ARCHMIR

[ Initializing System Architecture ]

🚀 Big News: Archmir is now officially a Google Cloud Scale AI Tier Partner, accelerating our innovation with enterprise-grade AI infrastructure. Learn More →

Privacy & Information Security Policy

1. PURPOSE, SCOPE AND LEGAL BASIS

1.1 Purpose

This Privacy and Information Security Policy ("Policy") aims to ensure that personal data processed within the scope of the use of AI-based vehicle damage detection API services, website, and all related digital services ("Services") offered by Archmir Teknoloji A.Ş. ("Archmir", "Company" or "We") is processed, stored, protected, and secured in accordance with the Law on Protection of Personal Data No. 6698 ("KVKK"), the European Union General Data Protection Regulation ("GDPR"), and related secondary legislation.

1.2 Scope

This Policy covers:

  • Corporate customers signing a contract with Archmir (insurance companies, fleet management companies, car rental firms, services, etc.),
  • Authorized users of our customers (adjusters, operations teams, etc.),
  • All real persons using Archmir's website and APIs,
  • Archmir's business partners, suppliers, and visitors.

1.3 Legal Basis

Personal data is processed based on one or more of the following legal grounds, primarily within the framework of KVKK Art. 5 and Art. 6: establishment or performance of a contract, fulfillment of legal obligations, establishment, exercise or protection of a right, our legitimate interests, or explicit consent.

2. DEFINITIONS AND ROLES

2.1 Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Special Categories of Personal Data: Qualified data such as race, ethnic origin, political opinion, health information, biometric data, etc.
  • Data Controller: The natural or legal person who determines the purposes and means of processing personal data.
  • Data Processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority given.
  • Customer: The legal entity signing the Service Agreement with Archmir (insurance company, fleet rental company, etc.).
  • Customer Data: Any image, video, text, log, and metadata uploaded to the Services by the Customer.

2.2 Role of Archmir

Archmir acts as the "Data Controller" regarding its own employees, suppliers, and corporate business processes, and as a "Data Processor" by default regarding images and related insurance/service operation data uploaded to Archmir APIs by Customers. To the extent Archmir wishes to use Customer Data to train and improve its models, it processes such data as a Data Controller on its own behalf after such data is anonymized and disassociated from any identifiable person.

3. PROCESSED DATA CATEGORIES

The following data categories may be processed by Archmir:

3.1 Corporate Customer Data

  • Company title, tax ID number, MERSIS number,
  • Authorized person name/surname details, title/position,
  • Corporate email addresses, phone numbers,
  • Contract and billing information, API keys, customer IDs.

Legal Basis: Establishment or performance of a contract (KVKK Art. 5/2-c), legal obligation (Art. 5/2-ç).

3.2 Visual Vehicle Data

  • Exterior vehicle photos, videos, damage area images,
  • Images subject to pre/post-damage comparison.

Legal Basis: Performance of the contract, legitimate interest (KVKK Art. 5/2-f), legal obligations.

3.3 Vehicle Metadata

  • Vehicle Identification Number (VIN),
  • License plate information (before processing),
  • Location (GPS coordinates),
  • Date/time stamp, file reference numbers.

3.4 Usage and Log Data

  • API request logs, IP addresses,
  • Device and browser information (User-Agent),
  • Error logs, security logs,
  • Authentication and session login/logout logs.

Legal Basis: Ensuring data security, legitimate interest (KVKK Art. 5/2-f).

3.5 Important Note on Biometric Data

Archmir's AI models are designed solely to detect vehicle damage and do not aim to analyze human faces or biometric data suitable for identification. Due to system architecture, human faces and license plates in uploaded images are automatically detected and irreversibly anonymized via masking/blurring before being permanently stored. These anonymization processes are carried out at the earliest possible stage, mostly on temporary memory (RAM).

4. PURPOSES OF PROCESSING PERSONAL DATA

Collected personal data is processed for the following purposes:

4.1 Service Provision and Business Processes

  • Damage detection analysis and scoring,
  • Repair/replace recommendation and estimated cost calculation,
  • File-based report generation and presentation to the customer,
  • Management of the customer account, ensuring integrations.

4.2 Development of AI Models (R&D)

  • Using only anonymized and unidentifiable images,
  • To increase the accuracy of damage detection algorithms,
  • To learn new damage types,
  • To optimize model performance (precision/recall, F1, etc.).

Since anonymized data ceases to be personal data within the meaning of KVKK, it falls outside the scope of KVKK. Archmir reserves the right to dispose of this anonymous data as a data controller in its R&D processes.

4.3 Security and Fraud Prevention

  • Detection of abnormal or suspicious requests to the API,
  • Prevention of unauthorized access attempts (e.g., claim_id guessing),
  • Detection of manipulated images (deepfake damage, fake photos, etc.),
  • Execution of authentication and access control operations.

4.4 Fulfillment of Legal Obligations

  • Meeting requests from regulatory authorities,
  • Storing logs and records that constitute evidence in dispute and litigation processes,
  • Fulfillment of financial and accounting obligations.

5. DATA TRANSFER AND THIRD PARTIES

5.1 Domestic Transfer

Personal data may be transferred to the following recipient groups in accordance with KVKK Art. 8:

  • Service Providers / Data Processors: Cloud storage data centers, identity/security infrastructure providers, log/monitoring services, support suppliers.
  • Our Customers: Damage files and analysis outputs are presented to the final beneficiaries of the Service (insurance companies, experts, etc.).
  • Authorized Institutions: Data transfer may be made to authorized public institutions and judicial authorities upon request.

5.2 International Transfer

To the extent Archmir locates its data centers and/or backup systems abroad, it ensures compliance with KVKK Art. 9 by working with service providers in safe countries, obtaining explicit consent, or providing necessary guarantees via standard contractual clauses.

6. TECHNICAL AND ADMINISTRATIVE SECURITY MEASURES

  • Encryption: TLS 1.2/1.3 for transit, AES-256 for storage.
  • Access Control: RBAC, Least Privilege, MFA, strong password policies.
  • Network Security: Firewalls, WAF usage, regular vulnerability scans, IDS/IPS.
  • Penetration Tests: Periodic independent penetration tests.
  • Anonymization: Irreversible masking of license plates/faces at ingestion layer.
  • Administrative: NDAs, KVKK training, incident response procedures.

7. DATA RETENTION AND DESTRUCTION

7.1 Retention Periods

  • Transaction Data and Customer Files: Stored for the contract duration plus general statute of limitations (typically 10 years).
  • Anonymous Training Data: May be stored indefinitely for AI development.
  • Logs: Stored for reasonable periods considering legal obligations.

7.2 Deletion and Anonymization

Data whose retention period has expired is destroyed via deletion, destruction, or irreversible anonymization. Upon customer request or contract termination, processed data is deleted or anonymized within a reasonable time unless agreed otherwise.

8. DATA SUBJECT RIGHTS AND APPLICATION

Under KVKK Art. 11, data subjects have the right to request information, correction, deletion, objection to automated results, and compensation for damages. Requests can be sent to [email protected] via KEP or registered email. Archmir will conclude applications within 30 days.

9. AUTOMATED DECISION MAKING AND "HUMAN-IN-THE-LOOP"

Archmir Services are decision support systems. API outputs do not constitute a final and binding decision. The final operational decision rests with the human operator. Customers are advised to define confidence score thresholds for human review.

10. COOKIES

Cookies and similar technologies may be used for user experience and security. Details are announced in a separate Cookie Policy.

11. UPDATES

Archmir may update this Policy based on legal/technical requirements. The current version is always published on our website.

12. CONTACT

Archmir Teknoloji A.Ş.
Email: [email protected]
Web: https://archmir.com

13. DISCLAIMER

This Policy is for informational purposes; customers are advised to seek independent legal counsel for full compliance.

Effective Date: December 09, 2025 / Version: 2.0

Loading Platform Architecture...

Developer-First API.

Integrate complex workflows with minimal code. Built for speed, reliability, and scale.

  • Strict JSON contracts with confidence scores and masks.
  • Webhooks, idempotency keys, and robust error models.
  • Sandbox environment for rapid prototyping and testing.
View Documentation Request API Key

$ curl -X POST initialize_workflow.sh

curl -X POST https://api.archmir.net/v1/workflow/execute \
  -H "Authorization: Bearer $ARCHMIR_API_KEY" \
  -F "input_file=@/data/evidence_package.zip" \
  -F "workflow_config={\"id\":\"claims_automation_v3.1\",\"async\":true}"

VERIFIED PROGRAM MEMBER

Official Google for Startups
Scale AI Partner

Selected by Google for our high-growth potential and AI innovation. Powered by dedicated cloud resources, premium technical support, and enterprise-grade AI infrastructure.

Scale AI Program Tier
Enterprise Cloud Infrastructure
2025 Certified
Verified Partner

Execute at the speed of light.

Deploy the Archmir architecture into your operations. Contact our solutions team.