • Company size
  • Country
  • Modules of interest
  • Free-text message
  • Consent status
  • IP address and cookie identifiers

Purpose

  • Scheduling personalized product demos
  • Evaluating fit between the platform and the requester's operation
  • Preparing scope and pricing proposals
  • Statistical analysis of inquiry patterns

Retention: Form submission date + 2 years (for qualified leads, retention may extend until the sales relationship ends + 3 years)

Email Communication

Data collected

  • Email address
  • Name and title
  • Email body and attachments
  • Send and receive timestamps
  • Email open and click tracking (where enabled)

Purpose

  • Formal communication and information exchange
  • Proposal and contract delivery
  • Project coordination
  • Invoicing and payment notifications
  • Newsletter delivery (with separate consent)

Retention: Last communication + 3 years (commercial records kept for 10 years per Turkish Commercial Code)

Note on future communication channels: If we add WhatsApp, phone support, or call recording in the future, this policy will be updated with a clear notice. You will be re-informed and asked for fresh consent where legally required.

3. AI-Assisted Data Processing

We use AI systems to improve response quality and internal operations. These systems process data submitted through our forms.

AI Systems Used

  • OpenAI GPT (language model, response drafting)
  • Google Gemini (language model, classification)
  • Standard OCR tools (if invoice or document uploads are added later)

Scope of AI Processing

  • Contact form and demo form message content
  • Inquiry classification and intent analysis
  • Sentiment analysis for quality measurement
  • Summary generation for internal handoff

Safeguards

  • Personal data is anonymized before AI processing where feasible
  • We only use AI providers under contracts with appropriate data processing terms
  • AI provider retention and model-training policies are reviewed at the time of integration; we prefer providers that do not use our data for model training
  • All data transfers to AI providers occur over encrypted connections (TLS/SSL)
  • Credit card numbers, passwords, national ID numbers, and health data are never sent to AI providers

4. International Data Transfer

To provide our services, some personal data is transferred outside Turkey to the following regions:

  • United States (OpenAI, Google)
  • European Union (Google Cloud, Microsoft Azure West Europe)

Data collected

  • Form submission content
  • Email content processed by AI
  • Contact metadata

Transfers are made under KVKK Article 9 on the basis of the data subject's explicit consent, and via Data Processing Agreements aligned with GDPR Standard Contractual Clauses (SCC) where applicable. For US providers, the EU-US Data Privacy Framework applies where adhered to by the provider.

All transfers occur over encrypted channels. Recipients are bound by contractual commitments not to sub-transfer data or use it for unauthorized purposes.

If you do not consent to international data transfer, certain AI-assisted features of our response process may be limited. You may still contact us via email at kvkk@growthpulse.com.tr to request alternative handling.

6. Data Retention Periods

We retain personal data only for as long as necessary for the purposes described above or as required by law.

Data collectedRetentionPurpose
Demo request form dataSubmission date + 2 yearsExplicit consent
Contact form dataSubmission date + 2 yearsExplicit consent
Active customer dataContract duration + 3 yearsContract, legitimate interest
Email correspondenceLast email + 3 yearsConsent, contract
Commercial documentsIssue date + 10 yearsTurkish Commercial Code Art. 82
Financial documents (invoices, etc.)Issue date + 10 yearsTax Procedure Code Art. 253
AI processing logs30 days after processingTechnical necessity

After the retention period, data is securely destroyed. Backup systems are also purged on a mandated schedule. Destruction is logged, and you may request confirmation.

7. Your Rights as a Data Subject (KVKK Art. 11)

Under KVKK Article 11, you have the following rights regarding your personal data:

Right to Information

Learn whether your personal data is being processed, for what purpose, whether it has been transferred internationally, which systems (including AI) use it, and how long it is kept.

Right to Rectification

Request correction of inaccurate data or completion of incomplete data. Rectification is free and processed within 30 days.

Right to Erasure

Request deletion or anonymization of your data when processing purpose no longer applies, retention period has ended, or consent has been withdrawn (subject to legal retention obligations).

Right to Object

Object to automated profiling, marketing activities, AI-based processing, or international data transfer. Processing will stop where no overriding legal obligation exists.

Right to Compensation

Claim compensation for damages resulting from KVKK-violating processing, and file a complaint with the Turkish Personal Data Protection Authority (KVKK).

8. How to Submit a Request

You can exercise your rights by submitting a request through the following channels:

Email

Send from your registered email address to kvkk@growthpulse.com.tr

Postal Mail

GrowthPulse Analitik Çözümler Ltd. Şti. — KVKK Başvuruları — Cemil Bilgiç, Yenişehir Mah. Ankara Cad. No:403/1, 34912 Pendik/İstanbul, Türkiye

In person

At the above address, by appointment

Phone (information only)

+90 (216) 218 00 90 — for information about the process; formal applications must be submitted in writing

Your request must include: Turkish ID (TCKN) and a copy for identity verification, signed request letter, contact details (address, email, phone), and the specific request type (information, correction, deletion, objection, etc.).

Processing timeline:

  • Acknowledgement of receipt: within 5 business days
  • Identity verification: within 5 business days
  • Response: within 30 days (KVKK legal maximum)
  • Response method: written or electronic, as you prefer

10. Data Security Measures

Technical Measures

  • TLS/SSL encryption for all data transfers
  • Encrypted storage for databases and backups
  • Role-based access control with multi-factor authentication
  • Access logs reviewed periodically
  • Firewall and monitoring systems protecting infrastructure
  • Regular vulnerability assessments
  • Scheduled backups stored in secure environments

Administrative Measures

  • KVKK training for all personnel
  • Signed confidentiality undertakings
  • Regular security awareness training
  • Written data processing and retention policies
  • Incident response procedure
  • Periodic internal KVKK compliance audits

In case of a data breach: The Turkish Personal Data Protection Authority (KVKK) will be notified within the legally prescribed timeline. Affected individuals will be notified as soon as reasonably possible with details of the breach, data categories affected, measures taken, and recommended mitigations.

11. Cookies

The RTMPlatform website uses cookies for essential functionality and analytics (with your consent via the cookie banner). For the full cookie inventory, categories, and management instructions, see our Cookie Policy.Cookie Policy.

12. Contact and Complaints

For any KVKK-related inquiry, complaint, or rights request, contact us:

  • Email: kvkk@growthpulse.com.tr

  • Phone: +90 (216) 218 00 90 (Monday–Friday, 09:00–18:00 TRT)

  • Postal Mail: GrowthPulse Analitik Çözümler Ltd. Şti., KVKK Başvuruları — Cemil Bilgiç, Yenişehir Mah. Ankara Cad. No:403/1, 34912 Pendik/İstanbul, Türkiye

Filing a complaint with KVKK Authority: If you believe your rights have been violated, you may file a complaint with the Turkish Personal Data Protection Authority after first applying to us. If we reject your request or fail to respond within 30 days, you have 60 days from that point to file with the Authority.

KVKK Authority:

  • Online: https://kvkk.gov.tr
  • Address: Kişisel Verileri Koruma Kurumu, Nasuh Akar Mah. Ziyabey Cad. 1407. Sok. No:4, 06520 Balgat–Çankaya/Ankara, Türkiye
This document is prepared under Law No. 6698 on the Protection of Personal Data and related legislation. It is informational and does not constitute legal advice. For specific circumstances, please consult a qualified attorney.