ETA Portal Privacy Policy

Effective date: March 10, 2026

ETA Portal ("the App") is provided for business users who access ETA Portal services. This Privacy Policy explains what data the App processes, why it is processed, and how it is protected.

1. Data We Process

The App may process the following categories of data when you sign in and use its features:

• Authentication data, such as Microsoft sign-in tokens and session identifiers.
• User profile and account data, such as username, full name, country, roles, groups, permissions, avatar, and IP address returned by the service.
• Business and operational data, such as customer, dealer, license, order, payment, receipt, and related transaction records available to your authorized account.
• Payment submission data, such as card holder name, card number, expiration month/year, and CVC, when you initiate a card payment.
• Contact data used for receipt delivery, such as recipient email addresses selected or entered by the user.
• Technical and diagnostic data, such as network error information and service response details needed for troubleshooting and security.

2. Why We Process Data

• To authenticate users and maintain secure sessions.
• To show portal content and business records based on user permissions.
• To create, view, manage, approve, cancel, or pay orders and payments.
• To send receipts and related transaction documents.
• To protect the service, prevent unauthorized access, and diagnose technical issues.

3. Where Data Is Stored

Access tokens, refresh tokens, and the active session are stored locally on the device using secure device storage. Other data is requested from ETA Portal backend services when needed for app functionality.

4. Payment Information

If you use the payment feature, payment card data may be transmitted to backend/payment processing services to complete the transaction and any required 3D Secure verification. Payment data is processed only for payment execution and related transaction records.

5. Data Sharing

Data may be shared only as needed with:

• ETA Portal backend services and systems operated for the App.
• Authentication providers used for sign-in.
• Payment and banking partners used to process payments and 3D Secure flows.
• Email or receipt delivery services when you request receipt sending.
• Authorities or other parties where required by law or to protect legal rights.

The App is not intended to sell personal data and is not designed for advertising-based tracking.

6. Data Retention

Data is retained for as long as necessary to provide the service, comply with legal obligations, maintain security, resolve disputes, and enforce agreements. Session data stored on the device may be removed when you sign out or when the session expires.

7. Security

Reasonable technical and organizational measures are used to protect data, including secure authentication, permission-based access, and secure local storage for session-related data. No method of transmission or storage is completely secure, so absolute security cannot be guaranteed.

8. Children's Privacy

The App is intended for business use and is not directed to children under 13.

9. Your Choices

• You may stop using the App at any time.
• You may sign out to remove locally stored session information from the device.
• You should contact your organization or service administrator for requests related to account data, corrections, or authorized access.

10. Contact

For privacy or data protection questions about ETA Portal, use the support mail. portaldestek@eta.com.tr

11. Changes to This Policy

This Privacy Policy may be updated from time to time. The latest published version should be considered the current version.