MONOHUB PRIVACY POLICY AND KVKK INFORMATION NOTICE

Last Updated: 27.03.2026

Contact: support@monohub.co

This Privacy Policy has been prepared in accordance with Turkish Personal Data Protection Law No. 6698 ("KVKK") and explains how personal data is processed within the scope of the Monohub platform (the "Platform").

1. DATA CONTROLLER

Data controller: Monohub

Contact: support@monohub.co

2. SCOPE

This policy applies to:

• Users registered on the Platform (professionals/freelancers)
• Clients recorded on the Platform by Users
• Website visitors

3. ROLE DISTINCTION

• With respect to User data, Monohub generally acts as the data controller (account, subscription, support, security, analytics).
• With respect to client data entered into the Platform by the User, Monohub acts as a data processor; the User determines the purposes for which such data is processed.
• In limited situations, such as for security, misuse prevention, and compliance with legal obligations, Monohub may act as a data controller for certain processing activities.

4. PERSONAL DATA MONOHUB PROCESS

4.1. User data

• Identity/contact: Full name, email address, and phone number if available
• Subscription/payment: Plan information, billing information, payment status information. Card details are processed by the payment provider; Monohub does not have any access to debit or credit card data
• Support records: Support requests and correspondence
• Technical data: IP address, device information, session, and log records

4.2. Client data entered by the User

• Identity/contact: Full name, (optional) email address, mobile phone number
• Appointment/session: Date-time, service type, payment status
• Notes and attachments: Free-text notes entered by the User

4.3. Special category data

• The Platform may be used by different professions. If the User chooses to process special category data in notes for professional purposes, ensuring compliance with the legal requirements applicable to their profession is the User's responsibility. Monohub has no responsibility in this regard.

5. PURPOSE AND LEGAL GROUNDS OF DATA MONOHUB PROCESS

5.1. User data - Monohub as data controller

• Account creation and management: establishment and performance of the contract
• Subscription, payment, billing: performance of the contract and legal obligation
• Customer support: performance of the contract and/or legitimate interest
• Security (logging, attack prevention, abuse detection): legitimate interest and/or legal obligation
• Analytics/improvement: legitimate interest (if cookies or similar technologies are required, separate consent management is applied)
• Marketing emails: consent/opt-out management under electronic commercial communication legislation (and explicit consent where required)

5.2. Client data - Monohub generally as data processor

• To carry out appointment, payment status, and client management processes in line with the User's instructions. Ensuring the legal basis for processing such data (notice, consent, etc.) is the User's responsibility.

6. GOOGLE CALENDAR DATA

6.1. Scope of Access

• If a User chooses to connect Google Calendar, Monohub requests read-only access to Google Calendar event data solely to provide calendar synchronization and display features within Monohub. The specific permissions (scopes) are presented to the User by Google during the connection flow. Google Calendar integration is optional for users.

6.2. Google Calendar Data Accessed

Under the read-only integration, Monohub may access the following categories of Google Calendar data as needed to provide the feature:

• Event identifiers (e.g., Google event ID)
• Event details such as title, start/end time, and status
• Event location and conferencing/meeting link (if present)
• Attendee information (such as attendee email addresses) when included in the event
• Calendar identifiers necessary to retrieve events from Google Calendar
• Monohub does not request access to Google services unrelated to providing calendar synchronization.
• Monohub does not have access to Google meeting records, transcripts, or chat conversations.

6.3. Purposes of Use

Monohub uses Google Calendar data only for the following purposes:

• To display Google Calendar events within Monohub in calendar and list views
• To keep Monohub synchronized with changes made in Google Calendar (e.g., changes to event date/time, attendees, or meeting links)
• To help associate events with client records in Monohub when applicable (for example, by matching attendee email addresses on an event with client email addresses stored in Monohub)
• Monohub does not use Google Calendar data for advertising, marketing profiling, or selling data.
• Monohub does not use Google Calendar data to train general-purpose AI models.

6.4. No Event Creation or Modification

• Monohub's Google Calendar integration is read-only. Monohub does not create, edit, or delete Google Calendar events. Any changes to the event date/time, attendees, or meeting links must be made in Google Calendar; Monohub will reflect those changes after synchronization.

6.5. Data Stored by Monohub

Monohub may store limited Google Calendar data to enable features such as synchronization and linking events with appointments in Monohub. If the user saves the relevant Google Calendar event as an appointment, the following data is stored:

• Google event ID
• The event date, start time, and end time
• Participants' email addresses

The content of Google Calendar meetings is neither recorded nor stored.

To establish and maintain the Google Calendar connection, technical integration data such as access and refresh tokens, connection status, access expiry information, authorization scope, and the last synchronization time may also be processed and stored.

6.6. Sharing of Google Calendar Data

Monohub does not sell or share Google Calendar data. Google Calendar data is shared only in the limited circumstances described below:

• Service providers that process data on Monohub's behalf to operate the service (e.g., hosting and database providers), subject to contractual confidentiality and security obligations
• Legal requirements or lawful requests by public authorities
• Within Monohub, Google Calendar event data is visible only to the authenticated account that connected Google Calendar and is not shared with other Users
• Google Calendar data is not shared with any other third party for other purposes such as advertising

6.7. Data Security

• Monohub implements administrative, technical, and organizational measures designed to protect Google Calendar data, including access controls and encryption in transit. Access is restricted to authorized systems and personnel necessary to operate the synchronization feature.

6.8. Retention and Deletion

• Monohub retains Google Calendar synchronization data only as long as necessary to provide the feature, or as otherwise required by law. A User may disconnect Google Calendar at any time. Upon disconnection, Monohub will stop accessing Google Calendar data.

6.9. User Controls

• A User may connect or disconnect Google Calendar within Monohub settings, grant or deny permissions during the Google connection flow, and modify or revoke Monohub's access via Google Account settings.

7. DATA TRANSFERS

• Cloud hosting and infrastructure providers (Firebase/Google Cloud)
• Payment service providers
• Email delivery providers (for transactional notifications and/or marketing emails)
• Analytics/performance/error monitoring tools (if Google Analytics/Firebase Analytics, etc., are used)
• Legally authorized public institutions and organizations (upon a valid request)
• Since the infrastructure may be located outside Turkiye, personal data may be stored and processed outside Turkiye. Where international data transfers are required, we aim to rely on appropriate mechanisms provided under KVKK and secondary regulations (for example, adequacy decisions or standard contractual clauses). Upon request, additional information may be provided about the categories and types of providers involved in such transfers.

8. RETENTION PERIODS & ACCOUNT DELETION

• Account data: For as long as your account remains active; after account closure, for a reasonable period for legal obligations and defense against potential disputes.
• Billing/payment records: For the retention periods required under applicable financial legislation.
• Client data: Until deleted by the User or until the account is closed; deletion may be completed within a reasonable period due to backup processes. The User has the authority to delete all client data within the Monohub application.
• If a user's account remains inactive for 3 years, all the user's data will be deleted at the end of the 3rd year.
• Users can delete their accounts at any time they want. In that case, Monohub will permanently delete all user data.

9. DATA SUBJECT RIGHTS (KVKK Art. 11)

• To exercise your rights under KVKK, including learning whether your personal data is being processed, requesting information, requesting correction, deletion/destruction, learning the third parties to whom data has been transferred, and other statutory rights, you may contact us at support@monohub.co. Applications are generally responded to within 30 days.

10. SECURITY

• Monohub applies technical and administrative measures appropriate to the nature of the processing to protect personal data (access control, authorization, logging, backup, encryption, incident management, etc.). We remind you that internet transmission is never entirely risk-free and recommend implementing strong password and device security measures.

11. COOKIES AND ANALYTICS (Google Analytics / Firebase Analytics)

• On the website and/or in the application:
• Strictly necessary (technical) cookies/local storage: may be required for the service to function.
• Analytics cookies/similar technologies: if Google Analytics or Firebase Analytics is used, they may operate for usage statistics and performance measurement.
• For cookies and similar technologies, where required by applicable law, we provide consent management (cookie preference screen).
• To limit analytics usage or manage your preferences, you may use the cookie preference screen, where available.

12. MARKETING EMAILS

• Consent and opt-out management are applied to emails related to product updates and campaigns. An unsubscribe option is provided in every email.

13. UPDATES

• This policy may be updated from time to time. The current version becomes effective as of the date it is published on the Platform.
• Contact: support@monohub.co