Skip to content
PosantoPosanto

Privacy Policy

Last Updated: May 2026

1. Data Controller

Tengra Teknoloji (operating under the Posanto brand) is the data controller responsible for processing your personal data. You can reach us at info@posanto.com for any privacy-related inquiries.

2. Data We Collect

We collect the following categories of personal data: (a) Identity data — full name, national ID number (where required by law for invoicing); (b) Contact data — email address, phone number, postal address; (c) Account data — username, password hash; (d) Transaction data — subscription purchases, payment method details (processed by our payment provider), invoices; (e) Usage data — pages visited, session duration, device and browser information, IP address; (f) Business data — branch, table, tab, inventory, and customer loyalty records.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under KVKK (Law No. 6698) and the GDPR where applicable: (a) Performance of a contract — to deliver the subscription service you purchase and manage your account; (b) Legal obligation — to comply with tax, accounting, and electronic commerce regulations; (c) Legitimate interest — to improve our services, ensure platform security, and prevent fraud; (d) Explicit consent — for marketing communications and analytics cookies. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

Your personal data is used for: (a) providing and personalizing the POS, order management, and customer loyalty experience; (b) processing payments and issuing invoices; (c) communicating account-related updates and support responses; (d) analyzing usage patterns to improve content quality and platform performance; (e) complying with legal and regulatory obligations; (f) sending promotional communications (only with your explicit consent).

5. Data Sharing & Recipients

We share your data only in the following circumstances: (a) Payment processors — to complete your transactions securely; (b) Cloud infrastructure providers — for hosting and data storage; (c) Analytics providers — in anonymized or pseudonymized form; (d) Legal authorities — when required by law, court order, or regulatory obligation. We do not sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside of Türkiye for cloud hosting and service delivery. Such transfers are safeguarded by Standard Contractual Clauses or equivalent mechanisms approved by the Turkish Personal Data Protection Authority (KVKK Board) and, where applicable, the European Commission.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. After account deletion, we retain certain data as required by Turkish commercial and tax law (minimum 10 years for financial records). Usage data collected for analytics purposes is anonymized after 24 months.

8. Data Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and incident response procedures. In the event of a data breach that poses a risk to your rights, we will notify the KVKK Board and affected individuals without undue delay as required by law.

9. Your Rights

Under KVKK Article 11, you have the right to: (a) learn whether your data is being processed; (b) request information about your data processing; (c) learn the purpose of processing and whether data is used accordingly; (d) know any third parties to whom your data has been transferred; (e) request correction of incomplete or inaccurate data; (f) request deletion of your data when the legal basis for processing ceases; (g) object to automated decision-making and profiling; (h) claim compensation for damages arising from unlawful processing. To exercise your rights, contact us at info@posanto.com.

10. Children's Privacy

Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform at least 30 days before taking effect. Your continued use of the platform after the effective date constitutes acceptance of the updated policy.