Privacy Policy - Thoplam

1. Scope & Roles

This Privacy Policy applies to www.thoplam.com, related subdomains, customer portals, and services (collectively, the “Services”). “Thoplam”, “we”, “us”, or “our” acts as a data controller for personal data we collect directly from you, and as a data processor where we process personal data on behalf of our customers under a separate agreement.

If you are using our Services on behalf of an organization, that organization controls its own data inputs. In those cases, our processing is governed by our contract with that organization (e.g., Data Processing Addendum, if applicable).

2. Data We Collect

Information you provide. Account details (name, company, billing address, VAT/TIN if applicable), contact details (email, phone), authentication credentials, support tickets, forms, and any content you upload to the Services.

Automatically collected data. Device and usage data such as IP address, browser type, operating system, referring pages, pages visited, timestamps, language preferences; log data from infrastructure interactions (e.g., server events, API usage, error logs) to ensure security and service quality.

Payment data. We use payment processors; card details are handled by them and are not stored on our systems (we receive limited metadata such as transaction IDs and status).

Third-party data. We may receive information from partners or service providers (e.g., fraud prevention, analytics) in accordance with applicable law.

3. How We Use Your Data (Purposes & Legal Bases)

We use personal data to:

• Provide & maintain Services (create/manage accounts, provision servers, process payments, deliver support). Legal basis: contract performance; legitimate interests.
• Secure & monitor infrastructure (fraud/abuse detection, DDoS mitigation, troubleshooting, auditing). Legal basis: legitimate interests; legal obligations.
• Communicate about service notices, changes, incidents, and policy updates. Legal basis: contract performance; legal obligations; legitimate interests.
• Improve our Services (analytics, quality assurance, feature development). Legal basis: legitimate interests; consent where required.
• Marketing (with your consent where required by law): newsletters, promotions, and campaigns; you can opt out anytime. Legal basis: consent; legitimate interests where allowed.
• Compliance with applicable laws, court orders, and enforce our agreements. Legal basis: legal obligations; legitimate interests.

4. Cookies & Similar Technologies

We use cookies, pixels, and similar technologies to operate and improve the site. Categories may include:

• Strictly necessary (session management, security, load balancing).
• Preferences (language, region, UI settings).
• Analytics (site performance, usage patterns).
• Marketing (subject to consent where required).

You can manage cookies via your browser settings and, where available, our cookie banner/preferences center. Disabling certain cookies may affect site functionality.

5. Sharing & Recipients

We may share personal data with:

• Service providers / processors (e.g., data center/colocation, network, DDoS protection, billing/payment, CRM, analytics, email delivery, support tools) under appropriate contracts and safeguards.
• Affiliates for internal business purposes consistent with this Policy.
• Authorities when required by law or to protect rights, property, or safety.
• Business transfers in connection with a merger, acquisition, or asset sale, subject to this Policy’s protections.

We do not sell personal data. We do not permit our processors to use data for their own purposes.

6. International Transfers

Your data may be processed in countries outside your residence. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions, supplementary measures) to protect your information.

7. Security

We employ technical and organizational measures appropriate to risk, including network segmentation, access controls, encryption in transit where applicable, logging/monitoring, and vendor due diligence. No method of transmission or storage is 100% secure; you are responsible for maintaining the confidentiality of your credentials and implementing reasonable security on assets you control.

8. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category and legal/regulatory requirements.

9. Your Rights

Depending on your location, you may have rights to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time (without affecting prior lawful processing). You may also have the right to lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at info@thoplam.com. We may need to verify your identity before responding.

10. Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can take appropriate action.

11. Changes to This Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Effective Date.” Material changes may be additionally communicated via email or in-product notice.

12. Contact Us

Thoplam
Istanbul, Türkiye
info@thoplam.com