KVKK & GDPRPrivacy policy

MobiGate Personal Data Protection and Privacy Policy

Last Updated: March 25, 2026

Data Controller: MobiGate (hereinafter referred to as "MobiGate", the "Platform" or "We")

Website: https://mobigate.io

At MobiGate, we attach the highest importance to the personal data and privacy of our valued customers ("Customer" or "User"). The data you share with us while using our services is processed and protected with great care within the scope of the Constitution, the Turkish Personal Data Protection Law No. 6698 (KVKK), Law No. 5651 and the EU General Data Protection Regulation (GDPR).

1. Collected Personal Data and Collection Methods

In order for you to benefit from our services securely and in compliance with applicable laws, the following data may be collected electronically via automatic or non-automatic means when you register on our platform or use our services:

Identity and contact information

First name, last name, email address, phone number and (for corporate customers) company/invoicing information.

Financial data

Invoices and transaction dates related to purchases. (Your credit card details are never stored on our systems; they are transmitted encrypted directly to secure payment providers such as PayTR or Stripe.)

Traffic and system usage data

IP address used to log in, connection date/time stamps, proxy port information used, and system log records, within the scope of Law No. 5651.

Communication records

Support tickets, email correspondence, and call/chat records with our customer service, where applicable.

2. Purposes of Processing Personal Data

Your personal data is processed for the following purposes in accordance with the processing conditions specified in Articles 5 and 6 of KVKK and the relevant provisions of GDPR:

Providing mobile proxy services, account activation, and managing technical support processes.

Carrying out financial, accounting and invoicing procedures in a lawful manner.

Performing customer risk analysis and detecting/preventing fraud and abuse attempts.

Ensuring the security of our mobile network infrastructure, servers and hardware.

Fulfilling mandatory log retention obligations under Law No. 5651.

Responding to official and legal requests from authorized administrative and judicial authorities.

3. Legal Grounds for Processing Personal Data

Your data is processed based on the legal grounds below as set out in Article 5 of KVKK:

Being directly related to the establishment or performance of a contract (e.g., delivery of the service you purchased).

Being mandatory for the data controller to fulfill its legal obligations (e.g., retaining traffic logs for statutory periods).

Being necessary for the legitimate interests of the data controller, provided that it does not harm fundamental rights and freedoms.

Where required (e.g., marketing communications), obtaining the User’s explicit consent.

4. Transfer of Personal Data (Who We Share It With and Why)

MobiGate does not sell or rent personal data to third parties for advertising, marketing, or commercial purposes. Your data may only be shared to perform specific services and comply with legal obligations, including with:

Payment providers

Only the necessary transaction data (name, surname, amount) may be transferred to secure payment infrastructure providers for collection and refunds.

Financial and legal advisors

May be shared with accounting firms and law offices for keeping official records, invoicing and managing potential legal processes.

Authorized public institutions

If a duly submitted legal request is received from authorities such as law enforcement, prosecutors’ offices, courts and ICTA/BTK, required traffic and identity information may be shared due to our legal obligations.

5. Data Security and Retention Period

Security measures: We take top-level administrative and technical measures such as 256-bit SSL encryption, firewalls and server-based access restrictions to protect your data from unauthorized access, loss or alteration.

Retention period: Your personal data is retained for as long as required by the purpose of processing. Under Law No. 5651, internet traffic logs are stored encrypted with time stamps for 2 (two) years. Financial records are retained for the limitation periods stipulated by the relevant financial legislation. Once the periods expire, data is securely deleted, destroyed or anonymized.

6. Your Rights (KVKK Article 11 and GDPR)

Under KVKK Article 11 and, where applicable, GDPR, you have the following rights regarding your personal data:

To learn whether your personal data is processed and, if processed, to request information.

To learn the purpose of processing and whether it is used in accordance with that purpose.

To learn the third parties to whom your data is transferred domestically or abroad.

To request correction of incomplete or inaccurate data.

To request deletion or destruction of data, subject to statutory retention obligations.

To request compensation if you suffer damage due to unlawful processing.

To exercise these rights and submit requests, you may apply in writing to [email protected] from your registered email address along with identity-verifying information. Your requests will be concluded free of charge within 30 (thirty) days at the latest.