Privacy Policy

Last updated: February 24, 2026

Türkçe English

Table of Contents

Overview

This Privacy Policy applies to the butcegardiyani.com website and platform, operated by Aykete Digital ("we", "us", "our", or "Company").

Bütçe Gardiyanı is a click fraud protection service that helps advertisers protect their Google Ads campaigns from invalid clicks. We provide tracking technology that monitors visitor behavior and automatically blocks suspicious IP addresses.

This policy describes how we collect, use, and protect personal information when you use our website and services. We comply with the EU General Data Protection Regulation (GDPR) and Turkish Personal Data Protection Law (KVKK).

1. Compliance (GDPR & KVKK)

GDPR Compliance

Bütçe Gardiyanı complies with the General Data Protection Regulation (GDPR) and its data transfer requirements. We rely on appropriate safeguards when transferring personal data to third countries.

KVKK Compliance

We also comply with the Turkish Personal Data Protection Law No. 6698 (KVKK) for our users in Turkey. Your personal data is processed in accordance with the principles set out by KVKK.

Legal Bases for Processing

Legal Basis Processing Activity
Consent
GDPR Art. 6(1)(a)		 Marketing communications, non-essential cookies
Contract Performance
GDPR Art. 6(1)(b)		 Account creation, service delivery, customer support
Legitimate Interest
GDPR Art. 6(1)(f)		 Fraud detection and prevention, security monitoring
Legal Obligation
GDPR Art. 6(1)(c)		 Tax and accounting records, legal requests

2. Data Controller & Processor Roles

As Data Controller

We act as data controller for data we collect directly from you when you:

  • Create an account on our platform
  • Visit our website
  • Contact our support team
  • Submit requests through the contact form

As Data Processor

We act as data processor when processing visitor data on behalf of our clients:

  • Click tracking on client websites
  • IP address analysis
  • Fraud detection services
  • Google Ads integration

3. Data We Collect

3.1 Account Information

When you register for our services:

  • Full name
  • Email address
  • Company/organization name
  • Domain name you wish to protect

3.2 Payment and Billing Information

When you purchase a paid subscription, the following information is collected:

  • Mobile phone number (stored in our systems for recurring payment processing and billing purposes)
  • Payment card last 4 digits and card type (stored in our systems for subscription management)
  • Recurring payment token information (stored encrypted in our systems; full card numbers are not stored)
  • Billing address (optional: identity number, address, city, postal code — transmitted to payment service provider, not stored in our systems)
  • Payment card details (transmitted directly to payment service provider; full card numbers are not stored in our systems)

Legal basis: Contract performance (GDPR Article 6(1)(b)), legal obligation (GDPR Article 6(1)(c))

3.3 Agreement Acceptance Records

During the checkout process, in compliance with our legal obligations (Turkish Consumer Protection Law No. 6502 and Distance Contracts Regulation), acceptance records for the Pre-Information Form and Distance Sales Contract are maintained:

  • Content copy of the accepted agreement
  • Acceptance date and time
  • IP address at the time of acceptance
  • Browser information at the time of acceptance
  • Agreement number and version

Legal basis: Legal obligation (GDPR Article 6(1)(c))

3.4 Email Verification

To ensure account security, email verification is performed during registration. A one-time verification code is sent to your email address. Verification codes are stored in hashed form and automatically deleted upon successful verification. Accounts that are not verified within the designated period are automatically deleted.

Legal basis: Contract performance (GDPR Article 6(1)(b))

3.5 Automatically Collected Information

When you visit our website:

  • IP address
  • Browser type and version
  • Device and browser technical information
  • Device recognition technologies
  • Traffic source
  • Visited page URL

3.6 Google Ads Integration

If you connect your Google Ads account, we access campaign data and IP exclusion lists through the Google Ads API. This data is used solely to provide our click fraud protection services.

3.7 Contact Form Data

Information you submit through our contact form:

  • First and last name
  • Email address
  • Phone number (optional)
  • Message content
  • Selected service package
  • Number of websites

This data is processed for pre-sales communication and quote preparation purposes.

Legal basis: Pre-contractual measures (GDPR Article 6(1)(b))

4. Data Processed for Clients (Click Tracking)

Important: Bütçe Gardiyanı acts as a data processor when collecting visitor data on behalf of our clients. Our clients are the data controllers for this information.

4.1 Data Collected by Our Tracking System

Our tracking system collects the following data on client websites:

Data Description Purpose
IP Address IP address Suspicious traffic detection and blocking
Browser Information Browser type and version Browser and device detection
Device Information Browser and device technical information, device recognition technologies Advanced device recognition
Traffic Source Where the visitor came from Source analysis
Website URL Visited page address Domain matching
Campaign ID Google Ads advertising parameters Ad click attribution
Automation Signals Automated traffic detection mechanisms Automated bot detection
Timestamp Visit date and time Time-based analysis

4.2 Data Collection Sources

Data is collected through our tracking technology (client-side and server-side) integrated into client websites. Ad visits are detected via Google Ads advertising parameters.

4.3 Legal Basis for Processing

  • Legitimate Interest (GDPR Article 6(1)(f)): Fraud protection is a recognized legitimate interest
  • Contractual Necessity (GDPR Article 6(1)(b)): Processing is necessary to fulfill our service agreement with clients

Legitimate Interest Assessment (LIA)

Fraud detection and prevention falls under legitimate interest (GDPR Recital 47). Processed data is kept to a minimum, no sensitive personal data is processed, and data is automatically deleted after 90 days. A detailed assessment is available upon request.

5. Cookies and Tracking Technologies

Cookies are small text files placed on your device by your browser when you visit a website. Our website only uses essential cookies required for the functionality and security of the service; we do not use analytics, marketing, or advertising cookies.

Cookie Type Category Purpose
Session cookie Essential Session management and authentication
Security cookie Essential Form security and cross-site attack protection
Preference cookie Functional "Remember Me" feature (only when enabled)
Consent cookie Essential Cookie preference storage

Note: Our click fraud detection tracker installed on client websites does not use any cookies. Data is transmitted directly to our server and no data is stored on visitors' devices.

Third-Party Cookies

Our website uses CDN and security services. These service providers may set their own cookies for bot protection and security purposes.

Managing Cookies

You can manage cookies through your browser settings:

  • View and delete existing cookies
  • Block all or third-party cookies
  • Clear all cookies when you close the browser

Warning: Disabling essential cookies may prevent our website from functioning properly. Login and security features require cookies.

6. Data Sharing

We do not sell your personal information. To provide our services, we may share data with certain service providers. These include advertising platform integration, payment processing service, instant notification service, email delivery service, CDN/security services, and server hosting.

For the current list of our sub-processors, please visit the Sub-processors page.

Legal Requirements

We may disclose personal information when required by law, court order, or government request.

7. International Data Transfer

To provide our services, your personal data may be transferred to countries outside the EU/EEA. Our server infrastructure is hosted on servers located within the European Union.

For transfers outside the EU/EEA:

  • All providers are subject to Standard Contractual Clauses (SCCs, 2021/914/EU) approved by the European Commission or equivalent safeguards
  • Your data is only transferred for fraud protection and service delivery purposes

For a detailed list of providers involved in data transfers, please visit the Sub-processors page.

8. Data Retention

Data Category Retention Period Deletion Method Legal Basis
Visitor logs 90 days Automatic (daily) Legitimate interest
Suspicious IP records 90 days (if no active block) Automatic Legitimate interest
Device recognition data 90 days Automatic Legitimate interest
Email verification codes Until verification is completed (unverified accounts are automatically deleted) Automatic Contract
Account information Account active + 2 years Manual/automatic Contract
Contact form (completed) 2 years Automatic Pre-contractual
Invoice/payment records 10 years Retention required Legal obligation
Agreement acceptance records 3 years Retention required Legal obligation (Distance Contracts Regulation Art. 20)
Payment token information Duration of active account Automatically deleted when account is deleted Contract
Server log files 2 years Automatic Legal obligation (Law No. 5651)
Cookie data Per cookie duration Automatic ePrivacy

Automatic deletion is performed by a daily scheduled task. All deletion operations are logged in accordance with applicable data protection regulations, and these logs are retained for a minimum of 3 years.

9. Security Measures

We implement industry-standard technical and organizational measures to protect your personal data:

  • Encryption: Industry-standard encryption methods for password protection and strong encryption standards for data encryption
  • Transit Security: All data communications are transmitted over encrypted connections
  • Session Security: Secure session management
  • Form Security: Security verification for all form submissions
  • Access Control: Role-based authorization
  • Network Security: Automated attack detection and prevention systems

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours in accordance with GDPR Article 33.

10. Automated Decision Making

Our service uses automated decision-making mechanisms for the purpose of fraud detection.

Evaluated Parameters

  • IP addresses, device recognition data, and visitor behavior patterns are analyzed according to detection rules
  • Automated traffic detection mechanisms evaluate bot signals
  • Visit frequency, behavioral analysis, and IP history are examined
  • IP addresses flagged as suspicious are automatically excluded from Google Ads campaigns

This automated assessment is based solely on technical parameters and does not aim to create individual profiles.

Under GDPR Article 22, you have the right to contest automated decisions, request human intervention, and express your point of view.

Contact: [email protected]

11. Your Privacy Rights

Under GDPR (Articles 15-22):

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests

Under KVKK (Article 11):

Turkish residents also have the right to learn whether their data has been processed, request information about processing activities, learn the purpose of processing, know the third parties to whom data has been transferred, request correction of incomplete or inaccurate data, request deletion, and claim compensation for damages.

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

Supervisory Authorities

  • Turkey: KVKK (Personal Data Protection Authority)
  • EU: Your local Data Protection Authority

13. Data Breach Notification

In accordance with GDPR Articles 33 and 34:

  • The relevant supervisory authority will be notified within 72 hours of becoming aware of a breach
  • If the breach is likely to result in high risk to your rights, you will be notified without undue delay

Notification Process

  • 1. Bütçe Gardiyanı (Processor) → Customer (Data Controller): Notification within 48 hours
  • 2. Customer (Data Controller) → Supervisory Authority: Notification within 72 hours (GDPR Art. 33)
  • 3. Customer → Affected Data Subjects: Without undue delay in case of high risk (GDPR Art. 34)

14. Changes to This Policy

We may update this policy. Material changes will be announced at least 30 days before they take effect.

15. Contact

Data Controller

Aykete Digital

Bilecik, Turkey

Email: [email protected]

Related Documents

Back to Homepage

Bu web sitesi, temel işlevsellik için zorunlu çerezler kullanmaktadır. Detaylı bilgi için Gizlilik Politikamızı inceleyebilirsiniz.