Privacy Policy

Privacy Policy & GDPR/KVKK Notice

Sighthem processes personal data as a data controller under KVKK (Turkish Personal Data Protection Law No. 6698) and other applicable regulations.

1. Data Controller

Ali Yıldırım, Sighthem
info@sighthem.com
https://sighthem.com

2. Personal Data Processed

  • Identity data: Name, email, phone (for trial verification)
  • Account data: Password (hashed), workspace ID, role
  • Customer/lead data: CRM data entered by the user (processed as data processor)
  • Transaction data: Billing info, payment references (third-party payment service)
  • Technical data: IP address, browser, device fingerprint (abuse protection)

3. Processing Purposes

  • Service provision and account management
  • Invoicing, collection, accounting obligations
  • Abuse, fraud, and malicious traffic detection
  • Service improvement and technical support
  • Compliance with legal obligations

4. Legal Basis

  • Performance of contract (KVKK Art. 5/2-c)
  • Legal obligation (KVKK Art. 5/2-ç)
  • Legitimate interest (KVKK Art. 5/2-f), abuse protection
  • Explicit consent (for marketing communications)

5. Data Transfer

Your personal data is shared with the following service providers only as necessary for service delivery:

  • Licensed payment institution, payment processing, card tokenization
  • Offshore hosting provider, EU region (Germany) server infrastructure
  • SMS operator, OTP and verification SMS
  • CDN & bot protection provider, traffic security and acceleration
  • Email verification provider, pre-send address validity checks
  • Email integration services (OAuth), Email sending integration via Gmail / Workspace and Microsoft 365 account connections (optional, US-based providers)
  • Bulk email delivery infrastructure, EU region (Germany) servers for campaign delivery
  • AI services, AI drafting and analysis features; activated with user consent (US-based providers)

The current list of service providers is shared upon legitimate request at info@sighthem.com.

Cross-border transfers are conducted under KVKK Art. 9, based on standard contractual clauses or explicit consent.

6. Retention Period

  • Account data: until account closure + 10 years (tax regulation)
  • Invoice/payment records: 10 years (Turkish Tax Procedure Law)
  • Abuse/security logs: 180 days
  • Trial phone hashes: indefinite (to prevent reuse)

7. Your Rights (KVKK Art. 11)

  • Learn whether your data is processed
  • Request information on processing
  • Learn the purpose and whether it is used accordingly
  • Request correction if incomplete/inaccurate
  • Request deletion or destruction
  • Object to processing
  • Claim damages in case of harm

Submit your requests to info@sighthem.com. Responses within 30 days.

8. Cookies

Sighthem uses only essential cookies for session management and security. No third-party tracking cookies are used.

9. Security

  • All traffic is encrypted over TLS 1.2+.
  • Passwords are one-way hashed with bcrypt.
  • Database access is role-based and audited.
  • Payment data is not stored on Sighthem servers; it is tokenized at a PCI DSS-compliant third-party payment service.

10. Email Tracking & Unsubscribe

Emails sent via a connected mailbox (Gmail / Microsoft 365) through Sighthem may include the following technical elements for service quality and user reporting:

  • Open tracking (1×1 pixel): A transparent image embedded at the end of the HTML body; its load is reported to the sender only as an open timestamp and generic device info, message content is not analyzed.
  • Click tracking: Links in the email pass through a redirect endpoint; your original destination URL is preserved, only the click event is logged.
  • Unsubscribe (opt-out): Each email contains an in-footer "unsubscribe" link plus the RFC 8058 List-Unsubscribe header. Recipients who click the link or use the header are added to that workspace's suppression list; no further emails are sent from that workspace.
  • Scope: Tracking data is visible only to the relevant workspace administrator for reporting; it is not shared with third parties and not used for advertising profiling.
  • Disabling: A workspace admin can disable tracking entirely depending on plan; emails will then be sent without the footer or the unsubscribe link.

KVKK / GDPR compliance: recipients may exercise opt-out at any time; suppression-list entries are workspace-scoped and audit-logged.

11. Google API Limited Use Policy

Sighthem uses Google APIs to allow users to connect their Gmail and Google Workspace accounts. This access is used solely to send emails on the user's behalf; it is not processed for ad targeting, sold to third parties, or read by Sighthem employees.

Limited Use Disclosure: Sighthem's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Google API Services User Data Policy →
  • Google OAuth access is optional; users can disconnect at any time.
  • Data received from the Gmail API is not used outside the scope of the service.
  • OAuth tokens are stored encrypted and used only at the time of sending.

Last updated: April 29, 2026