Legal
Data Processing Agreement
Version 1.1 · Effective: 2026-06-13 · Last updated: 2026-06-13
For ordinary self-hosted deployments, platform data never reaches AuthDeep. This DPA covers personal data supplied to AuthDeep for support or contracted managed services.
1. Parties and scope
This Data Processing Agreement forms part of the agreement between the customer as Controller and KLİNİK TEKNOLOJİ VE TİCARET LİMİTED ŞİRKETİ, operator of AuthDeep, as Processor where AuthDeep processes personal data on the Controller's behalf. It does not apply to platform data that remains solely in a customer-operated self-hosted deployment.
2. Processing details
Processing supports service delivery, support, diagnosis, and contracted operations for the agreement term plus stated retention periods. Data may include contact details, support content, diagnostic material, and personal data the Controller chooses to provide about personnel or end users. Controllers must minimize submitted data.
3. Processor duties
AuthDeep processes data only on documented instructions, limits access to personnel under confidentiality duties, applies appropriate technical and organizational security, assists with data-subject requests and compliance inquiries, and deletes or returns data at the end of processing unless law requires retention.
4. Security and incidents
Controls include TLS on every hop, access control, tenant isolation, secure session handling, structured security logging, and audit records. AuthDeep will notify the Controller without undue delay after confirming a personal-data breach affecting Controller data and will support reasonable investigation and notification duties.
5. Subprocessors and transfers
AuthDeep uses a minimal set of infrastructure providers, including Cloudflare for public-site delivery. General authorization is granted for necessary subprocessors, with notice of material changes and a reasonable objection process. Restricted international transfers use applicable safeguards, including Standard Contractual Clauses where required.
6. Assistance and audits
AuthDeep will provide information reasonably necessary to demonstrate compliance and permit proportionate audits under reasonable notice, scope, frequency, security, and confidentiality conditions. Each party remains responsible for its legal role.
7. Liability, precedence, and execution
The underlying agreement's liability limits apply. This DPA controls conflicts concerning personal-data processing. A countersigned copy may be requested through the Support Portal; this published version applies to qualifying processing from its effective date.
8. Processor identity
KLİNİK TEKNOLOJİ VE TİCARET LİMİTED ŞİRKETİ. MERSİS No: 0293121197200001. Trade Registry No: 1115595. Address: Zeytinlik Mah. Fişekhane Cad. No:5, Workinton Carousel, Bakırköy/İstanbul, Türkiye.