Request Demo

Privacy policy

Last Updated: 06.01.2025

Stash Teknoloji Anonim Şirketi (“Stash”, “we”, “us” or “our”) is committed to protecting the privacy of personal information of identifiable individuals of whom we interact, including in connection with our software-as-a-service offerings (the “Services”).

If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at [email protected].

This Privacy Policy describes how Stash collects, uses and discloses personal information. For the purposes of this Privacy Policy, “personal information” means information about an identifiable individual. This information may include, but is not limited to, your name, date of birth, mailing address, e-mail address, and telephone number. It may also include information that, when used in combination with other information, allows you to be identified, such as age, occupation, and location.

If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Services immediately. By using our Services, you agree to the collection, use, disclosure and procedures this Privacy Policy describes. Beyond this Privacy Policy, your use of our Services is also subject to our Terms of Service.

TABLE OF CONTENTS

1. UPDATES
2. CONSENT
3. INFORMATION COLLECTED BY STASH
4. PURPOSES FOR COLLECTION AND USE
5. DATA RETENTION AND DELETION
6. DISCLOSURE OF PERSONAL INFORMATION
7. TRANSFERS OUTSIDE OF TURKEY
8. CHILDREN'S INFORMATION
9. RIGHTS TO YOUR INFORMATION
10. LINKS
11. RETENTION OF PERSONAL INFORMATION
12. SECURITY MEASURES

1. UPDATES
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated date and the updated version will be effective as soon as it is accessible. When changes are made to this Privacy Policy, they will become immediately effective when published in a revised Privacy Policy posted on our website unless otherwise noted. We may also communicate the changes through our services or by other means. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

By submitting your personal information to us, by accessing or using any of the products or services we offer, by using our Services, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Privacy Policy, you consent to our collecting, using and disclosing your personal information as set out in the revised Privacy Policy.

2. CONSENT
We collect, use, and disclose your personal information with your consent or as otherwise authorized or required by applicable law.

If you choose to provide us with your personal information after reviewing this Privacy Policy, we will assume that you consent to the collection, use and disclosure of your personal information. However, we will require your consent when necessary as required by applicable privacy laws. Subject to applicable laws, your consent may be expressed or implied, depending on the circumstances and the sensitivity of the personal information in question. How we obtain your consent (i.e. the form we use) will depend on the circumstances, as well as the sensitivity of the information collected.

By providing us with your personal information after reviewing this Privacy Policy, you indicate your consent to our collection, use, and disclosure practices. Where required by applicable privacy laws, we will obtain your consent explicitly. Depending on the context and the sensitivity of the personal information involved, your consent may be given expressly or impliedly. The method by which we obtain your consent will depend on the circumstances and the nature of the information being collected.

Without limiting the foregoing, we may, in certain circumstances, request your explicit consent to collect, use, or disclose your personal information. In other situations, your consent may be implied based on your actions if the purpose of the collection, use, or disclosure is evident and you voluntarily provide the information.

You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us at [email protected]. Please note, however, that:

withdrawal of your consent may prevent us from providing our Services and website access to you, in whole or in part, or prevent those from functioning as intended;
before we implement the withdrawal of consent, we may require proof of your identity; and
even if you withdraw your consent, we may keep using, disclosing or retaining some of your personal information to the extent permitted or required by applicable law.

Subject to your consent, we may periodically communicate with you regarding our products, services, updates, and events. You may choose not to receive such communications, and we provide opt-out mechanisms within all marketing emails and notifications. Alternatively, you may contact us directly to request that such communications cease. Please note, however, that certain communications necessary for the operation of our Services—such as account-specific notifications, service interruptions, or outages—cannot be opted out of. We will strive to limit these required communications to essential matters.

3. INFORMATION COLLECTED BY STASH
The Personal Information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use.

Stash collects personal information that you voluntarily provide to us when you register an account, submit through the Services or that is generated from your use of the Services, such as contextual information concerning your use and interaction with elements of your integrated development environment. Personal information includes:

Emails
User identifiers
User generated app content
Third-Party services information
Usage information, including:
- Device information
- Services metadata
- Log data

When you access our Services through third party accounts (e.g. GitHub, Gitlab account), we may process your account information to the extent necessary to provide you with and verify access to our Services.

All Personal Information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such Personal Information.

4. PURPOSES FOR COLLECTION AND USE
We may use the information we collect or receive:

to provide the Services to you;
to improve the quality of our Services (e.g. troubleshoot technical issues);
to create, manage and control your account information, and to verify access rights to the Services;
to communicate with you, including without limitation for the purpose of providing you with information about the Services, or informing you of changes or additions to the Services or of the availability of any other services or features we provide;
to post testimonials on our Website that may contain Personal Information. Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial. If you wish to update, or delete your testimonial, please contact us at [email protected] and be sure to include your name, testimonial location, and contact information.
to assess service levels, monitor traffic patterns and gauge usage of features and service options of the Services;
to enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract;
to protect against fraud or error, and to respond to claims of any violation of our rights or those of any third parties;
to respond to your requests for customer service;
to protect the rights, property or personal safety of you, us, our users and the public;
as required to comply with applicable laws or as authorized by applicable laws; and
such other business purposes that may be communicated to you.

5. DATA RETENTION AND DELETION
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for 30 days. After this period, the account and all related data will be removed unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

6. DISCLOSURE OF PERSONAL INFORMATION
Personal information we collected may be shared as follows or as otherwise described in this Privacy Policy:

with relevant parties in connection with your transaction(s) and use of our Services (e.g. contextual information derived from your interaction and use of the integrated development environment with other users within your organization);
in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation; and
with vendors, consultants, and other service providers who need access to such information to carry out work on our behalf in connection with our Services.

If we provide your information to third party service providers, we take reasonable measures to ensure that this Privacy Policy and its principles are complied with and these third parties provide sufficient guarantees to implement appropriate security measures. We also require that they only use your personal information for the limited purposes for which it is provided. When our service providers no longer need your personal information for those limited purposes, we require that they dispose of the personal information. We do not authorize the service providers to disclose your personal information to unauthorized parties or to use your personal information for their direct marketing purposes.

Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate:

under applicable law, including laws outside your country of residence;
to comply with legal process, including outside of your country of residence;
to respond to requests from public and government authorities, or to cooperate with law enforcement, including public and government authorities outside your country of residence;
to enforce the terms of the agreements for our Services;
to protect our operations or those of any of our affiliates or subsidiaries;
to protect our rights, privacy, safety or property, and/or those of our affiliates, you or others;
to allow us to pursue available remedies or limit the damages that we may sustain; and
in connection with a sale or business transaction, we may transfer your personal information to a third party to the extent necessary to conclude any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets.

If we otherwise intend to disclose your personal information to a third party, in a manner not identified in this Privacy Policy, we will identify that third party and the purpose for the disclosure, and obtain your consent.

In addition, from time to time we may disclose or allow access to your personal information outside Türkiye where it may be subject to the lawful access requirements of the jurisdiction in which it is stored or able to be accessed.

If you have any questions about our use of service providers outside of Türkiye, you may contact us using the contact information set out below.

7. TRANSFERS OUTSIDE OF TURKEY
Your personal information may also be stored and processed in any country where we have facilities or in which we engage third party service providers. As a result, to the extent permitted under applicable law, your personal information may be transferred to countries outside your country of residence, which may have different data protection rules than in your home country. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

8. CHILDREN'S INFORMATION
We do not knowingly collect personal information of children under the age of 18. If we learn we have collected or received personal information from a child under 18, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

9. RIGHTS TO YOUR INFORMATION
We make reasonable efforts to ensure that your personal information is kept as accurate, complete and up-to-date as reasonably necessary. We will not routinely update your personal information, unless such a process is necessary. We expect you, from time to time, to supply us with updates to your personal information, when required.

You may make a written request to review any personal information about you that we have collected, used or disclosed, and we will provide you with any such personal information to the extent required and/or permitted by law. You may also challenge the accuracy or completeness of your personal information in our records and request corrections. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required. To exercise these rights, please contact us at [email protected].

We may require that you provide sufficient identification to fulfill your request to access or correct your personal information. Any such identifying information will be used only for this purpose.

10. LINKS
The Services may contain links to other sites and services and we are not responsible for the privacy practices or the content of such sites and services. We encourage you to read the privacy policy of linked sites and services. Their privacy policies and practices differ from our policies and practices.

11. RETENTION OF PERSONAL INFORMATION
We will use, disclose or retain your personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by law. These times vary depending on the purpose for which the information was collected and the need for the information. We will destroy records containing personal information or in some cases, anonymize all personal information in the records, when we no longer need the information for the purpose for which it was collected, or for other business or legal purposes, or its retention is no longer required by law.

12. SECURITY MEASURES
We have implemented reasonable physical, organizational, contractual and technological security measures with a view to protecting your personal information and other information from loss or theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.

While we take precautions against possible breaches in our websites and customer databases, no website or Internet transmission is completely secure, so unfortunately we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. Your use of our website and the Services are at your own risk. We assume no liability for disclosure of your personal information due to transmission errors, unauthorized access, or causes beyond our control, including security failures on the part of our partners and third party service providers and processors.