MONOHUB DISCLOSURE TO LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA

Last Updated: 29 April 2026

Contact: support@monohub.co

This text is published as Monohub's Privacy Policy and KVKK Disclosure Text.

Monohub ("Monohub") processes personal data in connection with its business activities in full compliance with the Constitution of the Republic of Türkiye, international agreements to which Türkiye is a party, Law No. 6698 on the Protection of Personal Data ("KVKK"), and its secondary regulations. Monohub takes all necessary technical and legal measures to ensure the security of your personal data. Data subjects may refer to this Disclosure Text for detailed information regarding the processing and transfer of personal data to third parties, the legal bases and methods of data collection, and the rights afforded to them under the KVKK.

This Disclosure Text has been prepared in accordance with Law No. 6698 on the Protection of Personal Data ("KVKK") and explains how personal data is processed within the scope of the Monohub platform ("Platform").

1. DATA CONTROLLER

Your personal data is processed by Monohub ("Monohub"), acting as the data controller, located at Durugöl, 1068. Sk. Uzaykent Sitesi D:11/A, 52200 Altınordu/Ordu, Türkiye, in accordance with the provisions of Law No. 6698 on the Protection of Personal Data ("KVKK") and within the framework of this Disclosure Text.

• Data Controller: Monohub
• MERSIS No: 0385199345900001
• Address: Durugöl, 1068. Sk. Uzaykent Sitesi D:11/A, 52200 Altınordu/Ordu, Türkiye
• Contact: support@monohub.co

2. SCOPE

This policy applies to:

• Users registered on the Platform (professionals/freelancers)
• Third parties (clients) entered into the Platform by Users
• Website visitors

3. ROLE DISTINCTION (DATA CONTROLLER / DATA PROCESSOR)

• With respect to User data, Monohub generally acts as the data controller (account, subscription, support, security, analytics).
• With respect to customer data entered by users into the Platform, Monohub acts as a data processor; it is the user, in their capacity as data controller, who determines the purposes for which such data is processed. Where Monohub acts as a data processor, personal data is processed solely in accordance with users' instructions, limited to the specified purpose and scope of processing, and in a proportionate manner consistent with applicable law, the KVKK, and relevant guidelines. Monohub does not use such data for its own purposes. Monohub takes all necessary technical and administrative measures to ensure data security and restricts access to authorised personnel only.
• Where users, acting as data controllers, transfer personal data to Monohub as data processor, users acknowledge and represent that such personal data has been collected, processed, and transferred in compliance with applicable law, the KVKK, and relevant guidelines, and that data subjects have been duly informed and their explicit consent obtained in relation to the personal data to be transferred. In limited circumstances - such as security, prevention of misuse, and compliance with legal obligations - Monohub may act as a data controller with respect to certain processing activities.

4. PERSONAL DATA PROCESSED

4.0. Source of Data

Personal data is collected through the following means:

• Forms completed during account creation and Platform use.
• Identity and email information transferred from the Google account when signing in with Google.
• Technical data generated automatically during Platform use (IP address, session information, log records).

4.1. User Data

• Identity/contact: full name, email address (and phone number if provided)
• Subscription/payment: plan details, billing information, payment status (card details are processed by the payment provider)
• Support records: support requests and correspondence
• Technical data: IP address, device information, session/log records

4.2. Client Data (Entered by the User)

• Identity/contact: full name, (optional) email address, mobile number
• Appointment: date and time, service type, payment status
• Notes and attachments: free-text notes entered by the User

4.3. Sensitive Personal Data

• The Platform may be used by professionals across various fields. The responsibility for ensuring the lawful processing of any special categories of personal data entered into the Platform, obtaining the necessary explicit consent from data subjects, and fulfilling disclosure obligations rests solely with the user. Monohub bears no responsibility in this regard.

5. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS DATA?

5.1. User Data - Monohub as Data Controller

• Account creation and management: establishment/performance of contract
• Subscription, payment, billing: performance of contract and legal obligation
• Customer support: performance of contract and/or legitimate interest
• Security (logs, attack prevention, fraud detection): legitimate interest and/or legal obligation
• Analytics/improvement: legitimate interest (where cookies or similar technologies are required, consent management also applies)
• Marketing emails: opt-in/opt-out management under commercial electronic communications legislation (and explicit consent where required)

5.2. Client Data

With respect to client and consultee data entered into Monohub by the User, Monohub acts as a data processor. The User determines the purposes for which this data is processed; Monohub only provides the technical infrastructure in accordance with the User's instructions. It is the User's responsibility to establish the legal basis for processing this data, fulfill disclosure obligations, and obtain consent where required. In limited circumstances such as security, prevention of misuse, and fulfillment of legal obligations, Monohub may also act as data controller with respect to this data.

6. DATA SHARING WITH THIRD PARTIES

• Cloud hosting and infrastructure providers (Firebase/Google Cloud)
• Payment service providers
• Email delivery service (for transactional notifications and/or marketing emails)
• Analytics/performance/error tracking (if Google Analytics/Firebase Analytics or similar tools are used)
• In the event of a lawful request from authorized public authorities or judicial bodies, only the data strictly necessary to fulfill the request will be shared. Please note that we may not be able to notify you when such a request is received.
• As the infrastructure is located outside of Türkiye, personal data may be stored and/or processed outside of Türkiye. Where international data transfers are required, such transfers are carried out in compliance with the conditions set forth under the KVKK and its secondary regulations. Upon request, additional information may be provided regarding the categories of recipients and types of service providers to whom data is transferred. Personal data may be processed on the systems of service providers located abroad within the scope of the cloud and infrastructure services used. In this context, data transfers are carried out with all necessary technical and legal measures in place, in full compliance with the KVKK and applicable regulations.
• Third parties acting as data processors (e.g. Firebase/Google Cloud) provide their services under their own data processing agreements.

7. RETENTION PERIODS

• Account data: for as long as your account is active; upon closure, for a reasonable period to fulfill legal obligations and defend against potential disputes.
• Invoice/payment records: for the duration required by applicable financial regulations.
• Support requests and correspondence: 3 years from the date the request is resolved.
• Security logs and access records: 2 years from the date of creation.
• Client data: until the User deletes it or the account is closed; deletion may take a reasonable amount of time due to backup processes. Users have the right to permanently delete all client data within the Monohub application.
• If your account remains inactive for 3 consecutive years, all your data will be deleted at the end of that third year.
• Users may permanently delete their accounts at any time. In this case, Monohub will permanently delete all user data it holds.

8. RIGHTS OF DATA SUBJECTS (KVKK Art. 11)

Your rights under KVKK Art. 11 are as follows:

• To learn whether your personal data is being processed and, if so, for what purposes.
• To request correction of inaccurate or incomplete data.
• To request deletion or destruction of your personal data.
• To request that correction and deletion requests be notified to third parties with whom your data has been shared.
• To object to decisions taken solely on the basis of automated processing that are to your detriment.
• To claim compensation for damages arising from the unlawful processing of your personal data.

Where additional verification of your identity is required, we may request further information before processing your request. Requests will be responded to within 30 days. To submit a request: support@monohub.co

9. AUTOMATED DECISION-MAKING AND PROFILING

• Monohub does not create automated profiles by analyzing users' personal data, and does not make automated decisions about users based on such profiles.

10. GOOGLE CALENDAR DATA

10.1. Scope of Access

• If a User chooses to connect Google Calendar, Monohub requests read-only access to Google Calendar event data solely to provide calendar synchronization and display features within Monohub. The specific permissions (scopes) are presented to the User by Google during the connection flow. Google Calendar integration is optional for users.

10.2. Google Calendar Data Accessed

Under the read-only integration, Monohub may access the following categories of Google Calendar data as needed to provide the feature:

• Event identifiers (e.g., Google event ID)
• Event details such as title, start/end time, and status
• Event location and conferencing/meeting link (if present)
• Attendee information (such as attendee email addresses) when included in the event
• Calendar identifiers necessary to retrieve events from Google Calendar
• Monohub does not request access to Google services unrelated to providing calendar synchronization.
• Monohub does not have access to Google meeting records, transcripts, or chat conversations.

10.3. Purposes of Use

Monohub uses Google Calendar data only for the following purposes:

• To display Google Calendar events within Monohub in calendar and list views
• To keep Monohub synchronized with changes made in Google Calendar (e.g., changes to event date/time, attendees, or meeting links)
• To help associate events with client records in Monohub when applicable (for example, by matching attendee email addresses on an event with client email addresses stored in Monohub)
• Monohub does not use Google Calendar data for advertising, marketing profiling, or selling data.
• Monohub does not use Google Calendar data to train general-purpose AI models.

10.4. No Event Creation or Modification

• Monohub's Google Calendar integration is read-only. Monohub does not create, edit, or delete Google Calendar events. Any changes to the event date/time, attendees, or meeting links must be made in Google Calendar; Monohub will reflect those changes after synchronization.

10.5. Data Stored by Monohub

Monohub may store limited Google Calendar data to enable features such as synchronization and linking events with appointments in Monohub. If the user saves the relevant Google Calendar event as an appointment, the following data is stored:

• Google event ID
• The event date, start time, and end time
• Participants' email addresses

The content of Google Calendar meetings is neither recorded nor stored.

To establish and maintain the Google Calendar connection, technical integration data such as access and refresh tokens, connection status, access expiry information, authorization scope, and the last synchronization time may also be processed and stored.

10.6. Sharing of Google Calendar Data

Monohub does not sell or share Google Calendar data. Google Calendar data is shared only in the limited circumstances described below:

• Service providers that process data on Monohub's behalf to operate the service (e.g., hosting and database providers), subject to contractual confidentiality and security obligations
• Legal requirements or lawful requests by public authorities
• Within Monohub, Google Calendar event data is visible only to the authenticated account that connected Google Calendar and is not shared with other Users
• Google Calendar data is not shared with any other third party for other purposes such as advertising

10.7. Data Security

• Monohub implements administrative, technical, and organizational measures designed to protect Google Calendar data, including access controls and encryption in transit. Access is restricted to authorized systems and personnel necessary to operate the synchronization feature.

10.8. Retention and Deletion

• Monohub retains Google Calendar synchronization data only as long as necessary to provide the feature, or as otherwise required by law. A User may disconnect Google Calendar at any time. Upon disconnection, Monohub will stop accessing Google Calendar data.

10.9. User Controls

• A User may connect or disconnect Google Calendar within Monohub settings, grant or deny permissions during the Google connection flow, and modify or revoke Monohub's access via Google Account settings.

11. SECURITY

We apply appropriate technical and administrative measures to protect personal data (including access controls, authorization, logging, backups, encryption, and incident management). We remind you that data transmission over the internet is not entirely risk-free; we recommend using strong passwords and keeping your devices secure.

12. COOKIES AND ANALYTICS (Google Analytics / Firebase Analytics)

On our website and/or application:

• Necessary (technical) cookies/local storage: may be required for the service to function.
• Analytics cookies/similar technologies: if Google Analytics or Firebase Analytics is used, these may operate for usage statistics and performance measurement.
• Where required by applicable law, we provide consent management (a cookie preference screen) for cookies and similar technologies.
• You may use the cookie preference screen (where applicable) to limit analytics use or manage your preferences.

13. MARKETING EMAILS

Opt-in/opt-out management is applied for emails relating to product updates and campaigns. Every email includes an option to unsubscribe. If you unsubscribe, we will not contact you other than for essential notifications relating to your account and our services.

14. UPDATES

This policy may be updated from time to time. The current version takes effect from the date it is published on the Platform.

Contact: support@monohub.co