Privacy Policy

1. Introduction & Data Controller

This Privacy Policy explains how PROCUX Teknoloji Anonim Şirketi, the company that operates the Procux AI platform and the website at https://www.procux.com (together, "Procux AI", "we", "us" or "our"), collects, uses, shares and protects your personal data.

For the purposes of applicable data-protection law, PROCUX Teknoloji Anonim Şirketi is the data controller responsible for your personal data. You can reach us about any privacy matter at legal@procux.com or by writing to our registered address set out at the end of this policy.

By using our services you acknowledge the data practices described here. This policy should be read together with our Terms of Service and Refund Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

We collect the following categories of personal data:

• Account data — your name, email address, company name and phone number, provided when you register or update your profile;

• Usage data — how you interact with the platform, including features used, configuration choices, performance metrics and event logs;

• Technical data — your IP address, device type, operating system and browser information, collected automatically when you access the service;

• Communications — the content of support requests, email correspondence, feedback and survey responses you send to us.

Payment-related data — when you purchase a subscription, your card and payment details are collected and processed directly by our payment provider, Paddle.com Market Limited ("Paddle"). We do not receive or store your full card number or other sensitive payment credentials on our servers; we receive only limited billing information (such as your name, billing country and a transaction reference) needed to manage your account and invoices.

3. How & Why We Use Your Data

We use the personal data we collect for the following purposes:

• to operate, provide and maintain the platform and its features;

• to manage your account, process subscriptions and handle billing;

• to provide customer support and respond to your enquiries;

• to keep the service secure and to detect, prevent and investigate fraud or abuse;

• to comply with our legal and regulatory obligations;

• to analyse usage and improve our products, features and user experience;

• to send you service-related communications, and, where you have consented, optional marketing communications which you can withdraw at any time.

4. Legal Bases for Processing

We process personal data in accordance with the Turkish Personal Data Protection Law (KVKK), Law No. 6698, and, where it applies to you, the EU General Data Protection Regulation (GDPR).

Depending on the activity, we rely on one or more of the following legal bases: the performance of a contract with you (for example, to provide the service and process your subscription); your consent (for example, for optional marketing or non-essential cookies); our legitimate interests (for example, to secure and improve the service), balanced against your rights; and compliance with a legal obligation (for example, retaining invoices for the period required by law).

Where we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sharing & Third Parties

We do not sell your personal data, and we do not rent or trade it. We share personal data only with the limited categories of recipients described below, and only as needed to run our service.

Merchant of Record / payment processor — Paddle.com Market Limited ("Paddle") acts as the Merchant of Record for our purchases. As such, Paddle processes your payment, handles billing and payment-method processing, screens for fraud, and calculates, collects and remits applicable taxes, in accordance with its own privacy notice presented at checkout.

Service sub-processors — trusted providers that support our operations, such as cloud hosting and infrastructure, analytics, email delivery and customer-support tooling. These providers may process personal data only on our instructions and under appropriate confidentiality and data-protection commitments.

Legal and corporate matters — we may disclose personal data where required by law, court order or a request from a competent authority, to protect our rights or the security of the service, or in connection with a merger, acquisition or transfer of assets.

6. International Data Transfers

Some of our service providers and infrastructure are located outside Türkiye and the European Economic Area (EEA). As a result, your personal data may be transferred to, stored in, or processed in other countries.

Where we transfer personal data internationally, we take steps to ensure it remains protected by appropriate safeguards, such as transfers to countries recognised as providing an adequate level of protection or transfers made under standard contractual clauses or equivalent legal mechanisms.

7. Data Retention

We retain personal data only for as long as it is necessary for the purposes for which it was collected, including to provide the service, manage your account and resolve disputes.

We may keep certain data for longer where we are required to do so by law — for example, billing and tax records must be retained for the period mandated by applicable accounting and tax legislation. When data is no longer needed, we delete it or anonymise it.

8. Data Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse or alteration.

These measures include encryption of data in transit and at rest, access controls and authentication, network protections, and internal policies governing how our personnel handle personal data.

No method of transmission or storage is completely secure, so while we work to protect your data we cannot guarantee absolute security. We encourage you to use a strong, unique password and to keep your login credentials confidential.

9. Your Rights

Under KVKK Article 11 and, where applicable, the GDPR, you have rights in relation to your personal data. These include the right to learn whether your data is being processed and to request information about it, the right of access to your data, and the right to have inaccurate or incomplete data rectified.

You also have the right, in the circumstances provided by law, to request erasure of your data, to request restriction of processing, to data portability, to object to certain processing, and to withdraw any consent you have given.

To exercise any of these rights, contact us at legal@procux.com. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with the competent data-protection authority.

10. Cookies

We use essential cookies that are necessary for the website and platform to function, and analytics cookies that help us understand how the service is used so we can improve it.

You can manage or disable cookies through your browser settings. Blocking essential cookies may affect the availability or functionality of parts of the service.

11. Children's Privacy

Our services are intended for businesses and are not directed to anyone under the age of 18, and we do not knowingly collect personal data from children.

If you believe that a child under 18 has provided us with personal data, please contact us at legal@procux.com so that we can take appropriate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. The "Last updated" date below reflects the latest version.

This policy was last updated on 21 June 2026. For material changes we will provide reasonable notice, for example by email or an in-product notice. Continued use of the services after changes take effect constitutes acceptance of the updated policy.

13. Company Details & Contact

Legal entity

PROCUX Teknoloji Anonim Şirketi

Registered address

Çağış Mah. Çağış 15. Sk., Balıkesir Teknokent No: 2 İç Kapı No: 39, Bigadiç Balıkesir, Türkiye

MERSİS No

0733122829700001

VKN

7331228297

Vergi Dairesi

Kurtdereli Vergi Dairesi

Ticaret Sicil No

23482

Email

legal@procux.com

Phone

+90 266 606 06 93