KVKK & GDPR Compliant Turkey Data Center 24/7 Support
+90 850 455 35 01 | destek@mxgate.com.tr
MXGate
Türkçe Contact

Core Principle: Data Minimization + Purpose Limitation

At MXGate, we only process and store the minimum data necessary for service delivery. Email contents are analyzed in real-time and never permanently stored.

Data Controller / Service Provider

Company: İnetmar İnternet Hizmetleri Bil. Tek. San. Tic. Ltd. Şti.

Address: Mansuroğlu Mah, 286/1 Sokak No:16, Bayraklı / İzmir

Phone: +90 850 455 35 01

E-posta: destek@mxgate.com.tr

Processed Data Types and Retention Periods

Data Type Processed? Stored? Retention Period
Email Content Real-time filtering Not permanently stored 0
Header Information 30-90 days
IP Address 30-90 days
SPF/DKIM/DMARC Result 90 days
Quarantined Email (Customer preference) 7-30 days

Important: MXGate does not permanently store email contents and does not display them outside of analysis purposes. Only technical metadata and header information are retained temporarily.

Technical Security Layers

1. SMTP Proxy Layer

  • Email content processed in RAM
  • Content not written to disk
  • Only log metadata retained

2. Log Layer

  • Stored on separate log server
  • AES-256 disk encryption
  • Role-based access control (RBAC)

3. Customer Isolation

  • Domain-based logical separation
  • Each customer only accesses their own logs
  • Multi-tenant with mandatory data isolation

Security Measures

TLS Mandatory
Inbound/Outbound encryption
2FA
Log access two-factor authentication
Audit Logs
Admin activities logged
Rate Limiting
API access limits
IP Anonymization
Optional during export
Auto-Deletion
Cron-based retention enforcement

Data Processing Agreement (DPA)

As Data Processor

The Service Provider processes personal data on behalf of the Data Controller solely for technical transmission, spam filtering, threat analysis, and delivery verification purposes within the scope of email security services.

Service Provider Commitments:

  • Does not permanently store email contents
  • Only processes header and technical metadata
  • Does not use data for other purposes
  • Does not share with third parties
  • Provides written notification if sub-processor used

Processed Data Types

  • Email addresses
  • IP addresses
  • Mail header information
  • Security scores
  • SPF/DKIM/DMARC results

Retention Period

Header and log data are stored for a maximum of 90 days and automatically deleted.

90 days
Maximum retention period

Data Breach Notification

In case of a potential data breach:

  • 72h — GDPR Compliant Notification: Data Controller informed within 72 hours
  • KVKK: Notification made within reasonable time

Data Subject Rights

Under KVKK and GDPR, data subjects have the right to:

  • Learn if their data is being processed
  • Request correction
  • Request deletion or destruction
  • Object to processing

* These requests are processed through the relevant Data Controller (customer organization).

Have Data Privacy Questions?

Contact us for questions about GDPR and data privacy.

1000+ enterprise customers
trust MXGate