Legal Policies & Terms | STRASYS® & Fatih Cakir

‍

- This document outlines the legal policies for the use of the STRASYS® Organizational Intelligence Platform (“the Platform”) and any related professional services (“the Services”) provided by STRASYS Global. By using our website, subscribing to the Platform, or engaging our Services, you agree to the terms outlined below.
- 1️⃣ Privacy Policy
- 2️⃣ Data Processing & Security Policy
- 3️⃣ Cookie Policy
- 4️⃣ Terms of Service
- 5️⃣ Service Level Agreement (SLA)
- 6️⃣ Refund & Cancellation Policy
- 7️⃣ Disclaimer & Limitation of Liability
- 8️⃣ Master Service Agreement (MSA) & Order Form
- Effective Date: September 15, 2025
- ‍Website: www.strasysglobal.com
- Contact: fatih@strasysglobal.com

POLICIES :

1. STRASYS® Privacy Policy

1. Introduction

This Privacy Policy explains how STRASYS® (“we,” “our,” “us”) collects, uses, stores, and protects personal data across:

Web application (app.strasysglobal.com), which hosts the STRASYS® Platform
Official website (www.strasysglobal.com), which provides corporate information, demo requests, and links to the Platform and App Stores
Mobile applications published on Apple App Store (iOS) and Google Play Store (Android)
Integrated services such as the Aidbase support bot, ticketing, Google Meet scheduling, CTA email links, LinkedIn redirects, and in-app purchase integrations (Google/Apple IAP, bank transfer for enterprise contracts).

It complies with General Data Protection Regulation (GDPR – EU/EEA), Personal Data Protection Act (PDPA – Singapore & Malaysia), and Turkish Personal Data Protection Law (KVKK).

‍

2. Data We Collect

User-Provided Data:
Name, surname, email, phone number, company details, department, role, PDP records, performance data, EQ Mirror responses, training assignments, billing and payment details.
Platform Usage Data:
Interactions with the Platform, feature usage, performance metrics, anonymized analytics.
Technical Data:
IP address, device/browser type, login timestamps, crash reports (via Firebase), session cookies.
Support & Communication Data:
Emails and support tickets, data provided via Aidbase bot, Google Meet scheduling info (limited to name/email for call organization).
Third-Party Payment Data:
Processed directly by Google Play, Apple App Store, or Garanti POS/bank transfer. We do not store card numbers or sensitive payment details.
Optional Marketing Data:
Only if you explicitly opt-in (e.g., newsletters).

3. Purpose of Processing

We process personal data for the following purposes:

Provide and operate STRASYS® services.
Manage accounts, role-based access (RBAC), and organizational structures.
Process transactions and deliver invoices.
Provide support, schedule calls, and respond to inquiries.
Improve services through analytics and performance monitoring.
Ensure platform security, fraud prevention, and compliance.
Fulfill legal obligations (tax, regulatory, data retention).

4. Legal Basis for Processing

GDPR: Consent, performance of contract, legal obligation, legitimate interest.
PDPA/KVKK: Explicit consent, contractual necessity, compliance with legal duties.

5. Data Security & Storage

Data is hosted on Google Firebase (Google Cloud) with encryption in transit and at rest.
Role-Based Access Control (RBAC) limits data access strictly to authorized personnel.
Audit trails track system changes.
Additional safeguards: Microsoft Azure login, Google login, and access monitoring.

6. Data Retention

User accounts: kept until deletion request or contract termination.
Financial/transactional records: retained minimum 5 years (per Turkish and EU law), or longer if required by local law.
Support/ticketing data: max 24 months after resolution.
Call scheduling data (Google Meet): used only for organizing meetings, deleted after use.

7. Third-Party Sharing

We do not sell personal data. Data is shared only with essential service providers under confidentiality agreements:

Firebase (Google Cloud) – hosting, database, crash analytics.
Google Analytics & Tag Manager – anonymized traffic statistics.
Microsoft Azure & Google OAuth – authentication.
Aidbase – support/ticketing.
Payment Providers – Google/Apple IAP, Garanti POS.

All providers are GDPR/PDPA/KVKK-compliant.

‍

8. International Data Transfers

Data may be transferred outside your jurisdiction. Safeguards include:

GDPR (EU/EEA users): Transfers outside the EU/EEA are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses ensure that personal data leaving the EU/EEA will continue to benefit from an adequate level of protection.
PDPA (Singapore/Malaysia users): Transfers are made only where comparable safeguards are in place to ensure continued protection of personal data. STRASYS® ensures that any overseas recipient of personal data is subject to legally enforceable obligations that provide a standard of protection comparable to the PDPA.
KVKK (Turkish users): Personal data may be transferred abroad (e.g., to Google Firebase servers located in the US/EU). Such transfers are carried out with the explicit consent of the user in accordance with KVKK Article 9. STRASYS® commits to obtaining and recording this consent during onboarding or subscription flow.
Consent Requirement for Turkish Users (KVKK):
For users located in Türkiye, personal data may be transferred abroad (e.g., to Google Firebase servers in the US/EU). In compliance with KVKK, a Consent Form will appear during onboarding or subscription, and users will be required to provide explicit approval before continuing to use the STRASYS® Platform.
All consent responses are digitally recorded (including user ID, timestamp, and consent version) and securely stored in STRASYS® systems as proof of compliance.

‍Consent Form Text (Dual-Language):

English:
I consent to the transfer of my personal data abroad (e.g., Google Firebase servers in the US/EU) as described in the Privacy Policy and Data Processing & Security Policy.

Türkçe:
Kişisel verilerimin yurtdışına (ör. ABD/AB’deki Google Firebase sunucuları) aktarılmasına, Gizlilik Politikası ve Veri İşleme & Güvenlik Politikası kapsamında açık rıza veriyorum.

[ I Consent / Onaylıyorum ]

‍

9. Data Subject Rights

Users may request at any time:

Access to their data
Correction of inaccuracies
Deletion (“right to be forgotten”)
Restriction of processing
Data portability (where applicable)

Requests should be sent to care@strasysglobal.com. Confirmed requests are executed within 24 hours and users are notified by email.

‍

10. Children’s Privacy

STRASYS® is intended for business use only and is not directed to individuals under 18. We do not knowingly collect data from minors.

‍

11. Updates to this Policy

This Privacy Policy may be updated to reflect legal, technical, or business changes. The latest version is always available at www.strasysglobal.com/company-policies.

‍

12. Contact Information

Provider: Fatih Çakır, trading as MEA TIC & Leadership Consultancy
Registered Office: 15 Temmuz Mah., Gulbahar Cd., Nurol Park Sitesi, C1 Blok, Daire 149, Bağcılar / Istanbul, Türkiye
Tel: +90 538 626 7888
Email: care@strasysglobal.com

‍

13. STRASYS® Atlas GPT

STRASYS® Atlas GPT is an AI-powered knowledge assistant integrated into the Platform and support services.
Data Processing: Conversations and uploaded files are processed in real time to generate responses. Data is not permanently stored by STRASYS®; interactions are session-based.
Third-Party AI Processing: The assistant runs on OpenAI’s infrastructure, which applies industry-standard security and compliance controls.
User Responsibility: Users must avoid entering sensitive personal information (such as national ID numbers, medical data, or financial credentials) into Atlas GPT.
No Profiling: Atlas GPT is used solely for providing knowledge assistance and support. No automated decision-making or profiling is conducted.

2. STRASYS® Data Processing & Security Policy

1. Purpose & Scope

This Data Processing & Security Policy explains how STRASYS® processes, secures, and manages personal data in line with GDPR, PDPA, and KVKK. It applies to:

Web Application (app.strasysglobal.com)
Official Website (www.strasysglobal.com)
Mobile Applications (Apple App Store & Google Play)
Integrated services (Aidbase bot, ticketing, SSO, payments).

2. Data Processing Roles

Client = Data Controller (defines purpose and means of processing).
STRASYS® / Provider = Data Processor (processes data only to deliver services).
Third-party providers act as Subprocessors.

3. Technical Infrastructure

Hosting & Database: Google Firebase (Google Cloud)
Authentication: Firebase Auth, Microsoft Azure AD, Google OAuth
Analytics: Google Analytics & Tag Manager (anonymized where possible)
Support: Aidbase AI bot & ticketing system
Payments: Google/Apple IAP, Garanti POS, bank transfers (enterprise)

4. Security Controls

Primary Security Layer (Google Firebase/Cloud):
STRASYS® is hosted directly on Google Firebase, inheriting Google Cloud’s enterprise-grade security protocols, including:
- Global data center security
- DDoS protection
- Network isolation
- TLS/SSL encryption in transit and AES encryption at rest
- Continuous vulnerability monitoring and patching
Supplementary Security Layer (STRASYS® Developer Protocols):
In addition to Firebase’s baseline security, STRASYS® applies custom-developed security mechanisms, including:
- RBAC (Role-Based Access Control): Proprietary engine enforcing granular permissions, role matrix, and designation mappings
- Audit Trail Export: All critical data changes logged and exportable upon request
- Access Monitoring: Additional checks against suspicious login attempts and compromised credentials
- Least Privilege Principle: Internal staff access strictly limited to support purposes
- Vulnerability Management: Regular patching, monitoring, and best-practice application security measures
- Configuration Policies: Client-specific role definitions, designation mappings, and access rules enforced at the application level
- Session Management Enhancements: Timeouts and validation controls beyond Firebase defaults

This dual-layer approach ensures STRASYS® benefits from Google’s global infrastructure while applying customized protections at the application level.

‍

5. Data Retention & Deletion

User Accounts: Retained until deletion request or contract termination
Financial Records: Retained minimum 5 years (per Turkish/EU law)
Support Data: Retained up to 24 months after resolution
Meeting Data (Google Meet): Used solely for scheduling, deleted after use
Deletion Requests: Processed via care@strasysglobal.com → executed within 24h with confirmation email

6. Subprocessors

We work only with GDPR/PDPA/KVKK-compliant providers, including:

Google LLC (Firebase, Analytics, Cloud)
Microsoft Corporation (Azure authentication)
Aidbase (support/ticketing)
Apple Inc. (App Store IAP)
Google LLC (Google Play IAP)
Garanti Bankası (Enterprise wire transactions)

All subprocessors are bound by strict confidentiality and data protection agreements.

‍

7. International Data Transfers

EU/EEA (GDPR): STRASYS® applies Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the European Economic Area. These safeguards ensure that EU users’ data continues to be protected when processed abroad.
Singapore/Malaysia (PDPA): Transfers comply with PDPA requirements. STRASYS® ensures that transfers are made only where a comparable level of protection is guaranteed, either through legally binding instruments or contractual safeguards.
Türkiye (KVKK): Data may be transferred abroad (e.g., to Google Firebase servers in the US/EU). Under KVKK Article 9, such transfers require explicit user consent.

Consent Workflow (KVKK):

A Consent Form will appear for Turkish users upon first login or subscription.
Users must explicitly approve (“I Consent / Onaylıyorum”) before being granted access to the STRASYS® Platform.
The consent text is presented in both English and Turkish to ensure clarity:

English:
I consent to the transfer of my personal data abroad (e.g., Google Firebase servers in the US/EU) as described in the Privacy Policy and Data Processing & Security Policy.

[ I Consent / Onaylıyorum ]

Each consent response (user ID, timestamp, and consent version) is digitally logged and stored in Firebase as proof of compliance with KVKK Article 9.

8. Incident & Breach Management

Any confirmed Personal Data Breach will be notified to Clients without undue delay
Users and regulators will be informed where legally required
Mitigation measures (e.g., access reset, isolation, patching) applied immediately

9. Compliance & Validation

Core Functions validated by STRASYS® (authentication, RBAC, encryption, audit trail)
Custom Configurations validated by Clients (skills, KPIs, workflows)
STRASYS® aligns with ISO 27001 principles in practice through Google Cloud/Firebase standards

10. Contact for Data Processing Issues

All data processing/security concerns should be directed to:
care@strasysglobal.com

‍

3.STRASYS® Cookie Policy

Introduction

This Cookie Policy explains how STRASYS® uses cookies and similar technologies across:

The official website (www.strasysglobal.com)
The web application (app.strasysglobal.com)
Related online services (e.g., demo requests, call scheduling, pricing and purchase links).

This Policy is aligned with GDPR (EU/EEA), PDPA (Singapore/Malaysia), and KVKK (Türkiye) requirements.

2. What Are Cookies?

Cookies are small text files placed on your device when you visit a website or use an application. They allow the system to recognize your device, store preferences, and improve user experience.

Cookies may be:

Session cookies – deleted when you close your browser.
Persistent cookies – stored until they expire or are deleted.

3. Types of Cookies We Use

Strictly Necessary Cookies (Essential):
These cookies are required for the operation of our website and web application. They enable functions like navigation, login sessions, and security. They cannot be disabled.
Functional Cookies:
These cookies allow certain optional features to work, such as Google Meet call scheduling or maintaining your language preferences.
Analytics Cookies (Optional):
We use Google Analytics and Google Tag Manager to understand how visitors use our site and application (e.g., traffic volumes, page popularity). These cookies help us improve services. Analytics cookies are only set if you provide consent via the cookie banner.
No Marketing/Advertising Cookies:
STRASYS® does not use marketing or third-party advertising cookies.

4. Cookie Consent (Banner)

When you first visit our website or web application, a cookie banner will appear:

You may accept all cookies,
Reject non-essential cookies, or
Manage preferences (choose which optional cookies to allow).

Strictly necessary cookies will always remain active, while functional and analytics cookies require your consent.

5. Managing Cookies

You can manage or delete cookies through your browser settings at any time. Please note that disabling strictly necessary cookies may affect the functionality of the STRASYS® Platform.

Instructions for common browsers:

6. Compliance Statements

GDPR: Optional cookies are only set after explicit consent.
PDPA: Comparable safeguards are applied, and consent is required for non-essential cookies.
KVKK: Users are informed and consent is obtained before analytics or functional cookies are activated.

7. Updates to This Policy

We may update this Cookie Policy to reflect legal, technical, or business changes. The latest version is always available at www.strasysglobal.com/company-policies.

‍

4.STRASYS® Terms of Service

Introduction

These Terms of Service (“Terms”) govern your use of the STRASYS® Platform, including:

Web application (app.strasysglobal.com)
Mobile applications (Apple App Store – iOS / Google Play Store – Android)
Official website (www.strasysglobal.com)

By using STRASYS®, you agree to these Terms. If you do not agree, you may not use the Platform.

‍

2. User License

Upon subscription, STRASYS Global grants you a limited, non-exclusive, non-transferable, revocable license to use the STRASYS® Platform solely for your internal business purposes, subject to your chosen plan.

‍

3. Subscription Model & Payments

Individual and Small Teams (5–40 users):
Subscriptions must be purchased directly via the Apple App Store (iOS) or Google Play Store (Android) using in-app purchases (IAP).
Enterprise (40+ users):
Larger organizations must enter into an Enterprise Agreement (Master Service Agreement, “MSA”) with STRASYS®. Payments are made via bank transfer under separately agreed contractual terms.
Refunds & Cancellations:
Governed by the Refund & Cancellation Policy.

4. Acceptable Use

You agree not to misuse the Platform or help others to do so. Prohibited actions include, but are not limited to:

Violating any applicable laws or regulations
Infringing on intellectual property rights
Distributing malware, spam, or unauthorized access attempts
Reverse-engineering, copying, or redistributing any part of the Platform without written consent

5. User Responsibilities & Data Ownership

You are solely responsible for the accuracy and legality of all data you input into STRASYS®.
You retain full ownership of your data.
STRASYS® will not access or use your data except:
- To provide support or maintenance
- To resolve technical issues upon your request
- To comply with legal obligations

6. Ancillary Professional Services

‍

From time to time, STRASYS® may offer leadership coaching, consulting, or training services. Such services are subject to a separate Service Agreement outlining scope, deliverables, and fees.

‍

7. Intellectual Property

The STRASYS® Platform, its content, and all underlying technology are the exclusive intellectual property of Fatih Çakır / STRASYS Global.
No rights are granted except those expressly set out in these Terms.
Unauthorized reproduction, modification, or distribution is strictly prohibited.

8. Changes to Terms

‍

STRASYS® may update these Terms at any time. Users will be notified of material changes by email or in-app notification. Continued use of the Platform after changes constitutes acceptance.

‍

9. Termination

STRASYS® may suspend or terminate your access if you breach these Terms.
You may cancel your subscription at any time, subject to the Refund & Cancellation Policy.
Enterprise agreements are governed by the MSA, which prevails in case of conflict.

10. Governing Law & Jurisdiction

These Terms are governed by the laws of the Republic of Türkiye. Any disputes shall be resolved exclusively by the Istanbul Courts and Execution Offices.

‍

5.STRASYS® Service Level Agreement (SLA)

1. Purpose

This SLA defines the service availability, maintenance standards, and support response times for the STRASYS® Platform. It applies to all subscribers unless otherwise agreed in a separate Enterprise Master Service Agreement (MSA).

2. Service Availability

STRASYS® targets a monthly uptime of 99.9% for the Platform.
Availability is measured across all production systems, excluding:
- Scheduled maintenance (with prior notice)
- Emergency maintenance
- Downtime caused by force majeure, third-party providers, or user-side issues

3. Scheduled Maintenance

STRASYS® will notify users at least 48 hours in advance of any scheduled maintenance.
Maintenance will be scheduled during off-peak hours whenever possible.

4. Support Services

Standard Support (App Store / Google Play users): Support is provided via care@strasysglobal.com. Queries are typically responded to within a reasonable time during business hours.
Enterprise Support: Enhanced response times, escalation procedures, and service credits are defined under the customer’s Master Service Agreement (MSA).
In case of conflict, the MSA prevails for enterprise customers.

5. Service Credits

If uptime falls below 99.9% in any given month, affected enterprise customers are entitled to service credits as defined in their MSA.
Service credits do not apply to App Store or Google Play individual subscriptions.

6. SLA Exclusions

This SLA does not apply to:

Issues caused by misuse of the Platform
Outages due to third-party failures beyond STRASYS®’s control (e.g., Firebase, Google, Microsoft, Apple)
Force majeure events

7. Governing Document

For enterprise customers, this SLA is supplemented by the Master Service Agreement (MSA). In the event of conflict, the MSA prevails.

‍

6. STRASYS® Refund & Cancellation Policy

1. Trial Period

STRASYS® offers a 7-day free trial for all new subscriptions purchased through the Apple App Store or Google Play Store.
If the subscription is not cancelled during the trial, the selected plan will automatically begin and billing will apply.

2. App Store / Google Play Subscriptions (5–40 users)

Subscriptions are managed directly via the Apple App Store and Google Play Store.
Users may cancel their subscription at any time through their store account settings.
No refunds are provided for the current billing period.
Access to the STRASYS® Platform remains active until the end of the paid billing cycle, after which the subscription is terminated.
Pro-rata refunds (for unused days within a billing cycle) are not available.

3. Enterprise Subscriptions (40+ users)

Enterprise subscriptions are governed by a separate Master Service Agreement (MSA).
Enterprise contracts are binding for the agreed subscription term.
Early termination by the Client does not entitle the Client to any refund of fees already paid.
Access remains active until the end of the billing period covered by the payment, after which the subscription ends.

4. Exceptions

‍

Refunds are only provided where strictly required by:

Applicable consumer protection laws, or
Apple App Store / Google Play Store refund policies (handled directly by the marketplace).

7.STRASYS® Disclaimer & Limitation of Liability

1. General Disclaimer

The STRASYS® Platform provides leadership intelligence, analytics, and decision-support tools.
While designed to assist organizational management, the Platform does not replace professional legal, financial, or medical advice.
All business, strategic, and personnel decisions made using STRASYS® remain the sole responsibility of the user or client organization.

2. Limitation of Liability

STRASYS® is not liable for:
- Indirect, incidental, punitive, or consequential damages (including but not limited to loss of profit, revenue, goodwill, or data).
- Service interruptions or failures caused by third-party providers (Google Firebase, Microsoft Azure, Apple, Google Play, Aidbase, Garanti Bank, etc.).
- Misuse of the Platform, or user-side technical failures.
To the maximum extent permitted by law, STRASYS®’s aggregate liability for any claim arising from use of the Platform is limited to the total subscription fees paid by the user in the six(6) months preceding the claim.

3. Governing Law & Jurisdiction

These limitations are subject to the laws of the Republic of Türkiye.
Any disputes shall be resolved exclusively by the Istanbul Courts and Execution Offices.

4. Enterprise Clients

For enterprise subscriptions, these disclaimers and limitations apply in conjunction with the Master Service Agreement (MSA).
In the event of conflict, the MSA prevails.

8.Master Service Agreement (MSA) & Order Form

MSA (Full Version): Governs all enterprise subscriptions (40+ users) with detailed provisions (data processing, SLA, liability, compliance). Shared only during enterprise contracting.
Order Form (Light Version of MSA): For clients not requiring the full MSA, STRASYS® offers a simplified contractual document (Order Form) covering subscription scope, term, and payment. This Order Form incorporates by reference the public Company Policies (Privacy, SLA, Refund, Liability).

📩 Both the full MSA and the simplified Order Form are available to enterprise clients upon request at care@strasysglobal.com.

‍