Privacy Policy

Zyrix Global Teknoloji A.Ş. is the data controller responsible for your personal data.

Registered Address: Yeşilköy, Atatürk Cad, EGS Business Park, 12/79, 34149 Bakırköy/İstanbul, Türkiye

Email: privacy@zyrix.co

Phone: +90 545 221 0888

Zyrix is registered with the Turkish Personal Data Protection Authority (KVKK) as a data controller. For users in Saudi Arabia, UAE, Qatar, and Kuwait, Zyrix complies with applicable local data protection regulations including the Saudi PDPL.

We collect the following categories of personal data:

**Identity Data:** Full name, national ID number (where required for KYC/KYB), date of birth, nationality.

**Contact Data:** Email address, phone number, postal address.

**Business Data:** Company name, commercial registration number, tax identification number, authorized signatory details.

**Financial Data:** Bank account details, transaction history, settlement records, wallet addresses (for crypto transactions).

**Technical Data:** IP address, browser type, device identifiers, cookies, and usage logs.

**Communication Data:** Messages sent through our contact forms, support tickets, and WhatsApp.

We process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide our payment gateway services and fulfill our contractual obligations.

• Legal obligation: Processing required to comply with anti-money laundering (AML), counter-terrorism financing (CTF), KYC/KYB regulations, and tax laws in Turkey, Saudi Arabia, UAE, Qatar, and Kuwait.

• Legitimate interests: Fraud prevention, security monitoring, improving our services, and analytics.

• Consent: Where we rely on consent (e.g., marketing communications), you may withdraw it at any time.

We use your personal data to:

• Create and manage your merchant account

• Process payments, settlements, and refunds

• Conduct KYC/KYB identity verification

• Comply with AML/CFT legal obligations

• Detect and prevent fraud and unauthorized transactions

• Send transaction notifications and service updates

• Provide customer support

• Improve our platform and services

• Comply with regulatory reporting requirements

We may share your personal data with:

• Payment processors and banking partners to facilitate transaction settlement

• KYC/KYB verification providers for identity verification

• Regulatory authorities in Turkey (MASAK, BDDK), Saudi Arabia (SAMA), UAE (CBUAE), and other applicable jurisdictions when required by law

• Cloud infrastructure providers (data stored in EU/Turkey-region servers compliant with GDPR and KVKK)

• Fraud prevention services for risk management

We do not sell your personal data to third parties. We do not share your data with advertisers.

Your data may be processed in Turkey, the European Economic Area (EEA), and the GCC region. All transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) under GDPR, and are conducted in compliance with KVKK Article 9 requirements for cross-border data transfers.

We retain your personal data for the following periods:

• Transaction records: 10 years (required by Turkish tax law and MASAK AML regulations)

• KYC/KYB documents: 5 years after account closure (AML/CTF compliance)

• Communication records: 3 years

• Technical logs: 2 years

After retention periods expire, data is securely deleted or anonymized.

Depending on your jurisdiction, you have the following rights:

• Right to access: Request a copy of your personal data

• Right to rectification: Correct inaccurate or incomplete data

• Right to erasure: Request deletion of your data (subject to legal retention obligations)

• Right to restriction: Limit how we process your data

• Right to data portability: Receive your data in a structured, machine-readable format

• Right to object: Object to processing based on legitimate interests

• Right to withdraw consent: For consent-based processing

To exercise your rights, contact us at privacy@zyrix.co. We will respond within 30 days. Users in Turkey may also apply to the Turkish Personal Data Protection Board (KVKK Kurulu).

We use the following types of cookies:

• Strictly necessary cookies: Required for the website to function (session management, security)

• Analytics cookies: Google Analytics to understand how visitors use our site (requires consent)

• Marketing cookies: Not used — Zyrix products are ad-free

You can manage cookie preferences through our cookie consent banner or your browser settings.

We implement industry-standard security measures including AES-256 encryption for stored data, TLS 1.3 for data in transit, PCI DSS certified infrastructure, multi-factor authentication, regular security audits, and 24/7 security monitoring. We are SOC 2 Type II compliant.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@zyrix.co.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect. Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related questions or complaints:

Email: privacy@zyrix.co

Address: Zyrix Global Teknoloji A.Ş., EGS Business Park 12/79, Bakırköy, İstanbul, Türkiye

If you are not satisfied with our response, you may lodge a complaint with:

• Turkey: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr

• Saudi Arabia: National Data Management Office (NDMO)

• UAE: UAE Data Office