Baseguard (as defined in the applicable Terms of Service or Master Services Agreement and referred to herein as "Baseguard," "we," "our," or "us") provides a secure mesh VPN solution that enables Customers and Permitted Users to establish encrypted connections between servers, computers, mobile devices, and cloud environments.
Baseguard is committed to maintaining transparency in the way it processes information. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with the Services through our websites or mobile application that references this Privacy Policy (the "Site"), our mesh VPN services (the "Baseguard Solution"), as well as any additional interactions with Baseguard, such as customer support communications, events, social media engagement, and other related communications (collectively referred to as the "Services").
1. Scope and Applicability of This Privacy Policy
This Privacy Policy applies in circumstances where Baseguard acts as a data controller under the General Data Protection Regulation (GDPR) or under applicable Turkish data protection legislation with respect to personal information.
This Policy covers information collected from or about prospective commercial customers ("Prospects"), as well as from Customers and Permitted Users who access and use the Baseguard Solution pursuant to a binding Customer agreement.
In the course of providing the Services, Baseguard may process certain personal information relating to Permitted Users on behalf of organizations that have entered into a Master Services Agreement or Terms of Service with Baseguard (each, a "Customer"). In such circumstances, the Customer acts as the data controller, and Baseguard acts as the data processor or service provider, as defined under applicable data protection laws and as further described in the applicable Data Processing Addendum.
Accordingly, the Customer is responsible for determining the purposes and means of processing personal data and for ensuring compliance with its own privacy obligations and applicable data protection laws. Where Baseguard acts solely as a data processor, personal data is processed strictly in accordance with the documented instructions of the relevant Customer, the applicable data processing agreement, and governing legal requirements.
Where access to the Services occurs under a Customer account, requests relating to personal data processed on behalf of that Customer should be directed to the relevant Customer organization in its capacity as data controller.
2. Categories of Information Collected
Information Provided Directly
Baseguard collect, retain, and use certain information relating to Customers and Permitted Users for the purposes described in this Privacy Policy. Information is obtained directly in connection with the registration for, access to, and use of the Services, including participation in product demonstrations, onboarding sessions, and webinars, as well as through communications with our sales and support teams. We may also collect information when requests or inquiries are submitted through online forms, email, or other communication channels, when interactions occur with our customer support personnel via email, telephone, videoconferencing, chat, or support ticket systems, when representatives attend Baseguard-hosted or industry events, when subscriptions are requested for business communications or service-related updates, and when engagement takes place through our official social media channels or developer platforms.
The information collected in these contexts may include full name, business email address or account username, business postal or billing address, company or organizational affiliation, node-related technical information, Customer network configuration information, and any additional information voluntarily provided in connection with the Services.
Information Collected Automatically
Baseguard Solution Information
When Customers and Permitted Users access or use the Baseguard Solution, we automatically collect certain limited technical metadata associated with the device utilized to connect to the Solution. Such metadata may include the device name, operating system type, host name, IP address, cryptographic public key, user agent (where applicable), language preferences, timestamps reflecting access to the Baseguard Solution, connection logs containing statistical information regarding data transmitted between devices ("Inter-Node Traffic Logs"), and the installed version of the Baseguard Solution. This technical information is necessary to operate, maintain, and deliver the Baseguard Solution.
Baseguard does not access, inspect, or process the content of network traffic transmitted through the Baseguard Solution. All traffic data remains encrypted end-to-end, and Baseguard does not have the capability to decrypt or view such content.
Customers may elect, at their discretion, to enable certain features or functionalities within the Baseguard Solution that generate additional logs or operational data transmitted to Baseguard for processing and storage on behalf of the applicable Customer ("Customer Log Data"). With respect to such Customer Log Data, the Customer acts as the data controller, and Baseguard acts solely as a data processor or service provider in accordance with the applicable Data Processing Addendum.
In addition, we may compile aggregated usage metrics relating to the use of the Services, including, for example, the volume of data transmitted through the Baseguard Solution over a given period and general usage patterns. To the extent that such aggregated data or metadata cannot reasonably be used to identify a specific Customer or Permitted User or their device, Baseguard may use and disclose such information at its discretion as further described in the "Aggregate/De-Identified Information" section below.
Site Information
When the Site is accessed, certain technical and usage information may be collected automatically. This may include IP address, browser type and language, operating system, software and hardware characteristics (including device identifiers), referring and exit URLs, platform type, clickstream data, downloaded files, domain names, landing pages, pages viewed and navigation sequence, duration of visits to specific pages, date and time of access, error logs, and similar diagnostic data. Based on IP address information, general geographic location (such as city, state, or postal code) may be inferred.
To collect and analyze Site-related information, Baseguard and its service providers may utilize cookies and comparable tracking technologies designed to measure and evaluate usage patterns. Cookies are small data files stored on a browser or device that allow recognition of returning users. Cookies may be used for analytics, site functionality, performance enhancement, user experience improvement, and online advertising purposes. Browser settings may be configured to notify users of cookie placement and to allow acceptance or rejection of certain cookies. Disabling cookies may limit certain features or functionality of the Site. For additional details regarding cookie management, Customers, Permitted Users, and Prospects should consult their browser documentation or device manufacturer instructions. Further information is available in our Cookie Notice.
Information Obtained From Third Parties
From time to time, and where permitted by applicable law, Baseguard may obtain information relating to Prospects from third-party sources, including business partners, data enrichment providers, industry conferences, and similar professional events. We may also collect information for additional purposes disclosed at the time of collection. Such information is used to supplement data obtained directly from Prospects, to better understand business needs and areas of interest, and to enhance marketing activities, analytics, and outreach efforts.
Baseguard may provide the option to access or interact with the Services through third-party platforms or applications, including social networking services. Where access to the Services is initiated through such third-party mechanisms, Baseguard may receive certain account-related information made available in accordance with the applicable privacy settings of that platform, such as name, username, email address, or profile image, for purposes including account creation, authentication, and administration. Information disclosed through these third-party login methods remains subject to the privacy policies of the respective third-party providers.
In addition, where representatives engage with Baseguard through professional or social media platforms, Baseguard may collect publicly available information associated with such engagement, including name, username, email address, and any comments or content shared in relation to Baseguard.
3. Purposes of Processing
We use information relating to Customers and Permitted Users for purposes consistent with the nature of the Services and the categories of information collected, including:
- Provision of the Services: To enable access to and use of the Services, and to administer Customer accounts and related service functionality.
- Customer Support: To respond to inquiries, provide assistance, and deliver technical and operational support in an efficient and effective manner.
- Business Communications and Marketing: To communicate with Customers and Prospects by email, telephone, or other permitted channels regarding service updates, announcements, relevant offerings, and related business information, in accordance with applicable legal requirements.
- Community and Platform Engagement: To manage and maintain Baseguard's official social media channels and developer platforms and to facilitate professional engagement through those channels.
- Analytics and Product Improvement: To conduct internal research and analysis concerning use of the Services, and to develop, enhance, and optimize service functionality.
- Security and Performance: To monitor, protect, and maintain the integrity, reliability, and performance of the Services, including troubleshooting and resolution of reported technical issues.
- Legal and Regulatory Compliance: To comply with applicable laws, regulations, and contractual obligations, and to establish, exercise, or defend legal claims where necessary for legitimate business interests.
Aggregate / De-Identified Information
Baseguard may aggregate and/or de-identify information collected through the Services so that it can no longer reasonably be associated with a specific Customer, Permitted User, or device ("Aggregate/De-Identified Information"). Such information may be used for legitimate business purposes, including statistical analysis, publication of industry insights, trend reporting, service development initiatives, and similar activities, and may be disclosed to third parties, including business partners, where appropriate.
4. Legal Grounds for Processing Personal Information
Where required under applicable data protection legislation, the legal bases on which Baseguard processes personal information under this Privacy Policy include the following:
- Performance of Contract. Processing that is necessary to enter into or perform a contract relating to the Services, including the applicable Terms of Service or Master Services Agreement with the Customer.
- Legitimate Interests. Processing that is required for the legitimate interests pursued by Baseguard or a third party, provided that such interests are not overridden by applicable data protection rights. This may include activities such as securing the Services, conducting analytics, undertaking product development, and supporting internal business operations.
- Legal Obligation. Processing that is necessary for compliance with applicable legal or regulatory requirements, including responding to lawful requests from authorities or fulfilling tax, accounting, or reporting obligations.
- Consent. Where required under applicable law, Baseguard may rely on consent as a legal basis for specific processing activities. In such cases, consent will be obtained in accordance with applicable legal requirements.
5. Site Analytics and Advertising
Analytics
Baseguard may engage third-party analytics providers in connection with the Site to collect and evaluate usage data through cookies and comparable technologies. These providers may process information for purposes including analytics, auditing, research, reporting, fraud prevention, and supporting certain Site functionalities.
Where email communications are distributed, Baseguard may utilize analytical tools, such as tracking pixels or similar technologies, to determine whether messages have been opened or whether links or embedded content have been accessed. This information assists in assessing the effectiveness of communications and related outreach activities.
Information regarding the management of cookies and analytics technologies is available in the Cookie Notice.
Online Advertising
In connection with operation of the Site, Baseguard may permit selected third-party advertising technology partners to deploy cookies or similar tracking mechanisms within a browser environment. These third parties may process information as described above for purposes including the delivery of relevant content and advertising across online platforms and the operation of their own tracking technologies.
Information about managing advertising-related cookies and similar technologies is available through industry self-regulatory mechanisms, including applicable digital advertising opt-out programs. Baseguard does not control the availability, accuracy, or participation of third parties in such programs and disclaims responsibility for the functionality of external opt-out mechanisms.
Even where advertising preferences are adjusted through available tools, online advertisements may continue to be displayed, although they may not be tailored based on prior browsing behavior.
Do Not Track
Certain web browsers provide a "Do Not Track" ("DNT") setting that enables users to express a preference regarding tracking activities. While Baseguard offers mechanisms for managing certain categories of data collection and third-party processing as described above, the Services do not currently recognize or respond to browser-based DNT signals.
For clarity, DNT signals are distinct from other browser-level privacy controls or preference signals that may be recognized under applicable data protection laws. Such mechanisms, where applicable, relate to specific legal opt-out rights concerning defined categories of processing, including disclosures or processing activities regulated under applicable law.
6. Disclosure of Information
Baseguard may disclose information in the following circumstances:
- Service Providers. Baseguard may grant access to, or share information with, selected third-party service providers that support the delivery and operation of the Services. These providers may assist with functions such as billing and payment processing (including credit card verification), marketing and business development activities (including data enrichment or lead generation services), content delivery, analytics, research, customer support, data hosting and storage, security operations, infrastructure management, fraud prevention, and legal advisory services.
- Affiliates. Information may be shared within the Baseguard corporate group, including affiliated entities, for operational, administrative, and business continuity purposes.
- Customer Organization. Where the Baseguard Solution is accessed under a Customer account, relevant information relating to Permitted Users may be made available to the applicable Customer organization in order to administer and enforce the governing services agreement and to address matters relating to service usage, support, compliance, or training.
- Protection of Baseguard and Others. Baseguard may access, retain, and disclose information where required by applicable law or where Baseguard reasonably determines that such action is necessary to (a) enforce contractual rights; (b) respond to claims alleging violations of third-party rights; (c) protect the rights, property, or safety of Baseguard, its affiliates, Customers, Permitted Users, or others; or (d) comply with lawful governmental or judicial process, including court orders and official requests issued by competent authorities.
- Requests from Turkish Authorities. Disclosure of information to public authorities in Türkiye shall occur only in accordance with applicable Turkish law and contractual obligations, including but not limited to the Turkish Criminal Procedure Code (Ceza Muhakemesi Kanunu No. 5271), the Law on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu No. 6698 – "KVKK"), and other applicable legislation. Under Turkish law, disclosure of personal data to law enforcement or judicial authorities generally requires a lawful request issued by a competent authority within the scope of its statutory powers. Where disclosure is required pursuant to a valid and enforceable legal request, Baseguard will assess the request for compliance with applicable law prior to responding.
- International Law Enforcement Requests. Requests from authorities outside Türkiye may require formal international legal mechanisms, including mutual legal assistance procedures or other internationally recognized judicial cooperation processes, before disclosure can be made.
- Notification. As a general practice, and to the extent permitted by law, Baseguard will seek to notify the relevant Customer of governmental or law enforcement requests relating to Customer information prior to disclosure, in order to allow the Customer the opportunity to seek appropriate legal remedies. Such notification may be withheld where prohibited by law, where confidentiality obligations apply, where urgent circumstances exist (including risk of serious harm), or where prior notice would compromise the integrity of an investigation.
- Business Transactions. Subject to applicable legal requirements, information may be transferred or made available to third parties in connection with a merger, acquisition, asset transfer, financing transaction, insolvency or bankruptcy proceeding, corporate restructuring, share transfer, change of control, or other significant business transaction involving all or part of Baseguard or its assets. Such disclosure may occur, where appropriate, for purposes of evaluating, negotiating, or completing the relevant transaction or continuing the associated business relationship.
- Aggregate / De-Identified Information. Baseguard may, from time to time, share aggregated or de-identified information relating to use of the Services or overall user activity with business partners or other third parties. Such information will not reasonably identify any specific Customer or Permitted User.
- Disclosure Based on Authorization. In addition to the disclosures outlined in this Privacy Policy, Baseguard may share information with third parties where authorized by the applicable Customer or where such disclosure is otherwise directed by the Customer in accordance with applicable law.
7. Retention of Information
Baseguard retains personal information only for as long as necessary to fulfill the purposes for which it was collected and processed, including to provide the Services, comply with contractual obligations, resolve disputes, enforce agreements, and meet applicable legal or regulatory requirements. The applicable retention period may vary depending on the nature of the information, the context in which it was collected, and relevant statutory obligations.
8. Data Protection Rights
Certain data protection rights may apply in relation to personal information processed by Baseguard, as further described in this section.
Applicable Legal Rights
To obtain additional information regarding applicable data protection rights, or to exercise any such rights, data subjects may contact Baseguard using the details provided in the "Contact Us" section below.
Subject to applicable law, data subjects may have the right to request that Baseguard:
- Provide access to and/or a copy of certain personal information held by Baseguard;
- Correct or update inaccurate or incomplete information;
- Delete personal information where continued retention is not required under applicable law;
- Restrict or object to certain processing activities;
- Withdraw consent where processing is based on consent and where permitted by law.
Baseguard will review all requests and respond within the timeframes required under applicable law. In certain circumstances, some information may be exempt from such requests, including where continued processing is necessary to comply with legal obligations or to protect legitimate business interests. Prior to responding to a request, Baseguard may require verification of identity to ensure the security of personal data.
Where applicable law provides for an appeal mechanism in relation to data protection requests, data subjects may submit a follow-up request using the contact details provided below.
As noted in this Privacy Policy, where Baseguard processes personal data solely on behalf of a Customer in its capacity as a data processor, requests relating to such data should be directed to the relevant Customer organization, which acts as the data controller.
Marketing and Business Communications
Where permitted under applicable law, Baseguard may send marketing or promotional communications relating to the Services or to third-party services that may be relevant to Customers and Permitted Users. Customers and Permitted Users may request that such communications cease at any time by contacting Baseguard using the details provided in the "Contact Us" section below. Marketing email communications may also include an unsubscribe mechanism, which can be used to opt out of future promotional messages.
Notwithstanding any opt-out request, Baseguard may continue to use and disclose certain information as permitted under this Privacy Policy or as required by applicable law. In particular, service-related or transactional communications may continue to be provided, including messages confirming account activity, responding to requests, or providing updates concerning contractual terms or legal notices.
Privacy Preferences
As described in the "Disclosure of Information" section above, certain disclosures of information to advertising, analytics, or data enhancement providers may, under applicable law, be classified as a "sale," "sharing," or other regulated form of processing for targeted advertising purposes. Where such disclosures occur through cookies, pixels, or similar technologies, opt-out preferences may be managed through the cookie management tools made available on the relevant Site. Requests relating to other forms of such disclosures may be submitted by contacting Baseguard using the contact details provided in the "Contact Us" section.
Where applicable law recognizes browser-based opt-out preference signals (such as a global privacy control), Baseguard will honor such signals in accordance with legal requirements.
9. Third Party Websites and Integrations
The Services may include links to third-party websites or integrations with external services. Where access is made to such third-party platforms, Baseguard does not control and is not responsible for their content, security practices, or privacy policies. Any collection, use, or disclosure of information by those third parties is governed by their respective privacy notices and terms, and not by this Privacy Policy. Customers, Permitted Users, and Prospects are encouraged to review the applicable privacy policies of such third-party providers prior to engaging with their services.
10. Location of Processing
Personal information may be processed and stored by Baseguard and its authorized third-party service providers in multiple jurisdictions and may also be maintained, processed, and stored in other locations that may have data protection laws different from those of the data subject's country of residence.
Where cross-border transfers of personal information occur, Baseguard implements appropriate safeguards in accordance with applicable data protection laws governing international data transfers. For example, transfers from jurisdictions requiring enhanced transfer protections to countries not deemed to provide an adequate level of protection may be conducted pursuant to approved transfer mechanisms, including standard contractual clauses incorporated into the applicable Data Processing Addendum with Customers.
11. Security Measures and Safeguards
Baseguard implements a range of technical and organizational security measures designed to safeguard information against loss, misuse, and unauthorized access, disclosure, modification, or destruction. Nevertheless, no method of transmission over the Internet or by email can be guaranteed to be entirely secure or error-free. Accordingly, caution should be exercised when transmitting information electronically.
Additional details regarding Baseguard's security framework and data protection practices are available upon request or through Baseguard's published security materials.
If any unauthorized access to or suspected misuse of a Baseguard account is identified, the matter should be reported promptly using the contact details provided in the "Contact Us" section.
12. Updates to This Privacy Policy
Baseguard reserves the right to modify or update this Privacy Policy at any time in order to reflect changes in applicable law, updates to data processing practices, operational developments, or technological advancements. Any revised version of this Privacy Policy will be made available through the Services. Customers and Permitted Users are encouraged to review this Privacy Policy periodically. The "Effective Date" indicated at the beginning of this document reflects the most recent revision.
Where a material modification is made, Baseguard will provide notice as required under applicable law. Continued use of the Services following the publication of an updated Privacy Policy constitutes acknowledgment of the revised terms.
13. Complaints
Customers may raise any concerns regarding Baseguard's data processing practices directly with Baseguard using the contact details provided in the "Contact Us" section. Baseguard is committed to reviewing and addressing such matters in accordance with applicable contractual obligations and data protection laws.
Where Baseguard acts as a data processor on behalf of a Customer, issues relating to personal data processed under a Customer account should be addressed by the Customer in its capacity as data controller. Baseguard will cooperate with the Customer in responding to such matters as required under the applicable Data Processing Addendum.
To the extent required under applicable data protection legislation, complaints concerning Baseguard's processing activities in its capacity as a data controller may be submitted by the relevant Customer to the competent data protection authority.
14. Contact Information
Baseguard welcomes inquiries, comments, and questions relating to this Privacy Policy and to its data collection and processing practices. For any questions or concerns, please contact us at: legal@baseguard.net