V Vidlens
Try free
We use cookies. Strictly necessary cookies keep Vidlens working (login, security). With your consent, we also use functional cookies (your preferences) and privacy-focused analytics (no raw IP, no ad tracking). See our Cookie Policy.
Legal

Data Processing
addendum.

Last updated: June 29, 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between KASOFT Teknoloji ve Yazılım Limited Şirketi ("Vidlens", "Processor") and the customer ("you", "Controller") and applies to the processing of personal data carried out by Vidlens on your behalf. It is designed to meet the requirements of the EU General Data Protection Regulation (GDPR) Article 28 and the Turkish Personal Data Protection Law (KVKK).

01

Roles of the Parties

For personal data that you submit or that we collect on your behalf — such as data about your YouTube channel viewers, subscribers, and audience analytics — you act as the Data Controller and Vidlens acts as the Data Processor. For data we collect about you directly as our customer (your account, billing, and usage), Vidlens acts as the Controller, governed by our Privacy Policy.

02

Subject Matter and Duration

Vidlens processes personal data only for the duration of your account and only to provide the contracted services: YouTube SEO analysis, keyword research, competitor tracking, video performance monitoring, A/B testing, and AI-assisted content tools. Processing ends when you delete your account or disconnect a channel, at which point associated data is deleted.

03

Categories of Data and Data Subjects

Data subjects: your YouTube channel's viewers and subscribers (in aggregate and anonymized form), and you as the account holder.

Categories of data: aggregated and anonymized audience analytics (age bands, gender distribution, geographic regions, device types, traffic sources), video performance metrics, channel statistics, and OAuth tokens used solely to access the YouTube API on your authorization. Vidlens does not process special categories of personal data.

04

Processor Obligations

Vidlens shall:

  • process personal data only on your documented instructions, including through your use of the service;
  • ensure that personnel authorized to process the data are bound by confidentiality;
  • implement appropriate technical and organizational security measures (see Section 06);
  • not engage another processor without your general authorization and notice of changes;
  • assist you in responding to data subject rights requests;
  • assist you with data protection impact assessments and breach notifications;
  • delete or return all personal data at the end of the service, unless retention is required by law;
  • make available the information necessary to demonstrate compliance and allow for audits.
05

Sub-Processors

Vidlens uses the following categories of sub-processors to deliver the service: cloud hosting and database infrastructure, AI model providers (for content suggestions and analysis), email delivery services, and payment processors. The current list of sub-processors is available on request. We will give you notice before adding or replacing a sub-processor so you may object on reasonable data-protection grounds.

06

Security Measures

Vidlens maintains technical and organizational measures including: encryption of sensitive credentials at rest, TLS encryption in transit, access controls and role-based permissions, session protection (rotation, fingerprinting, CSRF tokens), audit logging of administrative actions, rate limiting, brute-force protection, and regular security review. We do not store raw IP addresses or full user-agent strings for analytics purposes.

07

Data Subject Rights

Vidlens provides tools enabling you to fulfill data subject rights: account holders can export their data in a machine-readable format and request full deletion directly from their profile settings. When you delete your account or disconnect a channel, all associated personal data is permanently deleted and YouTube authorization is revoked with Google. Financial records are anonymized but retained where required by tax law.

08

International Transfers

Where personal data is transferred outside the EEA, the UK, or Türkiye, Vidlens ensures an appropriate transfer mechanism is in place, such as Standard Contractual Clauses or an adequacy decision.

09

Data Breach Notification

Vidlens will notify you without undue delay after becoming aware of a personal data breach affecting your data, providing information sufficient to allow you to meet your own notification obligations under applicable law.

10

Contact

For DPA-related questions or to request the sub-processor list, contact us at info@vidlens.app, or by mail at İnkılap Mah. Dr. Adnan Büyükdeniz Cad. 2. Blok No: 4/22, 34768 Ümraniye/İstanbul, Turkey.

This DPA is a template provided for convenience and should be reviewed by qualified legal counsel before being relied upon. It does not constitute legal advice.

Privacy Policy · Terms of Service