Built on trust
Merchants trust platforms that handle money, orders, and customer data reliably. Here is exactly how we protect yours — and what is live versus on our roadmap.
FaStart secures merchant and customer data with KVKK compliance (live), iyzico 3D Secure card payments where card data never touches FaStart (live), per-store data isolation, and a published policy of not training public AI models on your data. ISO 27001/27701 certifications are on the roadmap.
Our security & compliance pillars
Every pillar carries an explicit status label — no claim is ever overstated.
KVKK & Data Protection
FaStart Teknoloji A.Ş. processes personal data under Turkey’s KVKK (Law No. 6698). Our privacy notice, cookie policy, and a data-subject rights channel are live.
Payment Security
Card payments run on iyzico with 3D Secure. Card data is held by iyzico (PCI-DSS); FaStart does not store card details and is not in the payment-collection flow.
Infrastructure & Data Handling
Data is encrypted in transit (TLS/HTTPS) and access is restricted via authorization. Store and customer data are isolated per-store in a multi-tenant architecture.
AI & Bot Transparency
We do not train public AI models on your merchant or customer data. Our AI crawling and usage policy is published openly at /ai.txt and /llms.txt.
Certifications & Compliance
KVKK compliance is live today. We do not currently hold any information-security certification; ISO 27001 / ISO 27701 are on our roadmap and we will update this page transparently as each is achieved.
Processed under KVKK (Law No. 6698)
We process personal data with explicit consent and published notices, and there is a dedicated channel for your data-subject rights.
- Data-subject requests: privacy@fastart.co
- Explicit consent on forms
- KVKK, cookie, and distance-sales texts under /policies
Card data never touches FaStart
Card payments run on iyzico with 3D Secure. The PCI-DSS obligation is met on the iyzico side, and FaStart is not the party that collects funds.
- 3D Secure, saved cards, installments, refunds/settlement
- PCI-DSS compliance handled by iyzico
- Seller-connected POS model (FaStart doesn’t collect funds)
Encrypted transit, per-store isolation
Data is encrypted in transit with TLS/HTTPS; each store’s data is isolated in a multi-tenant architecture and access is restricted with role-based authorization.
- TLS/HTTPS encryption in transit
- Per-store data isolation
- Role-based access control
Your data is not used for model training
We do not use your customer and order data to train public AI models. Our AI crawling and usage policy is published in machine-readable form.
- Customer/order data is not used for model training
- Published AI usage policy (/ai.txt)
We don’t claim certifications we don’t hold
KVKK compliance is live today. We do not currently hold any information-security certification; ISO 27001 / ISO 27701 are on our roadmap, and we update this page transparently as each is achieved.
- KVKK compliance — live
- ISO 27001 / 27701 — in progress
Frequently asked questions
Who stores my card data?
Card data is held by iyzico under PCI-DSS. FaStart does not store raw card numbers and is not in the payment-collection flow — it only uses the token reference iyzico returns.
Under which law do you process personal data?
We process personal data under Turkey’s KVKK (Law No. 6698). The privacy notice, cookie policy, and distance-sales agreement are live under /policies, and we receive data-subject requests at privacy@fastart.co.
Does FaStart hold an information-security certification?
We do not currently hold any information-security certification. KVKK compliance is live today; ISO 27001 / ISO 27701 are on our roadmap, and we update this page honestly as each is achieved.
Is my data used for model training?
No. We do not train public AI models on your merchant or customer data. Our AI crawling and usage policy is published openly at /ai.txt and /llms.txt.
How do I report a security vulnerability?
Reach us at contact@fastart.co or via our contact form. We take reports seriously and respond quickly.
Have questions?
We are happy to clarify anything about security, KVKK, or the payment flow.