1. Data We Collect
Opredo collects data from two sources. Directly from you: the name, surname, email, phone, and company details you enter during registration, plus the invoice, customer, stock, and cash records you create while using the platform. From third-party identity providers: when you choose 'Sign in with Google', 'Sign in with GitHub', or 'Sign in with Apple', the provider shares basic profile information with us (see Section 6).
2. How We Use Your Data
The personal data we collect is processed only for the following purposes: creating your account and verifying your identity, delivering the services you request, essential platform communications (confirmation emails, security notifications), meeting legal obligations (KVKK, Turkish tax and accounting law), and anonymous analytics to improve service quality.
3. Data Security
Your data is encrypted at rest with AES-256 and in transit over TLS 1.3. Infrastructure runs in ISO 27001 certified data centers; passwords are hashed with bcrypt and never stored in plain text. Access is controlled through two-factor authentication, role-based authorization, and audit logging.
4. KVKK Compliance and User Rights
Opredo processes data in full compliance with Turkish Law No. 6698 on the Protection of Personal Data (KVKK). Your rights under the law: to learn whether your data is processed; to request information about the processing; to learn the purpose of processing and whether it is used for that purpose; to request correction if the data is incomplete or inaccurate; to request deletion or destruction; to object to the processing; to claim compensation for damages caused by unlawful processing. To exercise these rights, write to info@opredo.com — we respond within the statutory period.
5. Cookie Policy
Our website uses cookies to improve user experience, remember your sign-in state, and collect anonymous analytics. Consent is obtained for non-essential cookies and you can manage preferences in your browser. The full list is on our Cookie Policy page.
6. Google User Data
When you use 'Sign in with Google', Opredo receives only the following basic information from your Google account via the Google OAuth 2.0 protocol: your email address, your name, and your profile picture. We do NOT request access to any other Google service (Gmail, Calendar, Drive, Contacts, etc.) and have no access to that data. This information is used solely to create your Opredo account, verify your identity, and display your name and profile picture in your account UI. Data obtained from Google is never shared with, sold to, or used for advertising, marketing, or third-party analytics; it is only shared with the essential technical infrastructure providers listed in Section 7. This data is retained for as long as your account is active. To delete your account or stop Google data processing, write to info@opredo.com or revoke Opredo's access with one click at https://myaccount.google.com/permissions. After revocation, any Google-sourced data we hold is permanently deleted within 30 days. The same principles apply to 'Sign in with GitHub' and 'Sign in with Apple'.
7. Third-Party Sharing
Opredo does not share, rent, or sell your personal data to third parties for advertising or marketing. Data is only shared with the technical infrastructure providers required to operate the service, under contracts and data processing agreements: hosting infrastructure (server and database providers), error tracking and system health (Sentry — anonymous technical data only), payment processing (PayTR — only during the payment itself and only the information required for the transaction), identity providers (Google, GitHub, Apple — only when you opt in to that sign-in method), transactional email service. Beyond legal obligations (court order, official authority request), no data is shared with any other third party.
8. Data Retention and Deletion
Your personal data is retained while your account is active and for as long as service delivery requires. When you delete your account, your personal data is permanently deleted within 30 days, except for records subject to legal retention (such as invoices and accounting entries). Records whose legal retention period has expired are automatically anonymized or deleted. To request deletion, write to info@opredo.com.
9. Policy Changes
This privacy policy may be updated due to legal requirements or service changes. For material changes, we notify you in advance through your registered email address. The current version is always published on this page; the 'Last updated' date at the top shows the most recent revision.
10. Contact
For questions about our privacy policy or for data access / deletion requests, you can reach us at info@opredo.com. We respond within the statutory period.