Legal
🌐 TürkçeSecurity Policy
Effective date: 03.07.2026
Data Controller / Business
- Legal name:
- Senem ÖZDEN (Stok Gözlük operator of the platform)
- Address:
- Alacaatlı Mahallesi 3279. Sokak, Siyah İnci Sitesi No:1 B Blok Kat:4 Daire:14, Çayyolu / Ankara
- Tax No:
- 51850314816 — Doğanbey Vergi Dairesi
- Contact:
- kvkk@stokgozluk.com
At Stok Gözlük, security is the most critical layer in protecting money and data. This page summarizes the technical and administrative measures we take.
1. Security of Money (Escrow Model)
- All payments are held in the escrow account of a payment institution licensed under Law No. 6493; the Platform does not touch customer funds.
- The escrow is released only upon the buyer's delivery confirmation (or the expiry of the 72-hour period); it is frozen immediately in a dispute.
- All money movements are kept in a double-entry ledger and undergo automatic reconciliation every day — a discrepancy of even one kuruş does not close the day.
2. Card and Financial Data
- Card details never reach the Platform's servers at any stage; collection takes place on the payment institution's PCI-DSS-compliant secure page.
- Only the transaction reference and a masked summary are stored on the Platform.
- Sensitive operations such as IBAN changes are subject to additional verification.
3. Account Security
- Passwords are stored irreversibly with the argon2id algorithm; no employee can see your password.
- Registration and critical operations are tied to SMS verification (OTP); codes are stored encrypted and expire within 5 minutes.
- Session keys are short-lived; a notification is sent on suspicious logins.
4. Infrastructure and Monitoring
- All traffic is encrypted with TLS; API requests are protected with rate limits.
- Every critical and financial transaction is written to an immutable audit log.
- Fraud patterns (rate anomalies, attempts to leak contact information, suspicious matches) are monitored automatically.
- Data is backed up regularly; disaster recovery procedures are defined.
5. In-Platform Security Rules
- Only verified optical businesses that have passed document review can transact.
- There is no free-form communication channel between parties; attempts to share contact information are blocked and are treated as a violation.
- Reports of suspected counterfeiting are reviewed through a dedicated flow; confirmed violations result in permanent membership cancellation.
6. Vulnerability Reporting (Responsible Disclosure)
If you believe you have discovered a security vulnerability, please report it with details to kvkk@stokgozluk.com without exploiting it. For good-faith reports, we undertake to respond within 48 hours and to work with you in coordination until the fix is completed.
