Privacy Policy

Last Updated: April 4th, 2026

This Privacy Policy explains how SkyReady Teknoloji ve Danışmanlık A.Ş. ("Company," "we," "us," or "our") collects, uses, discloses, stores, and protects personal data when you access or use our websites, platforms, applications, and services, including SkyReady.ai, PartsCollab.com, and related mobile applications (collectively, the "Services").

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined here have the meanings set forth in the Terms of Service.

1. Scope

This Privacy Policy applies to:

• Visitors to our websites;
• Registered users and workspace members;
• Customers acting through authorized Users;
• Communications conducted via the Platform, App, or email.

It does not apply to third-party websites, services, or platforms linked from the Services.

2. Data We Collect

2.1. Information You Provide Directly

We may collect the following categories of personal data when you register, use, or communicate through the Services:

• Account Information: name, email address, phone number, company name, role, credentials
• Workspace Data: user roles, permissions, activity logs
• Communications: messages, emails, RFQs, quotations, inquiries
• Support Requests: information provided when contacting support
• Payment Information: billing contact details (payment processing handled by third-party providers such as Stripe)

The Company does not store full credit card numbers or banking credentials.

2.2. Content and Commercial Data

When Users upload or exchange information through the Platform, we may process:

• Listings, inventory data, capability descriptions
• RFQs, quotations, proposals
• Uploaded documents and metadata
• AI-processed inputs and outputs

This data may include personal data depending on User submissions.

2.3. Automatically Collected Information

When you access the Services, we may automatically collect:

• IP address
• Device type, browser, operating system
• Log files, timestamps, usage metrics
• Cookies and similar technologies (see Section 9)

3. How We Use Personal Data

We process personal data for the following purposes:

• Providing, operating, and maintaining the Services
• Managing Accounts, Workspaces, and User access
• Enabling communication and collaboration between Users
• Improving platform functionality, performance, and security
• Providing customer support
• Processing subscriptions and payments (via third-party providers)
• Generating analytics and AI-assisted insights
• Complying with legal obligations
• Enforcing our Terms of Service and policies

We do not sell personal data.

4. Legal Bases for Processing

Where applicable (including under KVKK and GDPR-aligned principles), we rely on:

• Contractual necessity (to provide the Services)
• Legitimate interests (platform security, fraud prevention, improvement)
• Legal obligations (tax, regulatory, compliance)
• Consent, where required by law

5. Data Hosting and International Transfers

5.1. Hosting

Customer Data and Platform data are hosted using Amazon Web Services (AWS) or equivalent secure cloud infrastructure.

5.2. International Transfers

Your data may be processed or stored outside Türkiye, including in jurisdictions where AWS, Stripe, or other infrastructure providers operate. We apply:

• Data minimization principles
• Technical and administrative safeguards
• Access controls and encryption

For users located in Türkiye, detailed disclosures required under Law No. 6698 (KVKK) are provided in the Personal Data Protection Information Text (KVKK Aydınlatma Metni), which forms part of our data protection documentation. By using the Services, you acknowledge that such transfers are necessary for the operation of the Platform.

6. AI and Automated Processing

The Services use AI-assisted tools for:

• Data parsing
• Workflow automation
• Search, summaries, and analytics

AI outputs:

• Are informational only
• May be inaccurate or incomplete
• Must be independently verified by Users

The Company does not make operational, maintenance, or airworthiness decisions based on AI output.

7. Data Sharing and Disclosure

We may share data only in the following circumstances:

• With service providers (cloud hosting, analytics, payment processors)
• With other Users, as directed by Customer settings
• For legal compliance, court orders, or lawful requests
• To protect rights, safety, or security
• In corporate transactions, such as mergers or restructuring

We do not share data for advertising resale purposes.

8. Data Retention

We retain personal data only for as long as:

• Necessary to provide the Services
• Required by law or regulatory obligations
• Needed for dispute resolution or enforcement

Upon Account termination, data may be deleted or anonymized, subject to legal retention requirements.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain session integrity
• Improve performance
• Analyze usage patterns

You may manage cookie preferences through your browser settings. Disabling cookies may affect functionality. Cookies are used as described in the Cookie Policy and Cookie Information Notice.

10. Data Security

We implement reasonable administrative, technical, and organizational safeguards, including:

• Access controls
• Encryption in transit
• Secure cloud infrastructure
• Monitoring and logging

No system is completely secure. Use of the Services is at your own risk.

11. Your Rights

Depending on applicable law, you may have the right to:

• Access your personal data
• Request correction or deletion
• Object to or restrict processing
• Withdraw consent where applicable

Requests may be submitted to the contact details below.

12. Children

The Services are not intended for individuals under 18. We do not knowingly collect data from minors.

13. Third-Party Services

The Services may link to or integrate with third-party platforms. We are not responsible for their privacy practices. Please review their policies separately.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or email where required. Continued use of the Services constitutes acceptance of the updated Privacy Policy.

15. Contact Us

For privacy-related questions or requests: SkyReady Teknoloji ve Danışmanlık A.Ş. Address: Ankara, Türkiye Email: info@skyready.ai

Last Updated: February 2, 2026

This Personal Data Protection and Processing Notice ("Notice") has been prepared in order to fulfill the information obligation set forth under Article 10 of the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK") in relation to the processing of personal data obtained from individual and corporate users and other relevant third parties who access and use the digital platforms operated by SkyReady Teknoloji ve Danışmanlık A.Ş. ("SkyReady" or the "Company"), including the SkyReady and PartsCollab platforms (collectively, the "Platform").

SkyReady provides a digital infrastructure that enables users in the aviation sector to discover each other, communicate, and exchange information. SkyReady does not act as a party to any commercial or technical transactions between users. In its role as a data controller, SkyReady processes certain personal data solely for the purpose of providing, operating, and securing the Platform.

SkyReady places great importance on the lawful processing, storage, and transfer of personal data and on ensuring the confidentiality and security of such data. In this context, SkyReady implements appropriate technical and organizational measures in line with applicable legislation and internationally accepted data protection principles. Personal data is processed only for the purposes and under the conditions explained in detail below.

This Information Text supplements the Privacy Policy and does not replace the contractual Privacy Policy applicable to Platform usage.

1. Data Controller

Pursuant to the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK"), your personal data is collected and processed by SkyReady Teknoloji ve Danışmanlık A.Ş., acting as the data controller, within the scope and for the purposes set forth in this Notice. SkyReady Teknoloji ve Danışmanlık A.Ş. is incorporated and registered in the Republic of Türkiye. SkyReady determines the purposes and means of processing personal data in connection with the operation, administration, and security of the Platform. Additional information regarding data processing practices is available in the Company's Privacy Policy published on the Platform.

2. Purposes of Processing Personal Data

Personal data is processed by SkyReady only to the extent necessary for the operation and administration of the Platform, including for the following purposes:

• enabling user registration, authentication, and account management;
• providing access to Platform functionalities;
• facilitating communication and interaction between users;
• administering subscriptions, access rights, and contractual relationships related to Platform usage;
• maintaining operational records, archives, and system logs;
• ensuring platform security, preventing misuse, and managing technical incidents;
• responding to user requests, inquiries, and support communications;
• fulfilling applicable legal obligations.

SkyReady does not process personal data for purposes unrelated to the Platform.

3. Categories of Personal Data Processed

In accordance with the principles of lawfulness, data minimization, and proportionality, SkyReady may process the following categories of personal data:

3.1. Identification and Contact Data

Name, surname, username, professional email address, telephone number, job title, and similar contact information.

3.2. Account and Authentication Data

Encrypted or hashed passwords, authentication records (including multi-factor authentication), user identifiers, and access credentials.

3.3. Platform Usage and Interaction Data

Messages, communications, listings, requests for quotations (RFQs), offers, uploaded documents, transaction records, and activity logs generated through Platform usage.

3.4. Corporate, Subscription, and Billing Data

Company name, registered address, tax or registration identifiers ((VKN or other legally required identifiers, where applicable), subscription type, duration, package information, and invoicing records.

3.5. Technical and Security Data

IP addresses, device and browser information, session logs, access records, and other technical data required to ensure system security.

3.6. Communication and Support Records

Records of support requests, feedback, complaints, and correspondence related to Platform services.

4. Legal Grounds for Processing Personal Data

Personal data is processed in accordance with legal regulations on data protection, based on one or more of the following legal grounds:

• Necessity for the establishment or performance of a contract;
• Compliance with legal obligations;
• Necessity for the establishment, exercise, or protection of legal rights;
• SkyReady's legitimate interests, provided that such interests do not override the fundamental rights

and freedoms of data subjects;

• Explicit consent, where legally required.

5. Data Transfers and International Processing

Due to the use of cloud-based infrastructure, personal data may be transferred to and stored on servers located outside Türkiye, primarily in the European Union and the United States, where technically and operationally necessary, including through Amazon Web Services (AWS). Such data transfers are carried out in accordance with Article 9 of the Turkish Law on the Protection of Personal Data No. 6698 and other applicable legislation and are protected by appropriate contractual, technical, and organizational safeguards.

In connection with the operation, maintenance, and development of the Platform, personal data may, on a limited and need-to-know basis, be shared with domestic or international service providers or business partners providing services such as cloud infrastructure, system maintenance, customer support tools, communication services, or similar auxiliary services, solely to the extent required for the provision of the Platform. International transfers are carried out only where technically required for the provision, security, or continuity of the Platform. Personal data may also be disclosed to legally authorized public authorities where required by applicable law. SkyReady does not transfer personal data for purposes unrelated to the Platform and does not engage in unauthorized data sharing or commercial data brokerage.

6. Payment and Financial Processing

Subscription payments and financial transactions are carried out through licensed third-party payment service providers. SkyReady does not store or process full credit card numbers or sensitive payment authentication data.

7. Data Retention

Personal data is retained only for the period required by the purpose of processing or as mandated by applicable legislation. Retention periods are determined based on the purpose of processing, applicable statutory limitation periods, and regulatory obligations. Upon the expiration of retention periods or where processing purposes cease to exist, personal data is securely deleted, destroyed, or anonymized in accordance with applicable data protection regulations.

8. Data Security

SkyReady implements appropriate technical and organizational measures to ensure the security of personal data, including access controls, secure systems, monitoring mechanisms, and incident response procedures.

9. Rights of Data Subjects

Within the scope of Article 11 of the KVKK, data subjects have the right to:

• learn whether their personal data is processed;
• request information if their personal data has been processed;
• learn the purpose of processing and whether personal data is used in accordance with that purpose;
• know the third parties to whom personal data is transferred domestically or abroad;
• request the correction of incomplete or inaccurate personal data and request notification of such correction to third parties to whom data has been transferred;
• request the deletion or destruction of personal data where the reasons requiring processing no longer exist and request notification of such action to third parties;
• object to results arising exclusively from automated processing that produce adverse consequences for the data subject;
• request compensation for damages arising from unlawful processing of personal data.

10. Application to the Data Controller

Applications regarding processed personal data may be made to SkyReady by data subjects in accordance with the applicable legislation in the following ways:

• Registered Electronic Mail (KEP);
• Secure electronic or mobile signature;
• Written application with wet signature to the company's registered address;
• E-mail sent from your registered account address to info@skyready.ai.

Requests will be finalized within the legal 30-day period. Your application must include: Your name, surname, and signature if the application is in writing, Your Turkish Republic identity number for Turkish citizens, Your nationality, passport number, or identity number if you are a foreigner, Your residential or business address for notification purposes, Your email address, telephone and fax number for notification purposes, if any,

11. Updates to This Notice

This Notice may be updated from time to time. Updated texts shall enter into force upon publication on the Platform.

12. Contact Us

For privacy-related questions or requests: SkyReady Teknoloji ve Danışmanlık A.Ş. Address: Ankara, Türkiye Email: info@skyready.ai