PLATFORM
SOLUTIONS
RESOURCES
DATA & API SERVICES

PLATFORM

The Deepinfo Platform brings together five integrated modules that share the same data foundation, the same continuous monitoring engine, and the same intelligence. Each module delivers specialist depth in its domain. Together, they cover your entire external threat exposure.
GO TO DETAILS
EXTERNAL ATTACK SURFACE MANAGEMENT
See Your Entire Attack Surface. Act on What Matters.
CYBER THREAT INTELLIGENCE
See What's Already Exposed. Act Before It's Exploited.
BRAND RISK PROTECTION
Keep an Eye on the Internet. Protect Your Brand.
THIRD-PARTY RISK MANAGEMENT
Every Third Party Carries Risk. See All of It.
DEEP SEARCH & INSIGHTS
Explore the Entire Internet. See Every Layer.

PLATFORM

EXTERNAL ATTACK SURFACE MANAGEMENT
See Your Entire Attack Surface. Act on What Matters.
CYBER THREAT INTELLIGENCE
See What's Already Exposed. Act Before It's Exploited.
BRAND RISK PROTECTION
Keep an Eye on the Internet. Protect Your Brand.
THIRD-PARTY RISK MANAGEMENT
Every Third Party Carries Risk. See All of It.
DEEP SEARCH & INSIGHTS
Explore the Entire Internet. See Every Layer.

DATA & API SERVICES

DATA FEEDS
Bulk Internet Data. Complete, Fresh, and Ready to Use.
API SERVICES
Integrate the Internet's Deepest Data Into Anything You Build.

SOLUTIONS

RESOURCES

INTERNET INSIGHTS
See the data, get the insights!
API DOCS
Learn everything smoothly
BLOG
Don’t miss reading our blog!

Privacy Policy

Dofo Teknoloji Anonim Şirketi (dba Deepinfo)

Last Updated: March 11, 2026

Effective Date: March 11, 2026

Dofo Teknoloji Anonim Şirketi, doing business as Deepinfo ("Deepinfo," "we," "us," or "our"), is committed to protecting the privacy of individuals who visit our website, use our platform, or otherwise interact with our services. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our Services.

This Privacy Policy applies to all Deepinfo services, including the Deepinfo Platform, Data Feeds, API Services, and the website at deepinfo.com.

 

1. Data Controller

The data controller responsible for the processing of your personal data is:

Dofo Teknoloji Anonim Şirketi (dba Deepinfo)

Email: [email protected]

Website: https://deepinfo.com

Registered Address: Necip Fazıl Mah. Günbatımı Sok. No:1, Ümraniye / Istanbul / Türkiye

If you are located in the European Economic Area, you may contact us at [email protected] regarding data protection inquiries.

 

2. Data We Collect

We collect the following categories of personal data:

2.1 Account Information

When you create an account or request a demo, we collect your name, email address, company name, job title, and phone number (if provided).

2.2 Usage Data

We collect information about how you interact with the Services, including features used, searches performed, pages visited, and timestamps of activity. This may include login activity, account events, report generation events, API usage events, alert interactions, and other service interaction records.

2.3 Technical Data

We automatically collect technical information when you access the Services, including IP address, browser type and version, device type, operating system, and referring URLs. We may also collect diagnostic information, log files, cookie identifiers, session identifiers, and security telemetry necessary to operate and protect the Services.

2.4 Payment Data

When you purchase a subscription, we collect billing information such as billing address and payment method details. Payment processing is handled by third-party payment processors, and we do not store full credit card numbers on our systems.

2.5 Communication Data

When you contact us via email, live chat, or forms on our website, we collect the content of your communications along with associated metadata (sender, timestamp).

2.6 Customer-Submitted Data

Customers may submit organizational data to the Platform, such as domain lists, asset inventories, and third-party vendor information. This data is processed solely to deliver the Services. Depending on how customers use the Services, such data may contain personal data. Customers are responsible for ensuring they have an appropriate legal basis for submitting personal data to the Services.

2.7 Publicly Sourced and Threat Intelligence Data (OSINT)

To provide Cyber Threat Intelligence, Deep Search, and Attack Surface Management, we systematically scan, crawl, and index public internet data. This may indirectly include personal data contained within publicly accessible records, such as WHOIS domain registration details, historical DNS records, publicly accessible breach datasets, third-party threat intelligence data lawfully obtained from external providers, and publicly visible technical infrastructure identifiers.

 

3. How We Collect Data

We collect personal data through the following methods: (a) directly from you when you create an account, submit forms, or communicate with us; (b) automatically when you access and use the Services through cookies, server logs, and similar technologies; (c) from third-party sources, such as business contact databases, where permitted by applicable law; and (d) from automated scanning, collection, crawling, and indexing of public internet infrastructure, open-source intelligence (OSINT) repositories, and third-party threat feeds.

We may also generate data internally through service logs, security monitoring systems, analytics tools, and abuse-prevention mechanisms.

 

4. Purpose of Processing

We process personal data for the following purposes:

Service Delivery. To provide, maintain, and improve the Services, including account management, platform access, data feed delivery, and API access.

Threat Intelligence Aggregation. To compile, analyze, and distribute cybersecurity intelligence, detect vulnerabilities, and identify exposed digital assets to protect organizational networks.

Communication. To respond to inquiries, provide customer support, send service-related notifications, and deliver requested information such as demo schedules and threat exposure reports.

Security. To detect and prevent fraud, unauthorized access, and other security threats to the Services and our infrastructure. This includes detecting abuse, preventing unauthorized access, securing customer accounts, maintaining infrastructure resilience, investigating suspicious activity, and enforcing our terms and policies.

Analytics. To understand how the Services are used, identify trends, and improve functionality and user experience.

Compliance. To comply with applicable legal obligations, including tax, accounting, and regulatory requirements.

Marketing. To send product updates, newsletters, and promotional communications where you have provided consent or where permitted by applicable law. You may opt out of marketing communications at any time. Where required by applicable law, we will obtain consent before sending marketing communications or placing non-essential cookies and similar technologies.

 

5. Legal Basis for Processing

Under the GDPR, the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK"), and other applicable laws, we process personal data based on one or more of the following legal grounds:

Contract Performance. Processing necessary to perform our contractual obligations to you, including providing the Services and managing your account (Article 6(1)(b) GDPR).

Legitimate Interest. Processing necessary for our legitimate business interests, such as improving the Services, ensuring platform security, conducting analytics, and aggregating publicly available cybersecurity threat intelligence to prevent cyberattacks and fraud, where such interests are not overridden by your rights and freedoms (Article 6(1)(f) GDPR and Recital 49).

Consent. Where we rely on your consent to process personal data, such as for marketing communications, you have the right to withdraw consent at any time (Article 6(1)(a) GDPR).

Legal Obligation. Processing necessary to comply with applicable laws and regulations (Article 6(1)(c) GDPR).

Where required by applicable law, including under KVKK, additional legal bases or notification requirements may apply depending on the specific processing activity.

 

6. Data Sharing

We do not sell personal data to third parties. We may share personal data in the following circumstances:

Service Providers. We share personal data with third-party service providers who assist us in operating the Services. These may include cloud hosting providers, infrastructure and monitoring vendors, payment processors, analytics providers, communication tools, customer support tools, identity and authentication providers, and professional advisers. These providers are contractually obligated to process personal data only on our behalf and in accordance with our instructions.

Legal Requirements. We may disclose personal data if required by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Deepinfo, our customers, or the public.

Business Transfers. In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction. We will notify you of any such transfer and any changes to applicable privacy practices.

We may also share personal data within our corporate structure and with affiliated service entities where necessary to operate the Services, provide support, manage billing, maintain security, or comply with legal obligations.

 

7. International Data Transfers

Deepinfo is headquartered in Turkey and may process personal data in other jurisdictions where its personnel, affiliated service entities, subprocessors, or infrastructure providers operate.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to countries that have not received an adequacy decision from the relevant authority, we implement appropriate safeguards where required by applicable law, including Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

Turkey has not received a GDPR adequacy decision from the European Commission. Accordingly, where personal data is transferred from the European Economic Area to Turkey, Deepinfo relies on appropriate safeguards and supplementary measures where required.

 

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Account information is retained for the duration of your account and for a period of 24 months after account closure, unless longer retention is required by law. Usage and technical data is retained for up to 24 months for analytics purposes. Threat intelligence data derived from public sources is retained as long as it remains relevant for historical cybersecurity analysis and threat modeling. Payment records are retained as required by applicable tax and accounting laws.

When personal data is no longer required, it is securely deleted, de-identified, or anonymized, unless retention is required or permitted for legal compliance, dispute resolution, fraud prevention, security, backup integrity, or enforcement of our agreements.

Aggregated and anonymized data that does not identify individuals may be retained for a longer period for analytics, security research, service improvement, benchmarking, and statistical purposes.

 

9. Your Rights

Under the GDPR and the KVKK, you have the following rights regarding your personal data:

Right of Access. You have the right to request a copy of the personal data we hold about you.

Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure. You have the right to request deletion of your personal data where there is no compelling reason for continued processing.

Right to Restriction. You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object. You have the right to object to processing of your personal data based on legitimate interests (including our threat intelligence data indexing) or for direct marketing purposes.

Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law. We may request additional information to verify your identity before processing certain requests.

 

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect technical data, remember your preferences, and improve the Services. We may use first-party and third-party cookies, SDKs, pixels, scripts, local storage, and similar technologies for authentication, security, analytics, performance, and marketing purposes.

Essential Cookies. Required for the Services to function properly, including authentication, session management, and security. These cannot be disabled.

Analytics Cookies. Used to understand how the Services are used and to improve functionality. These cookies collect anonymized usage data. We may use analytics providers or similar tools to understand website traffic, page interactions, service usage, and performance trends. These tools may collect information such as page views, browser type, device characteristics, approximate location, and referring URLs.

Marketing Cookies. Used to deliver relevant advertisements and measure the effectiveness of marketing campaigns. These are only set with your consent.

You can manage your cookie preferences through your browser settings or through the cookie consent mechanism displayed when you first visit our website. Disabling certain cookies or similar technologies may affect the functionality, performance, or availability of some parts of the Services.

Additional information about our use of cookies may be provided in a separate Cookie Notice published on our website.

 

11. Security Measures

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, destruction, misuse, and unlawful processing. These measures may include encryption in transit and at rest, identity and access controls, least-privilege principles, logging and monitoring, vulnerability management, network protections, backup controls, incident response procedures, and personnel awareness measures.

While we take reasonable steps to protect personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security of personal data.

 

12. Children’s Privacy

The Services are intended for business and professional use and are not directed to children. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such data promptly. If you believe that we have collected personal data from a child, please contact us at [email protected].

 

13. Third-Party Links

The Services may contain links to third-party websites or services. This Privacy Policy does not apply to third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

If you interact with third-party websites, integrations, or services linked from our platform or website, your data may be processed under those third parties’ own terms and privacy policies.

 

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our website and, where practicable, by email notification at least 30 days before the changes take effect.

The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised. Where required by applicable law, we will obtain consent or provide additional notice before applying material changes that affect how personal data is processed.

 

15. Supervisory Authority

If you are located in the European Economic Area, the United Kingdom, or Switzerland and believe that our processing of your personal data violates applicable data protection law, you may have the right to lodge a complaint with the competent supervisory authority in your place of residence, work, or the place of the alleged infringement.

If you are located in Türkiye, you may have the right to lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu).

 

16. Contact

For questions about this Privacy Policy or to exercise your data protection rights, please contact us at:

Dofo Teknoloji Anonim Şirketi (dba Deepinfo)

Registered Address: Necip Fazıl Mah. Günbatımı Sok. No:1, Ümraniye / Istanbul / Türkiye

Data Protection Contact: [email protected]

Website: https://deepinfo.com

PLATFORM

EXTERNAL ATTACK SURFACE MANAGEMENT
CYBER THREAT INTELLIGENCE
BRAND RISK PROTECTION
THIRD-PARTY RISK MANAGEMENT
DEEP SEARCH & INSIGHTS

DATA & API SERVICES

DATA FEEDS
API SERVICES

RESOURCES

INTERNET INSIGHTS
API DOCS
BLOG

COMPANY

ABOUT
CUSTOMERS
CAREERS
CONTACT
Terms & ConditionsPrivacy Policy