Privacy Policy

GNSAC Information Technologies Ltd. Sti. ("GNSAC", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (gnsac.com.tr, gnsac.com) or use our cybersecurity products and services. We operate in compliance with the General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK - Law No. 6698), and other applicable data protection laws.

We collect information in the following ways: 2.1 Information You Provide: • Contact information (name, email address, phone number, company name) • Account credentials for our platforms (GNSAC Vigil, GNSAC Phishing, GNSAC Dark Search) • Communication records when you contact our support team • Payment and billing information for subscriptions 2.2 Information Collected Automatically: • IP address and device information • Browser type and operating system • Pages visited and time spent on our website • Referral source and navigation paths 2.3 Information from Our Products: • Threat intelligence data processed through GNSAC Vigil • Phishing simulation campaign results (anonymized and aggregated) • Dark web monitoring alerts related to your organization's assets • Security event logs for audit and compliance purposes

We use collected information for the following purposes: • Service Delivery: To provide, maintain, and improve our cybersecurity products and services • Security Operations: To detect, prevent, and respond to security threats and incidents • Communication: To send service updates, security alerts, and respond to inquiries • Compliance: To meet legal obligations and regulatory requirements (GDPR, KVKK) • Analytics: To analyze usage patterns and improve user experience • Billing: To process payments and manage subscriptions We do NOT: • Sell your personal data to third parties • Use your data for targeted advertising • Share threat intelligence data that could identify you without consent

We implement industry-standard security measures to protect your data: • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256) • Access Control: Role-based access control (RBAC) with principle of least privilege • Audit Logging: Immutable audit logs for all system activities • Infrastructure: ISO 27001-aligned security controls and processes • Monitoring: 24/7 security monitoring and incident response capabilities • Data Centers: Enterprise-grade facilities with physical security controls Our products are designed with privacy-by-design principles and undergo regular security assessments.

GNSAC operates from Turkey (Istanbul) and the United Arab Emirates (Dubai). When we transfer personal data outside the European Economic Area (EEA) or Turkey, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by the European Commission • Binding Corporate Rules where applicable • Adequacy decisions for transfers to approved countries Your data may be processed in: • Turkey (primary data center) • European Union (backup and redundancy) • United Arab Emirates (regional operations)

Under GDPR and KVKK, you have the following rights: • Right to Access: Request a copy of your personal data • Right to Rectification: Correct inaccurate or incomplete data • Right to Erasure: Request deletion of your data ("right to be forgotten") • Right to Restriction: Limit how we process your data • Right to Portability: Receive your data in a structured, machine-readable format • Right to Object: Object to processing based on legitimate interests • Right to Withdraw Consent: Withdraw consent at any time To exercise these rights, contact us at: privacy@gnsac.com.tr We will respond to your request within 30 days (or as required by applicable law).

We retain personal data only for as long as necessary: • Account Data: Duration of service agreement plus 5 years for legal compliance • Security Logs: 12-24 months depending on regulatory requirements • Threat Intelligence: Aggregated and anonymized data may be retained indefinitely • Marketing Data: Until you unsubscribe or request deletion • Support Records: 3 years from last interaction When data is no longer needed, it is securely deleted or anonymized.

For privacy-related inquiries or to exercise your rights: Data Protection Officer: Email: privacy@gnsac.com.tr Phone: +90 216 706 40 65 Registered Address: GNSAC Information Technologies Ltd. Sti. Şefikbey Sokak Archerson Köşkü No:3, Oda No:301 Kadıköy – Zühtüpaşa, TR-34724 Istanbul, Turkey Company Registration: Trade Registry: Istanbul Trade Registry No: 302689-5 MERSIS No: 0396135396400001 Tax Office: Göztepe V.D. Tax ID: 3961353964 Supervisory Authority: For complaints, you may contact the Turkish Personal Data Protection Authority (KVKK) or your local data protection authority.