Skip to content

Privacy Policy

How TervaX collects, uses, and protects personal data through this website.

Last updated: 12 July 2026


TervaX is a cybersecurity company, headquartered in Istanbul, Turkey, that delivers enterprise security services — smart contract audits, penetration testing, cloud security, DevSecOps, and digital forensics and incident response — to clients worldwide. This Privacy Policy explains how we handle personal data collected through our website at tervax.com.

We are committed to handling personal data in accordance with applicable data protection law. This policy applies only to this website; it does not cover any separate processing carried out under a signed client engagement, which is governed by the relevant contract. This document is a template and should be reviewed by qualified counsel before you rely on it.

1. Who we are

TervaX is the data controller responsible for the personal data processed through this website. "Controller" means the organisation that decides how and why your personal data is used.

You can contact us about this policy, or about any personal data we hold, by email at info@tervax.com. Any enquiry sent to that address will be routed to the person responsible for data-protection matters at TervaX.

2. The information we collect

This website is a marketing and services site. There are no user accounts and no payments taken on the site. The personal data we hold is either provided by you directly through our contact form, or generated automatically as limited technical data when you visit the site. Both are described below.

Information you give us through the Contact form

  • Your name (required)
  • Your email address (required)
  • Your message (required)
  • Your company name (optional)
  • Any other detail you choose to include in the free-text fields (optional)

Technical data processed when you use the site

As part of operating and protecting the site, our hosting and security providers process limited technical data on our behalf, which may include:

  • Your IP address
  • Your browser type and device or user-agent information
  • Request and security logs, including the pages requested and the date and time of the request

Anti-spam verification

When you submit the contact form, your IP address may be processed transiently to run a privacy-friendly anti-spam check (a CAPTCHA alternative) that confirms a submission comes from a genuine person rather than an automated script. We do not use this data to build a profile of you or to track you across other websites.

If you choose to include additional personal data within the free-text fields — for example, in your message — that information will also be processed by us. Please share only what is necessary for us to respond to your enquiry, and do not send us sensitive information through the form.

3. How and why we use your information

We only use your personal data for the purposes for which it was provided, and we always rely on a lawful basis under applicable data protection law. The headings below set out what we do.

Responding to and managing your enquiry

We use the information from the contact form to read, understand, and reply to your message, to answer questions about our services, and to keep a record of our correspondence. Lawful basis: our legitimate interests in responding to and managing business enquiries, and — where your enquiry concerns a possible engagement — taking steps at your request prior to entering into a contract.

Protecting and operating the website

We use technical data and the transient anti-spam check to keep the site available, secure, and free from spam and abuse. Lawful basis: our legitimate interests in maintaining the security and integrity of our website.

Complying with our legal obligations

We may use or retain personal data where we are required to do so to comply with the law, to establish, exercise, or defend legal claims, or to respond to a lawful request from a regulator or authority. Lawful basis: compliance with a legal obligation and, where relevant, our legitimate interests in protecting our rights.

4. Cookies and similar technologies

We do not use advertising cookies, marketing pixels, or cross-site tracking. Cookies and similar storage on this site are limited to strictly-necessary functions, such as security and anti-spam. For full details, please see our Cookie Policy.

5. Who we share your information with

We do not sell your personal data, and we do not share it for anyone else’s marketing. We share it only in the limited circumstances set out below.

Our service providers (processors)

We use carefully selected providers who process personal data on our behalf and under our instructions, governed by written terms — for example, our website hosting, content-delivery, and security platform, and the transactional-email provider that delivers your form submission to us by email.

Professional advisers and legal disclosures

We may share personal data with professional advisers where necessary for them to provide their services to us, and where we are required to do so by law, court order, or a request from a competent authority, or where disclosure is necessary to establish, exercise, or defend legal claims.

6. International data transfers

Some of our providers may process personal data outside the country in which you are located. Where personal data is transferred internationally, we take steps to ensure it remains protected to the standards required by applicable data protection law, using appropriate safeguards such as standard contractual clauses. If you would like more information about the safeguards in place, please contact us by email at info@tervax.com.

7. How long we keep your information

We keep personal data only for as long as we need it for the purposes described in this policy, and then we delete or anonymise it. Enquiry correspondence is kept for as long as is reasonably necessary to deal with your enquiry and for a limited period afterwards; technical and security logs are retained only for the short periods needed to operate and secure the site. If you would like us to delete an enquiry sooner, please contact us by email at info@tervax.com.

8. Your data protection rights

Depending on where you are located, you may have a number of rights in relation to your personal data. These rights may not all apply in every situation, and some are subject to conditions and exemptions, but they may include:

  • The right to be informed — to know how your personal data is used, which this policy is intended to explain.
  • The right of access — to obtain a copy of the personal data we hold about you.
  • The right to rectification — to have inaccurate or incomplete data corrected.
  • The right to erasure — to ask us to delete your personal data in certain circumstances.
  • The right to restriction — to ask us to limit how we use your data in certain circumstances.
  • The right to data portability — to receive certain data in a structured, commonly used, machine-readable format, where the right applies.
  • The right to object — to object to processing based on our legitimate interests.

To exercise any of these rights, please email us at info@tervax.com. We may need to verify your identity before we act on a request, and we will respond within the timeframe required by applicable law. If you are unhappy with how we have handled your personal data, please contact us first so we can put it right; you may also have the right to complain to the data-protection authority in your jurisdiction.

9. How we keep your information secure

As a cybersecurity company, protecting data is central to what we do. We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

  • Our website is served over encrypted HTTPS connections.
  • We use a reputable hosting, content-delivery, and security platform, including protection against common web threats.
  • We use an anti-spam check to reduce automated abuse of our contact form.
  • We limit access to enquiry data to those who need it to respond to you.

No method of transmission over the internet or of electronic storage is completely secure, so while we work hard to protect your personal data we cannot guarantee its absolute security. Please avoid sending us sensitive personal information through the form unless it is necessary.

10. Children's privacy

Our website and services are aimed at businesses and the professionals who work for them. They are not directed to children, and we do not knowingly collect personal data from children through this website. If you believe that a child has provided us with personal data, please contact us by email at info@tervax.com and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our providers, or the law. When we make changes, we will update the policy on this page so that the version published here is always the current one. We encourage you to review this page periodically.

12. How to contact us

If you have any questions about this Privacy Policy, about how we handle your personal data, or if you wish to exercise any of your rights, you can contact us by email at info@tervax.com.