This Data Security and Service Policy applies to all application, administration, and platform components operated within the infrastructure of the Gocust platform.
1. Data Protection and Data Hosting
Gocust is committed to protecting personal data and ensuring the confidentiality, integrity, and security of all data processed within its systems. This policy covers the protection of personal data, commercial data, and any data subject to confidentiality obligations, including but not limited to employee and service provider information.
Separate confidentiality agreements are executed with employees and service providers where required.
These measures are designed to mitigate risks including, but not limited to:
- Privacy Breaches: Unauthorized or improper disclosure of information
- Lack of User Choice: Individuals must be able to make informed and voluntary decisions regarding how their data is used
- Reputational Damage: Unauthorized access to confidential data may cause significant harm to the company
- Unauthorized Access: Access to confidential data is restricted strictly to individuals who require such access for business purposes
Confidential information must not be shared through unofficial channels. Any perceived need to access confidential data must be reported to authorized management personnel. Strong passwords must be used at all times and must not be shared with any third party.
Personal data must not be disclosed to unauthorized individuals, whether inside or outside the organization.
2. Security Principles
Gocust maintains and enforces information technology (IT) security principles and practices as an integral part of its operations. These principles are mandatory for all personnel and are actively monitored and enforced. Gocust reviews its IT security policies at least annually and implements reasonable and appropriate technical and organizational measures to protect data processed within its cloud
services.
3. Service Integrity and Change Management
Gocust supports policies and procedures designed to manage risks associated with changes made to its cloud services.
Any changes to cloud services prior to implementation must be documented and include:
- The reason and description of the change
- Affected systems, networks, and core components
- Management and approval details
- Implementation timeline
- Potential impact on cloud services
- Rollback and recovery plans
- Approval and signature of an authorized individual
Gocust maintains an inventory of its IT assets used in the provision of cloud services and continuously monitors the functionality and availability of core service components.
4. Security Controls and Updates
Gocust implements measures designed to evaluate, test, and deploy security enhancements and updates for cloud services and related systems, networks, applications, and infrastructure components.
Security advisories and enhancements are assessed based on documented risk and impact assessment procedures prior to deployment. Any changes related to security advisory components are subject to Gocust’s internal management and approval policies
Compliance Statement
This policy is designed to comply with applicable data protection regulations, including the Turkish Law on the Protection of Personal Data (Law No. 6698), and aligns with the data security and transparency requirements of Google, Apple iOS, and Android platforms.