Publication Date: 14.11.2025

At Gate TR, we see the protection of our users’ assets and personal data as an essential part of our operations and a corporate priority. We consider information security not just a technical requirement but a key element of our sustainable service quality and user trust.

In this context, Gate TR places information security at the center of its corporate governance model and designs all processes in line with SPK 35-1 and 35-2 regulations, KVKK obligations, ISO/IEC 27001 & 27002 standards, and global cybersecurity best practices.

Our Approach to Information Security

Gate TR’s entire technological infrastructure and operational processes are designed according to the “Defense in Depth” principle. This principle ensures that all security controls—from identity verification and data access to application development and network architecture—operate in an integrated, layered, and continuously monitored structure.

In this framework:

• User data and transaction data are encrypted with modern cryptographic standards and can only be accessed by authorized roles in production systems.
• Our systems follow a Zero Trust model, allowing only verified users, devices, and sessions.
• Critical infrastructure components are protected by multi-layer firewalls, WAF, behavioral analysis systems, and advanced threat detection mechanisms.
• Our platform is regularly tested through independent penetration tests, code security analyses, and infrastructure resilience tests.
• Backup, disaster recovery, and business continuity mechanisms are regularly tested and aligned with SPK continuity requirements.

This approach ensures that our users’ assets and data are protected at the highest security level.

Data Privacy and User Rights

Gate TR processes customer personal data in full compliance with KVKK and relevant regulations. Data privacy processes follow the principles of:

• Minimum data processing,
• Transparency and accountability,
• Secure storage, encryption, and access control,
• Regular data retention–destruction cycles.

To eliminate unauthorized access risks, we use mechanisms such as multi-factor authentication, role-based authorization, and access monitoring.

Business Continuity and Infrastructure Security

Gate TR has built all operations to be resilient against possible interruptions, cyberattacks, and technical failures to ensure uninterrupted service continuity. In this scope:

• Backups of production systems are stored in encrypted form and regularly tested with restoration processes.
• Disaster recovery plans are designed to ensure uninterrupted operation of critical services.
• Critical infrastructure components operate with multi-zone and multi-environment support.
• System performance, security incidents, and network traffic are monitored 24/7.

This structure ensures that Gate TR users can access their assets and transactions without interruption.

Management Commitment

Gate TR management adopts information security as a strategic priority and commits to providing all necessary resources for the safety of our users.

All employees and suppliers are required to comply with the Gate TR Information Security Policy.

Our corporate security culture is built not only on technological investments but also on a governance approach based on transparency, ethical behavior, and user trust.

The trust of our users is the top priority of Gate TR.

Gate TR Management