KVKK Policy
Last updated: June 10, 2026
This Policy explains the rules adopted by Sistem Patent A.Ş., the operator of the Doxwo platform, for the protection and processing of personal data under the Turkish Personal Data Protection Law No. 6698 (KVKK). For a summary of processing specific to Doxwo, see the Privacy Notice; the full corporate policy is published at sistempatent.com.tr in Turkish.
1. Scope
This Policy covers all personal data of Doxwo customers, prospective customers, and site visitors that is processed by automated means, or by non-automated means as part of a data filing system.
2. Principles of Processing
- Processing lawfully and in line with the principles of good faith
- Keeping personal data accurate and, where necessary, up to date
- Processing for specified, explicit, and legitimate purposes
- Processing in a way that is relevant, limited, and proportionate to those purposes
- Retaining data only for the period required by law or by the purpose of processing
3. Conditions for Processing
Personal data is processed with the explicit consent of the data subject, or where one of the other conditions under KVKK Article 5/2 applies:
- Processing is expressly provided for by law
- Processing is directly related to the establishment or performance of a contract
- Processing is necessary to fulfill a legal obligation
- The data was made public by the data subject
- Processing is necessary to establish, exercise, or protect a right
- Processing is necessary for the legitimate interests of the controller, provided it does not harm the fundamental rights and freedoms of the data subject
4. Transfers
Personal data is transferred under KVKK Articles 8 and 9 with the necessary safeguards, and only to the extent required to provide the service. For Doxwo, the recipients are: Resend (transactional email), OpenRouter and DeepSeek (AI processing; transfer abroad), Cloudflare (content delivery network), Hetzner (hosting within the EU), related companies inside the Sistem org (for account, sales, and support purposes), and legally authorized public institutions.
5. Special Categories of Personal Data
Doxwo does not request or process special categories of personal data (race, ethnic origin, political opinion, belief, health, sexual life, biometric and genetic data, and similar). Please do not enter such data into free-text fields; if such data is entered by mistake and detected, it is deleted.
6. Retention, Deletion, and Anonymization
Personal data is retained for the period required by law or by the purpose of processing. When the reasons requiring processing no longer exist, the data is deleted, destroyed, or anonymized, either on our own initiative or upon the request of the data subject, following the methods set out in the guidelines of the Personal Data Protection Board.
7. Data Security Measures
Under KVKK Article 12, the company takes the technical and administrative measures necessary to prevent unlawful processing of and access to personal data and to ensure its safekeeping. For Doxwo specifically, data is transmitted over encrypted connections (TLS), passwords are stored only as irreversible hashes, access is authorized per tenant, and regular backups are taken.
8. Data Subject Rights and Applications
Data subjects can exercise their rights under KVKK Article 11 by sending their request to [email protected], or in writing to Adalet Mah. Şht. Polis Fethi Sekin Cad. No:6 Ventus Tower Kat:18 D:184 Bayraklı / İZMİR, Turkiye. The data subject application form may be used. Applications are concluded within 30 days at the latest, per KVKK Article 13. The full list of rights is on the Privacy Notice page.
9. Data Controller
Sistem Patent A.Ş. Address: Adalet Mah. Şht. Polis Fethi Sekin Cad. No:6 Ventus Tower Kat:18 D:184 Bayraklı / İZMİR, Turkiye. Email: [email protected].