Privacy Notice (KVKK / GDPR)

Last Updated: February 24, 2026

Under Turkish KVKK Law No. 6698 and the EU GDPR, KRATS YAZILIM FAALİYETLERİ processes your personal data as follows.

1. Data Controller

Legal Name: KRATS YAZILIM FAALİYETLERİ Headquarters: Ankara, Turkey Email: info@kratsonline.com Phone: +90 850 346 8601

We process:

Identity: Name, tax/legal ID (for invoicing)
Contact: Email, phone, address
Financial: Payment records (via iyzico/Paddle)
Transaction: Account, subscription records
Technical: IP address, log records
Patient data (controlled by the clinic user): stored locally on the device with at-rest encryption

Cloudflare (global edge network) — application infrastructure, DNS/CDN, Workers, R2 object storage, D1 database
Neon Inc. (PostgreSQL) — user/subscription database (eu-central-1 Frankfurt)
Payment processors — iyzico (TR), Paddle (international)
Resend — transactional email
Government authorities — when legally required

Your patient data is encrypted at rest on your device using AES-256 (SQLCipher). The master key is stored in your operating system keychain (macOS Keychain / Windows Credential Locker / Linux Secret Service) and is never transmitted to KRATS servers.
If you enable cloud backup, data is encrypted on-device first, then stored in encrypted form on Cloudflare R2. Neither Cloudflare nor KRATS can read backup contents without your master key (zero-knowledge architecture).
License and subscription traffic is end-to-end encrypted with TLS 1.2+; app–server API calls are signed with HMAC-SHA256.
All service traffic runs on the Cloudflare global edge; the legacy AWS EC2 relay infrastructure has been retired.
Per-device session binding (HWID), activation email alerts, and administrative audit logs guard against unauthorized access.

Contact: info@kratsonline.com from your registered email. We respond within 30 days, free of charge.

Sorularınız için: info@kratsonline.com