Security

Security is a default, not a setting.

Customs documents carry commercially sensitive data. BeyanKontrol is built so that data stays inside Turkey, under the office's control, and only for as long as the office chooses.

Server location

100%

Storage is your call

TLS 1.3

Encryption in transit

AES-256

Encryption at rest

01 · Data storage

What is kept, and for how long.

Three principles govern how data is handled. None of them require a setting to be turned on.

01Not retained

The original file

The uploaded document is removed the moment analysis completes. It is not written to backups or logs.

02Your preference

Extracted data

Structured results are stored only when the office opts in, and each record can be deleted individually.

03Always yours

The right to delete

Any record can be erased on request. The office holds the final say on retention at all times.

02 · Architecture

Everything runs inside Turkey.

Requests stay within a single region. No document is sent to a cloud provider abroad.

CLIENT

Broker browser

TLS 1.3

CORE · Turkey

BeyanKontrol API

AuthOCRReconcileHistory

OpenAI

Anonymized text

→Documents arrive over TLS 1.3

→Analysis runs on servers inside Turkey

→Only anonymized text fragments reach the AI

←The result lands in your history only if you opted in

03 · Compliance roadmap

Where compliance stands today.

KVKKCompliant by design

Notice, consent and right-to-erase processes are built in.

ISO 27001Preparing

Controls are being documented ahead of certification.

SOC 2Under review

Scope is being assessed for a future audit.

Penetration testingIn pilot

An independent test cycle is running with a security partner.

04 · Technical detail

Two technical questions we get often.

Encryption

How is data encrypted at every point?

Stage	Method	Note
In transit	TLS 1.3	Modern cipher suites only
At rest	AES-256-GCM	Against unauthorized disk access
Backups	AES-256-CBC	Separate key domain
Session	JWT (RS256)	15 minute lifetime, refresh based

Role-based access

Who sees what, who does what?

Role	Upload	View	Manage group	Delete
Broker	✓ own	✓ own	—	✓ own
Group admin	✓ group	✓ group	✓	✓ group
Company admin	✓ all	✓ all in company	✓	✓ all

Disclosure

Spotted a security issue?

Responsible disclosure is welcome. Write to the address below and a person on the team will respond.

[email protected]

We share our PGP key on request.

Catch the errors before customs does.

Setup takes a couple of minutes. Your first analysis is returned within minutes.

Get started Sign in