KVKK & GDPR – Data Protection Notice

Last updated: February 2026

1. Introduction and scope

This notice explains how Kids Safe Browser and SMT Communication and Information Technologies Trade Inc. ("we", "us", "our") process your personal data in line with the Turkish Personal Data Protection Law (KVKK – Law No. 6698) and, where applicable, the EU General Data Protection Regulation (GDPR). It applies to our website, portal, and related services.

We act as data controller for the personal data we collect and process in connection with our services. We are committed to transparency, lawfulness, and your rights under KVKK and GDPR.

2. Data controller and contact

The data controller responsible for the processing described in this notice is: SMT Communication and Information Technologies Trade Inc., Merdivenköy Mh. Nur Sk. No:1/1 K:12 D:115 Kadıköy İstanbul / Türkiye. You can reach us at info@kidssafebrowser.com for any request related to your personal data, including access, rectification, erasure, restriction, portability, objection, or withdrawal of consent. For GDPR-related inquiries from data subjects in the EEA, you may also have the right to lodge a complaint with a supervisory authority in your country of residence.

3. Legal basis for processing

We process personal data only where we have a valid legal basis:

  • Performance of a contract: to provide the services you have subscribed to (account, parental control, child profiles, subscriptions).
  • Legitimate interests: to operate and secure our systems, prevent fraud, improve our services, and communicate with you about your account, where such interests are not overridden by your rights.
  • Consent: where we ask for your explicit consent (e.g. marketing, non-essential cookies, or, where required by law, processing of children's data). You may withdraw consent at any time.
  • Legal obligation: to comply with applicable laws (e.g. tax, consumer, data protection).

Under KVKK, processing may also be based on the grounds set out in Articles 5 and 6 of Law No. 6698 (e.g. explicit consent, contract, legal obligation, legitimate interest where permitted).

4. Categories of personal data we process

We may collect and process the following categories of personal data:

  • Account and identity data: name, email address, username, password (stored in hashed form), and any other details you provide when registering or managing your account.
  • Child profile data: first name, age group, gender, profile photo (if uploaded), and access code, where the parent creates a safe profile for a child. This data is used only to deliver the child-facing features and parental controls.
  • Transaction and subscription data: payment-related information (handled by our payment providers), subscription plan, purchase history, and billing details as necessary for contract performance and legal obligations.
  • Communication and support data: messages you send via contact forms or support channels, and our responses, for the purpose of handling your requests and improving our service.
  • Technical and usage data: IP address, browser type, device information, log data, and general usage information necessary for security, troubleshooting, and improving our platform. We may use cookies and similar technologies as described in our Privacy Policy.
  • Chat and in-app content: where the child uses the chat or other interactive features, message content and related metadata may be stored to provide the service and, where applicable, for parental oversight and safety.

5. Purposes of processing

We use the data listed above to:

  • Create and manage your account and authenticate you.
  • Provide parental control and child-safe browsing features, including child profiles, education and resource links, chat, schedules, and converters.
  • Process subscriptions, payments, and renewals and comply with tax and consumer law.
  • Respond to your enquiries and provide customer support.
  • Secure our systems, prevent fraud and abuse, and enforce our terms.
  • Improve our services, analyse usage (where permitted), and fix technical issues.
  • Comply with legal, regulatory, and data protection obligations (KVKK, GDPR, and others).

6. Retention periods

We keep your personal data only for as long as necessary to fulfil the purposes above or to comply with legal retention requirements. In general:

  • Account and profile data: for the duration of your account plus a reasonable period after closure for legal and support purposes, unless you request earlier erasure and we have no overriding obligation to retain.
  • Transaction and billing data: as required by tax and commercial law (typically several years).
  • Support and communication data: for the time needed to resolve your request and for a limited period thereafter for quality and legal purposes.
  • Logs and technical data: for a limited period necessary for security and troubleshooting, unless longer retention is required by law.

After the retention period, we delete or anonymise the data so that it no longer identifies you.

7. Your rights (KVKK and GDPR)

Under KVKK (Law No. 6698) and, where applicable, the GDPR, you may have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation as to whether we process your data and to receive a copy of your personal data.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to request deletion of your data where there is no compelling reason to continue processing (subject to legal exceptions).
  • Right to restriction: to request that we limit the processing of your data in certain circumstances.
  • Right to data portability: where processing is based on contract or consent and is carried out by automated means, to receive your data in a structured, commonly used format and to transmit it to another controller where technically feasible (GDPR).
  • Right to object: to object to processing based on legitimate interests or to processing for direct marketing; we will cease unless we demonstrate compelling legitimate grounds (GDPR / KVKK where applicable).
  • Withdrawal of consent: where processing is based on consent, you may withdraw it at any time; withdrawal does not affect the lawfulness of processing before withdrawal.
  • Right to lodge a complaint: you may lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) or, in the EEA, with a supervisory authority in your country (GDPR).

To exercise any of these rights, please contact us at info@kidssafebrowser.com. We will respond within the time limits set by applicable law (e.g. 30 days under KVKK; one month under GDPR, extendable where necessary).

8. International transfers

Your data is primarily processed and stored within Turkey. If we transfer personal data to countries outside Turkey or the European Economic Area, we will ensure that appropriate safeguards are in place (e.g. adequacy decision, standard contractual clauses, or other mechanisms recognised by KVKK and GDPR) so that your data remains protected.

9. Security measures

We implement technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include access controls, encryption where appropriate, secure development practices, and staff training. We review and update our security measures regularly. No system can be guaranteed completely secure; we encourage you to use a strong password and to keep your login details confidential.

10. Children's data

Our service is designed for use by parents and their children. Child profile data (e.g. name, age group, photo) is provided by the parent or guardian and is processed to deliver the child-safe features. Where the law requires consent for processing children's data (e.g. under GDPR for children below a certain age), we rely on parental consent. Parents may at any time request access to, correction or deletion of their child's data by contacting us. We do not knowingly collect personal data from children without parental involvement.

11. Updates to this notice

We may update this KVKK/GDPR notice from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top will be revised accordingly. We encourage you to review this page periodically. Where required by law, we will notify you of material changes or seek your consent.

12. Contact

For any questions or requests regarding this notice or your personal data, please contact: SMT Communication and Information Technologies Trade Inc., Merdivenköy Mh. Nur Sk. No:1/1 K:12 D:115 Kadıköy İstanbul / Türkiye; email: info@kidssafebrowser.com. We will process your request in accordance with KVKK and, where applicable, GDPR.