CODEBEFORE INFORMATION SECURITY MAIN POLICY

As a company operating in the IT sector, in order to identify and manage all kinds of risks to our business continuity and information assets;
Documentation, certification and continuous improvement of our information security management system to meet the requirements of the ISO 26001:2013 standard,
Complying with all legal regulations and contracts related to information security,
Systematic management of risks to information assets,
Carrying out trainings to develop technical and behavioral competencies in order to increase information security awareness
Ensuring the uninterrupted continuation of our basic and supporting business activities,
Ensuring that the information is accessible only to authorized persons and that the duties are segregated,
Increasing training activities, providing all our employees with the necessary training opportunities related to ISMS and supporting the necessary human resources for the subject
We work with all our strength to become an exemplary organization with our level of information security in our sector by effectively managing our activities to improve corporate reputation and protect it from negative effects based on information security.

OUR ISMS SUPPORT POLICIES

1. PASSWORD USE POLICY
1.1 Password generation rules (general)
a. Passwords must be at least 6 characters long and at least 3 of these characters must be numbers.
b. Must contain at least three of the following characters;
c. Capital letters (eg ABCDEF…)
D. Lowercase, (eg, abcdef …)
to. Number, (ex: 1234566890)
f. Punctuation (eg: !?., etc.)
I. Special characters (Ex: @#$%^&*()_+|~-=\`{}[]:”;'<>/ etc.)
k. Passwords should not be created as follows;
It should not contain personal information (such as family members’ names, dates of birth, phone number or address information)
l. Words or strings of numbers should not be used. (Ex; aaabbbb, qwerty, zyxwvuts, 12345668, 123321, etc.)

1.2. Password generation rules (System)

a.All user accounts have a password.
b. It is ensured that the passwords of new user accounts are defined in accordance with the rules by the user when logging in for the first time.
c. It is ensured that the typed password is not visible on the screen or is masked.
D. User passwords are protected by irreversibly corrupting (for example Hash) where they are stored, thus preventing even the most authorized people from seeing the user password.
to. A record of successful and unsuccessful access to information resources is kept, as well as the date, time and details of the accessed resource.
f. When users leave the systems they have logged in by authenticating (in case the system is left on after logging into the system with a password), it is automatically shut down (locked) after 10 minutes at the latest.
g. Credentials transmitted over public or shared networks are protected by strong encryption methods (SL).
h. Passwords suspected of being learned by others are changed immediately.
I. Critical resources can be accessed with a triple password, so that a single user is not allowed to create a security breach in the system. (for example, records such as access to information sources cannot be accessed by even the most authorized user alone, a committee of 3 of these authorized users can access critical information by entering their own passwords at the same time)

2. INTERNET USE POLICY

a. No user will be able to use the services on the internet through a peer-to-peer connection.
(For example; KaZaA, iMesh, eDonkey, Gnutella, Napster, Aimster, Madster, FastTrak, Audiogalaxy, MFTP, eMule, Overnet, NeoModus, Direct Connect, Asquisition, BearShare, Gnucleus, GTKGnutella, LimeWire, Mactella, Morpheus, Shareaza, XoLoX, OpenNap, WinMX. etc.)

b. ICQ, MIRC, Messenger, etc., except for official calls over the computer-to-computer network. not using chat programs such as messaging and chat programs. Files should not be exchanged through these chat programs.

c. No user will be able to do Multimedia Streaming (Video, mp3 broadcast and communication) over the internet. Since this internet access consumes bandwidth, it creates problems for other users to access data.

D. It is forbidden to browse excessively non-work related sites during working hours.

to. It is forbidden to upload and download (download) high volume files that are not related to work (music, video files) and store them on computers.

f. Internet needs of those who come to visit our company for any reason will be met through a separate allocation line. They will certainly not be included in the main system network.

g. No software can be downloaded from the Internet without the knowledge of the system administrator, and these software cannot be installed on corporate systems.

h. Websites that are contrary to general morality should not be accessed through computers and files should not be accessed.

 

MOBILE APP PRIVACY STATEMENT

The privacy of all our Users is very important to us. When you use our Service as an Application User, we (as the Application Publisher) process your Personal Data. This Privacy Statement explains how we protect and process your Personal Data. We recommend that you read it carefully.
1. What is stated in this Privacy Notice?

The sections in this Privacy Notice inform you about:

Types of Personal Data Processed,
Purposes of processing Personal Data,
Places where Personal Data are processed,
Security measures implemented to protect Personal Data,
Limits of liability for third parties,
View, change and delete your Personal Data,
Changes to this Privacy Statement;
What will you do if you have questions or comments?

2. Types of Personal Data Processed

A. Personal Data used by our Service
We use Anonymous Data to improve our Service. This information will not be made public through the Service.

B. Automatically generated information
Like most other websites and online services, we collect and process automatically generated information about how you use the Application. The information collected includes your ip address and/or unique device ID.

In particular, if you choose to participate, the App may collect your geolocation information. In any case, you can prevent the receipt of your geolocation information in the settings of your mobile device.

If you specifically choose to grant permission to access and collect information from your social network account, your basic personal information (such as your name and email address) in your social network account, as well as the social network user ID (not your password) and parameters related to the posts you share through the App. Please refer to the social network’s privacy policy for more information on how you can set your account’s privacy preferences to control the information that can be accessed and retrieved.

This also happens with automatically generated information about how you use the Application. Such information helps us to better understand how the Application is used and to provide services tailored to your needs as a user.

If you enable user authorization features within the application, the following additional information is stored:

Name,
Email,
phone number (optional);
Additional profile information submitted by an external provider such as Facebook, Twitter, Google+ or LinkedIn.

We also collect the following (unknown) information to inform the app owner about the use of the app:

• The moment you open the application,
• The screens you open in the application and the time you spend on these screens,
• The moment you leave the application.

Note: if user authorization features are enabled, we may associate anonymous information with your information when you log in.

If push notification ads are active in the application, information about BleshSDK that works integrated with the application is presented below.

By means of BleshSDK, users’ notification permission status, bluetooth status information, device information, advertising identifier (IDFA), location, operator, installed application list information are accessed and necessary security measures are taken for the confidentiality of this information.

If the User wishes to save the campaign image sent to him in the photo album, the User’s photo album and camera are accessed and the screenshot is saved in the photo album.

The information is used securely and only for as long as necessary for the purpose of sending instant notifications through the Application to the extent permitted by the User. The information is shared with third parties only for the realization of such purposes, and it is not allowed to publish and disclose information outside of this scope.

 

C. Specific Information
You may be asked to apply with some activities such as loyalty card, newsletters, advertising; In this case, some personal information is requested. This information is stored in the database of our service (including third parties) and will be shared with us.

When you upload data including photos in the app, it will be shared and visible to all other users of the app.
3. Purposes of Processing Personal Data

A. Purposes

Parties process Personal Data for the following purposes:

To enable you to use the Service,
To keep information about our service up to date,
For the improvement and/or customization of the service,
To identify you and/or customize the Service,
To get to know you and prevent fraud,
To provide support,
To transmit your Personal Data to third parties if you request it from us or where we are legally obliged to do so.

B. Transmission of Personal Data to third parties
Personal Data without your prior consent

CONTACT

We welcome you to contact us for more information
about any of our development or services.