Legal
Privacy Policy
Last updated: 7 July 2026
This Privacy Policy explains how İdeasets Teknoloji Yapay Zeka Ticaret A.Ş. ("GeoMagics", "we", "us") collects, uses, discloses and safeguards personal data when you use geomagics.com and related services (the "Service"). We designed the Service to be privacy-by-default: nothing beyond what is strictly necessary is collected until you actively consent.
1. Data controller & contact
The data controller responsible for your personal data is İdeasets Teknoloji Yapay Zeka Ticaret A.Ş., a joint-stock company incorporated in the Republic of Türkiye (a country outside the EU/EEA).
- Trade name: İdeasets Teknoloji Yapay Zeka Ticaret A.Ş.
- Privacy & data-protection contact: privacy@geomagics.com
- Because we are established outside the EU/EEA and the UK but offer the Service to individuals there, GDPR Art. 27 and UK GDPR require us to designate representatives in those regions. Until a named representative is appointed, you may address representative, supervisory-authority-liaison and any data-protection-officer requests to us at the contact above, and we will act on them within the statutory time limits. We will publish the representatives' details here as soon as they are designated.
2. Scope & the laws that apply
Because our users are worldwide, we apply the strictest applicable regime to everyone. This policy is written to satisfy, at minimum:
- the EU/EEA General Data Protection Regulation (GDPR 2016/679) and the ePrivacy Directive;
- the UK GDPR and Data Protection Act 2018;
- the California Consumer Privacy Act as amended by the CPRA, and comparable U.S. state laws (Virginia VCDPA, Colorado CPA, Connecticut, etc.);
- the Turkish Personal Data Protection Law No. 6698 (KVKK).
3. What personal data we collect
We collect only the categories we actually need:
- Account data — your name, email address, workspace/company name, and a securely hashed password (argon2id; we never store or see the plaintext).
- Subject-of-analysis data — the website domains, mobile app/game identifiers or brand names you ask us to analyze, and the publicly available information we collect about them.
- Usage & device data — with your consent, anonymized analytics events (pages viewed, features used), approximate location derived from IP (which is anonymized), browser and device type.
- Communications — messages you send us (support, sales) and their contents.
- Billing data — if you subscribe, billing details are processed by our payment processor; we store only subscription status and invoices, never full card numbers.
We do not intentionally collect special-category data (health, biometrics, political opinions) and ask that you do not submit it.
4. Why we use it & our legal bases
Under GDPR Art. 6, each purpose maps to a specific legal basis:
- Providing the Service (running scans, building your growth reports, maintaining your account) — performance of a contract (Art. 6(1)(b)).
- Security, fraud prevention and abuse limiting (rate limits, session integrity) — legitimate interests (Art. 6(1)(f)).
- Analytics and product improvement — your consent (Art. 6(1)(a)); withdrawable any time.
- Advertising / measurement, where enabled — your consent (Art. 6(1)(a)); off by default worldwide.
- Legal compliance (tax, accounting, responding to lawful requests) — legal obligation (Art. 6(1)(c)).
7. International transfers
Data may be processed in the EU, the United States, Türkiye and other regions where our providers operate. Where data leaves the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) together with supplementary technical measures such as encryption in transit and at rest.
8. How long we keep data
We keep account data for as long as your account is active and for a limited period afterward to meet legal and accounting obligations. Anonymized analytics are retained on a rolling basis (default 14 months in GA4). Scan artifacts tied to your account are deleted when you delete the corresponding entity or your account.
9. Your rights
Depending on your jurisdiction, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your data ("right to be forgotten");
- restrict or object to processing;
- data portability;
- withdraw consent at any time, without affecting prior processing;
- for California residents: know, delete, correct, and opt out of sale/sharing, without discrimination;
- lodge a complaint with your supervisory authority (e.g. your EU DPA, the UK ICO, or the Turkish KVKK Board).
To exercise any right, email privacy@geomagics.com. We respond within the timeframe your law requires (30 days under GDPR; 45 days under CPRA).
10. How we protect data
We apply defense-in-depth: TLS everywhere, encryption at rest, argon2id password hashing, tenant isolation with row-level security, least-privilege access, secret management, and continuous monitoring. No system is perfectly secure, but we design to fail safe.
11. Children
The Service is intended for businesses and is not directed at children under 16. We do not knowingly collect their data; if you believe a child has provided us data, contact us and we will delete it.
12. Changes to this policy
We may update this policy to reflect changes in our practices or the law. Material changes will be announced in-product or by email, and the "Last updated" date above will change.