Privacy Policy

Effective date: 2026-04-18

This Privacy Policy describes how ETA BİLGİSAYAR SANAYİ VE TİCARET LİMİTED ŞİRKETİ (“we”, “us”) handles personal information in connection with the ETA Portal mobile application (“the App”).

The App is a business-to-business portal used by ETA’s enterprise customers to view orders, licenses, customer records and to make business invoice payments.

1. Data we collect

We collect only the data needed to operate the App:

• Account data — name, email address, and tenant identifier provided by your organization’s Microsoft Entra ID (Azure AD) directory when you sign in.
• Payment data — cardholder name, card number, expiry, and CVC entered at payment time. This information is transmitted directly to the bank’s 3D Secure service for authorization. We do not store card numbers or CVC codes. We retain only the transaction reference, amount, and masked card BIN for accounting purposes.
• Diagnostic data — network error details and service response codes used for troubleshooting. Diagnostic data is not linked to your identity.

We do not collect precise location, contacts, photos, microphone, or advertising identifiers. The App does not use any third-party analytics or advertising SDKs.

2. How we use data

• To authenticate you and authorize access to your organization’s records.
• To process business invoice payments you initiate in the App.
• To diagnose errors and maintain service reliability.
• To comply with applicable legal and tax obligations.

3. Sharing

We share personal data only with:

• Microsoft — for sign-in (Microsoft Entra ID / Azure AD).
• Payment processors and banks — to execute card payments and 3D Secure authentication.
• Authorities — where required by law.

We do not sell personal data and do not share it for advertising purposes.

4. Retention

Account and transaction records are retained for as long as your organization maintains an active relationship with ETA, and thereafter for the periods required by tax, commercial, and regulatory law. Diagnostic logs are retained for a limited period and then deleted.

5. Your rights

Subject to applicable law (including Turkish KVKK and, where relevant, the EU GDPR), you may request access to, correction of, or deletion of your personal data. Because your account is provisioned by your employer, deletion requests are generally handled by your organization’s administrator. You may also contact us directly using the details below.

6. Security

Data in transit is protected by HTTPS / TLS. Authentication tokens are stored in the device’s secure keystore (iOS Keychain / Android Keystore). The App uses only standard encryption provided by the operating system.

7. Children

The App is intended for business users and is not directed to children under 13.

8. Changes

We may update this Privacy Policy from time to time. The current version is always available at the URL below. Material changes will be communicated through the App or by email.

9. Contact

ETA BİLGİSAYAR SANAYİ VE TİCARET LİMİTED ŞİRKETİ
Email: portaldestek@eta.com.tr
Web: https://etafilestorage.blob.core.windows.net/mobile/portal-privacy-policy.html