PureFieldCRM, FSM and CMMS, unified by AI agents.

Legal

Privacy Policy

This Privacy Policy explains how PureField Yazılım A.Ş. collects, uses, shares, and protects personal data when providing the PureField product.

Last updated: April 19, 2026

1. Scope and roles

This policy covers personal data processed in connection with the use of the PureField product provided by PureField Yazılım A.Ş.

PureField acts as a data controller for its own account, contract, billing, support, security, and legal compliance processes. For CRM, service, maintenance, and similar operational data entered into the product by customers, PureField generally acts as a data processor following the customer's instructions.

2. Categories of data we may collect

  • Account and identity data: name, surname, business email, user role, organization, and access information
  • Contract and billing data: company details, subscription plan, invoices, and payment records
  • Customer and operational data: customer, contact, request, work order, service, maintenance, and related business records
  • File and content data: documents, images, reports, attachments, and other content uploaded by users
  • Usage and device data: session, device, browser, access, security, error, and audit logs
  • Communication data: support requests, feedback, and correspondence with us

3. Why we process data

  • To create accounts, provide access, and manage user permissions
  • To deliver CRM, service, maintenance, and related product features
  • To manage subscriptions, billing, payment follow-up, and customer relationships
  • To operate files, reports, notifications, and communication workflows
  • To provide support, resolve issues, improve security, and prevent misuse
  • To comply with legal obligations and protect our rights when necessary

4. Legal bases

We process personal data on appropriate legal bases under KVKK and, where applicable, GDPR.

  • Processing necessary to enter into or perform a contract
  • Compliance with legal obligations
  • Our legitimate interests in operating, securing, and improving the service
  • Consent or valid customer instruction where required

5. Who we may share data with

We share personal data only to the extent necessary to provide the service, support customers, or comply with legal obligations.

  • Cloud infrastructure, hosting, storage, and security providers
  • Transactional email and communications providers
  • Integrations and connected service providers enabled by the customer
  • Competent public authorities and professional advisers where legally required or necessary to protect our rights

6. International transfers

Some of the service providers we use may operate outside Türkiye or outside the European Economic Area. In such cases, we seek to protect data through the contractual and organizational safeguards required by applicable law.

7. Retention periods

We retain personal data only for as long as necessary for the relevant processing purpose and as required by applicable law and contractual obligations.

  • Account, contract, and billing records: while the relationship continues and afterward for the period required by applicable law; where necessary, up to 10 years
  • Operational data and files entered by the customer: during the subscription term and for a limited period after the service ends for export, transition, or backup needs; typically up to 90 days
  • Support tickets and business communications: typically up to 24 months after closure
  • Security, access, and audit logs: typically up to 12 months for legitimate security and operational needs
  • Backups: typically up to 90 days under cyclical system processes

8. Security

We apply reasonable technical and organizational measures to protect personal data. However, no internet transmission or digital storage method can guarantee absolute security.

9. Your rights

Depending on applicable law, you may have various rights regarding your personal data.

  • Request access to your data
  • Ask for inaccurate or incomplete data to be corrected
  • Request deletion or restriction of processing in certain cases
  • Request data portability where applicable
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is based on consent
  • File a complaint with the relevant supervisory authority

10. Requests and contact

For requests related to privacy, personal data, or this policy, you can contact us at info@purefield.app.

We aim to respond as quickly as reasonably possible, with a target of 5 business days, and in all cases within the timelines required by applicable law.

11. Policy changes

We may update this Privacy Policy from time to time. For material changes, we use a reasonable notice method. The current version becomes effective as of the publication date shown on this page.