New Year Campaign: Don't miss 20% off on annual plans!Details
This privacy notice has been prepared in accordance with the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK") and related secondary legislation to explain the procedures and principles governing the processing of personal data of individual users and business representatives who use the Randevu Plus platform. At Randevu Plus, we place the utmost importance on the security of your personal data and are committed to processing it in a lawful, transparent, and accountable manner.
The Randevu Plus software platform operates under the laws of the Republic of Turkey. We act as the "Data Controller" with respect to your personal data within the scope of KVKK. For the customer data of businesses using the platform, Randevu Plus may serve as a "Data Processor," in which case the respective business holds the Data Controller status. Up-to-date contact information for the Data Controller can be found on our website's Contact and Help Center pages.
Your personal data is processed for the following purposes: providing appointment creation, scheduling, reminder, and calendar management services; operating and personalizing the business management dashboard; serving customers through online booking pages and reservation widgets; managing subscription and payment transactions and issuing invoices and financial documents; communicating and providing notifications via SMS, email, WhatsApp, Instagram, and Telegram channels; measuring customer satisfaction and improving service quality; fulfilling legal obligations and reporting to regulatory bodies; ensuring platform security and preventing unauthorized access and fraud; statistical analysis and anonymous reporting for service improvement; and managing staff operations including shift planning, leave tracking, and commission calculations.
Through our platform, the following categories of personal data are processed: identity data (first name, last name, Turkish national ID number, profile photo), contact data (email address, phone number, address information), account data (username, password hash, account preferences, role and permission information), financial data (invoice information, subscription details, payment history — credit card information is not stored directly but processed by PCI DSS-compliant payment infrastructure), transaction data (appointment records, service history, customer notes, cancellation and modification logs, inventory movements), communication data (messages sent and received through the platform, SMS and email interaction records, WhatsApp/Instagram/Telegram integration data), technical data (IP address, browser type, operating system, device identifiers, session durations, cookie data), and location data (business and branch addresses, geographic coordinates for map integration).
Your personal data is collected through automatic and non-automatic methods via the website, mobile application, API integrations, management dashboard, and third-party service providers (payment processors, SMS/email services, social media platforms). The legal grounds specified in Articles 5 and 6 of KVKK form the basis for processing your data: performance of a contract (providing platform services, subscription management), explicit legal obligation (tax legislation, traffic data under Law No. 5651), legitimate interest of the data controller (service improvement, fraud prevention, analytics), establishment, exercise, or protection of a right (evidence in legal disputes), and explicit consent (marketing communications, cookie preferences, third-party integrations).
Your personal data may be shared with domestic and international recipient groups in accordance with Articles 8 and 9 of KVKK for the purposes stated above: payment service providers (Iyzico/Stripe — PCI DSS compliant, only within the scope of payment transactions), cloud infrastructure providers (Google Cloud Platform/Firebase — data hosting and processing, EU and Turkey locations prioritized), communication service providers (NetGSM, Amazon SES — SMS and email delivery), analytics service providers (PostHog, Microsoft Clarity — anonymized usage data), social media platforms (Meta/WhatsApp, Telegram — only within the scope of the business's active integrations), and authorized public institutions as required by law. For cross-border data transfers, the safeguards under Article 9 of KVKK (adequacy decision, standard contractual clauses, or explicit consent) are ensured.
To protect the security of your personal data, we implement TLS 1.2+ encryption during transmission, AES-256 encryption for data at rest, strong password hashing algorithms (bcrypt), role-based access control (RBAC) with the principle of least privilege, multi-factor authentication (MFA) support, regular security audits and penetration testing, firewall and DDoS protection layers, automated backup and disaster recovery procedures, access log monitoring and anomaly detection, and data security training for employees. Payment information is not stored directly in our systems but processed by PCI DSS-compliant third-party payment processors.
Under Article 11 of KVKK, you have the following rights regarding your personal data:
Our platform uses mandatory cookies for core functionality (session management, security, language preferences), analytics cookies for service improvement (anonymous usage statistics via PostHog and Microsoft Clarity), and optional marketing cookies. You can change your cookie preferences at any time through the cookie management panel on the platform. Cookies other than mandatory ones are activated only with your explicit consent. Our platform does not use fully automated decision-making processes that directly affect users; analytical processes are conducted on anonymous and aggregated data for the purpose of improving service quality.
Your personal data is retained for the duration required by the processing purposes and within the legal retention periods prescribed by relevant legislation. Account data is retained for the duration the account is active and for 3 years from the date of closure, financial and invoice data for 10 years under the Tax Procedure Law, communication records for 3 years, traffic and log data for 2 years under Law No. 5651, and cookie data for a maximum of 13 months. Upon expiration of retention periods, your data is securely deleted, destroyed, or anonymized ex officio or upon request in accordance with the Regulation on Deletion, Destruction, or Anonymization of Personal Data.
To exercise your rights under KVKK, you may submit a written application to kvkk@randevu.plus along with information verifying your identity. Applications will be responded to free of charge within 30 days at the latest; if the transaction requires an additional cost, the tariff determined by the Personal Data Protection Board may apply. We reserve the right to update this privacy notice in line with legislative changes and platform updates; significant changes will be announced via email and platform notifications. If you believe your rights have been violated, you have the right to file a complaint with the Personal Data Protection Board (www.kvkk.gov.tr).
