Data Processing Agreement (DPA)

Name: Geo Builder
Author: Geo Builder

Last updated: December 2025

Parties and Definitions

Data Processor: Sheltron Teknoloji A.Ş. (GEO Builder). Data Controller: Customer using GEO Builder services (user producing content through the Platform and processing their own customer data). This Data Processing Agreement ("DPA") regulates the obligations of the parties under Turkish Personal Data Protection Law No. 6698 ("KVKK") and European General Data Protection Regulation ("GDPR").

Scope of Data Processing

Personal Data Processed: Content uploaded to the platform by the customer, website data provided for SEO optimization, information entered for AI content generation, customer's own user data (if applicable). Processing Purposes: SEO content generation and optimization, schema markup creation, performance analysis and reporting, service quality improvement.

Data Processor Obligations

GEO Builder undertakes the following obligations: Data Security: Implementing appropriate technical and administrative security measures, providing protection against unauthorized access, loss, and damage, applying encryption and access controls. Confidentiality: Processing data only for contract purposes, ensuring employees commit to confidentiality, not sharing data with unauthorized third parties. Transparency: Providing information about data processing activities, responding to audit requests within reasonable time, immediately notifying data breaches.

Sub-Processors

GEO Builder may use sub-processors in the following categories for service delivery: Cloud Infrastructure Providers: Data storage and processing infrastructure. AI/ML Service Providers: AI model providers for content generation. Payment Processors: Secure payment processing. Communication Services: Email and notification systems. Sub-processors are bound by data protection obligations at least equivalent to this DPA. List of current sub-processors is provided upon request.

Data Security Measures

Security measures implemented: Technical Measures: TLS 1.3 encryption (in transit), AES-256 encryption (at rest), multi-factor authentication, regular security scans and penetration testing. Organizational Measures: Access control and authorization policies, employee security training, data processing procedures documentation, incident response plans.

Data Breach Notification

In case of data breach, GEO Builder will: Notify the Data Controller within 48 hours. Provide information about the nature of the breach, affected data categories, estimated number of affected individuals, and measures taken/to be taken. Take necessary steps to mitigate the effects of the breach. Cooperate in investigation and corrective activities.

Data Subject Rights

GEO Builder assists the Data Controller in responding to data subject rights. These rights include: Right of access (obtaining a copy of data), right to rectification (correction of inaccurate data), right to erasure ("right to be forgotten"), right to restrict processing, right to data portability, right to object. Requests are responded to within 30 days.

Data Retention and Deletion

Retention Periods: Active account data retained while account is active. Data deleted within 90 days after account closure. Data required by legal obligations retained for the relevant period. Backup data cyclically deleted within 30 days. Deletion Procedure: Deletion requests must be made in writing. Deletion completed within 30 days of receiving request. Confirmation certificate provided after deletion.

Audit Rights

The Data Controller has the right to audit data processing activities with reasonable prior notice. Audit Scope: Security measures, data processing procedures, sub-processor compliance. Audit Limitations: Audits may be conducted once per year. Audit costs are borne by the requesting party. Audits cannot violate the confidentiality of other customers' data.

Term and Termination

This DPA is valid for the duration of the main service agreement. After Termination: Customer data deleted or returned within 90 days. Legal retention requirements are preserved. Data deletion confirmation is provided.

Contact Information

Data Processing Controller: Sheltron Teknoloji A.Ş. Data Protection Contact: kvkk@geo-builder.com. Address: Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Merkezi A1 BLOK NO:151/1C/B35 ESENLER/İSTANBUL. Phone: +90 542 138 65 74.