Trust & transparency
We use only public sources, put privacy first, and keep evidence clear and verifiable. No fluff—just clear boundaries and accountable handling.
What we stand for
We rely on publicly available information and your authorized inputs. No unauthorized access to private data.
We minimize data collection and design for transparency. Your data stays in context and under clear controls.
Findings are checked and traceable. We add a verification step so you can trust the evidence.
Every finding is tied to its source and chain of reasoning. Audit-ready and transparent.
How we protect your data
Your data, separated
Each customer's data is kept in a separate scope. We do not mix or expose it across accounts.
Auditable history
Important actions are logged so you can review what happened and support audits when needed.
Privacy controls
We collect only what we need and respond to access, correction, and deletion requests in line with our policies.
Compliance & privacy
- Public sources only—we do not access private or unauthorized data.
- Privacy-first design; we respect KVKK and GDPR principles and data subject rights.
- We keep evidence in context and support transparent review and your right to request access or deletion.
How we handle data
| Sources | Data comes from public sources and your authorized inputs (e.g. assets you connect). |
| Processing | We turn signals into findings and cases using defined rules, with verification and traceability. |
| Storage | Data is stored in managed systems with access limited to what is needed to run the service. |
| Access | Access is scoped by account and role. Internal access is limited to support and operations when needed. |
| Retention | We keep data only as long as needed for the service and legal requirements; terms can be agreed contractually. |
Data controller
Key contact points for privacy and legal inquiries.
- Controller
- OSINTA.AI
- Address
- Istanbul, Türkiye
- Privacy
- privacy@osinta.ai
- Legal
- legal@osinta.ai
Legal
Policies and notices
Our privacy, terms, cookie, GDPR, and KVKK notices. Use these for your review and vendor assessments.
Frequently asked questions
We store account information, configuration data, and operational records such as assets, signals, findings, and cases created within the service.
Each tenant’s data is scoped and queried by tenant identifiers at the application and data layers to help prevent cross-tenant access.
We have internal processes to review and respond to GDPR and KVKK-related requests in coordination with your organization.
Retention depends on the type of data and the agreement in place; we aim to keep data only as long as it is operationally and legally necessary.
We maintain activity logs for key actions and can expose relevant information to support internal reviews and audits.
Yes. Network communication with the service is protected using industry-standard encryption in transit.
Next steps
Use our documentation and this Trust Center for your internal review and vendor assessments.