FAQ

Partnerfy is a modern and innovative software company that combines custom software development and software-tool marketing services for macro-scale businesses and agencies — working in a "tailor-made" fashion. With Partnerfy you can subscribe to 24/7 online software services for both your large-scale enterprise and your agency, or commission fully bespoke end-to-end software built specifically for your organisation. Our scope ranges from web-based enterprise applications and mobile solutions to SaaS licensing, API integrations and long-term technical support. In short, Partnerfy is a long-term business partner that first listens to your needs and then builds the most suitable software for you with the right technology, the right process and the right team.

ID.Partnerfy is a B2B management panel developed by Partnerfy. It is designed to manage — from a single point — all services, payments and operational workflows purchased or rented by agencies and macro-scale businesses from Partnerfy. Through this panel you can: • Track your active services, plans and subscription status on a single screen, • Make payments and access your past invoices, • Open technical support tickets and chat with the Partnerfy team on existing ones, • View progress, work items and reports for your projects, • Use role-based access to control which member of your team can see or do what. In short, ID.Partnerfy is your corporate control panel — bringing every communication, purchase and operational process between you and Partnerfy under one roof.

Absolutely. You can meet us in person through our offices and local representatives located in 4 different countries. In addition to our Türkiye headquarters, we are also physically present in Europe. To make sure the meeting is productive, we kindly ask you to book an appointment beforehand. You can use the "Schedule a meeting" link on our site to pick a suitable date and time and briefly tell us what you would like to discuss. Once your request reaches us, the relevant team member will contact you and direct you either to the most convenient office or to an online meeting.

We would like to answer this from two angles, because the word "language" can mean both a programming language and a spoken language: 1) In terms of programming languages: we can deliver projects in every major language used in the industry today — PHP (Laravel, Symfony), JavaScript / TypeScript (Node.js, React, Vue, Next.js), Python (Django, FastAPI), Java, .NET (C#), Go, Kotlin and Swift. Depending on your needs, we recommend the most appropriate architecture: monolith, microservices, serverless or a hybrid model. 2) In terms of spoken languages: the software we build is planned with a multi-language (i18n) foundation from day one. Starting with Turkish, English and German, we can support any language you require — for the interface, the content and the documentation. We can also deliver solutions for right-to-left languages (such as Arabic and Hebrew) and different regional settings. In short, whichever technology, language or market you want to address, we plan the process with you and bring it to life with the most suitable stack.

Partnerfy focuses on two main audiences: macro-scale businesses and digital agencies. • Macro-scale businesses: enterprises with serious operational volume, many users and highly customised processes. For them we build internal applications, ERP / CRM integrations, customer portals, reporting dashboards and bespoke SaaS solutions. • Digital agencies: agencies that offer software, SEO, digital marketing or web services to their own clients. They can position Partnerfy as their "back kitchen" and deliver white-label software solutions under their own brand. We also take on selected projects with start-ups and SMEs, but our core business model is built around these two audiences.

Our project kick-off process usually has 4 steps: 1) Discovery call: You reach us via the "Schedule a meeting" flow on our website or through the contact form. We listen to you and try to understand your current situation and your goals. 2) Needs analysis & proposal: Based on your requirements we prepare a roadmap and a price proposal covering scope, timeline, team and cost. If needed, we run a technical workshop. 3) Contract & onboarding: We sign the contract with the agreed scope, engagement model (fixed-price / time-and-materials / software-as-a-rental) and confidentiality terms; open your ID.Partnerfy panel and introduce your project team. 4) Build & deliver: Through an agile cycle with regular demos and reporting, we ship the product to production. After go-live, maintenance, support and continuous improvement services continue. Whatever stage you are at, feel free to reach out — even if you are still at the idea stage, we can help you find direction.

The first step with agencies that want to become partners is always an online discovery meeting. In this meeting we get to know you and your agency, and we discuss together which services we can work on jointly, what your expectations are and the value proposition we can build together. If, after the meeting, the conditions are suitable for both sides, we move directly to signing the partnership contract. In short, the flow is: 1) Online meeting (introduction + needs analysis) 2) Mutual fit assessment 3) Contract signing and start of the partnership 4) Opening of your ID.Partnerfy account and going live operationally This way both your agency and Partnerfy step forward already knowing each other — we never start a partnership without first getting to know you.

Our contract is signed with a classic wet signature, not a digital one. The process works as follows: 1) Your ID.Partnerfy account is opened first and the contract PDF is uploaded to your panel. 2) You download the PDF, print it on paper and, as the authorised signatory, sign it with a wet signature. 3) You send the signed original by courier to the address we provide. 4) The contract reaches us, our side signs it as the counterparty, and then the digital copy (scanned, fully signed) is uploaded back to your ID.Partnerfy panel. This way you have a contract that is both legally safe and digitally accessible at any time. If you wish, we can also send a wet-signed original copy back to you by courier — just let us know at the start of the process.

Our partnership contracts are issued by different offices depending on the geographic region: • All agreements with agencies based in Türkiye are handled by our Türkiye office; both the contract and the courier process run from there. • All partnership agreements within Europe are handled by our Germany office; for European agencies, the shipping, invoicing and legal framework are organised from Germany. This way agencies in Türkiye work within a partnership framework aligned with Turkish law and processes, while European agencies work within an EU-aligned legal and operational setup. We make it clear during the initial conversation which office will be the counterparty in your case.

No. We do not impose a "strict" contract that locks partners in, makes it hard to leave or forces long-term minimum commitments. All of our partners are free. What does this mean in practice? • You can leave Partnerfy whenever you want. • If you decide to move your existing services to another vendor, we do not get in the way — on the contrary, we help you through the transition. • We do not corner you with penalty clauses, high early-exit fees or long-term exclusivity terms. The reason is simple: as Partnerfy we trust our work and the value of the services we deliver. We want our partners to stay with us only because of the value, not because of a "contractual handcuff". This approach gives both us and our partners a long-term, healthy relationship.

Yes — if you decide to move your existing services to another provider, you can do so without trouble. We base the exit process on simple and transparent steps, not on hidden traps: 1) You send us your exit request through your ID.Partnerfy account or directly to your account manager. 2) We go through the list of your active services together (domain, hosting, licences, software source assets, documentation etc.). 3) We clarify which assets belong to whom, which ones will be transferred to you and the transition timeline. 4) Once the transfer / migration is complete, the relevant services are closed and the final invoice is issued. In this process we do not want to be the kind of vendor that creates problems on the way out. Our technical team supports you with information and hand-over so that your transition is as smooth as possible.

You can always access the digital copy of your contract from your ID.Partnerfy panel. The flow is as follows: 1) When your account is being opened, the unsigned contract PDF is uploaded to your panel — that is the first copy you download. 2) Once you have couriered the wet-signed original to us and we have signed it as well, we upload the scanned, fully signed contract back to the same panel. 3) From that point on, you can download the contract anytime from the "My Documents / Contracts" area and share it with your team members. This way your archive always contains a single, up-to-date and accurate copy. The same flow applies when an amendment or additional protocol is needed — the new document is again delivered to you via ID.Partnerfy.

For every website we build, we do not rely on an off-the-shelf package — we use our own CMS core, developed from scratch by Partnerfy. This core is built on PHP Laravel and Filament, which means it sits on a modern, up-to-date and long-lived foundation. We took the classic WordPress mindset and pushed it much further in terms of manageability. Without exaggerating: the result is a system that is at least 10x more flexible than WordPress in day-to-day management. Multi-language support (TR/EN/DE and more on request), SEO management, page & section-based content management, menus / mega menus, product and service catalogues, blogs and form management are all built-in modules of this core. In short: Modern Laravel + Filament + 10+ years of our own experience layered on top, all bundled as the Partnerfy CMS.

Our favourite part of the Partnerfy CMS is the live-edit feature. We know how tedious the classic "go to the admin panel → find the field → save → switch tabs to check" loop can be, so we removed that loop with a built-in live-edit layer. It works like this: 1) Log in with your administrator account on the admin panel. 2) Open the public website in a new tab. 3) Because you have an active session, the site automatically enables the live-edit interface for you. 4) "Edit", "Add" and "Delete" buttons appear on top of the headings, texts, images and sections you see on the page. 5) The moment you make a change, you see the result on the live page and publish it with a click. In other words, you manage your website the same way you manage a social-media account: what you see is what you edit. The editing interface is only visible to logged-in administrators — visitors always see the clean published version.

Every piece of software we build — web, mobile or desktop — goes through a comprehensive test phase of roughly 100 items before delivery. This is not a single person "having a quick look", it is a structured checklist covering several disciplines: • Functional tests: verifying that every feature works exactly as designed. • UI / UX tests: consistent appearance and behaviour on mobile, tablet and different browsers. • Performance tests: page load time, server response time, concurrent-user scenarios. • Accessibility checks: basic WCAG checks such as keyboard navigation, contrast and semantic HTML. • Data consistency & error handling: invalid inputs, broken connections, interrupted transactions. • Security checks: baseline scans against well-known vulnerability categories (along OWASP lines). Software that does not pass the whole list is not released. Every failed item goes back to the development team and the test cycle is repeated until everything is green. So the "ship it now, fix it later" mindset is simply not part of how we work.

Let us be honest right from the start: no software is 100% secure — and anyone who claims otherwise is not someone to trust. However, every piece of software delivered by Partnerfy goes out only after every known and "cleverly hidden" backdoor has been closed one by one. We approach the topic in two layers: 1) Baseline security: every project is hardened against the OWASP Top 10 (SQL injection, XSS, CSRF, privilege escalation, insecure redirects etc.), modern password policies, role-based access control, secure session handling, TLS for data in transit and database-side encryption for sensitive fields. This is not a separate paid add-on — it is a built-in part of our development standard. 2) Penetration testing (on request): if you have purchased the "penetration test" service, it is carried out directly by the Partnerfy team. We push your software the way an external attacker would: unauthorised access attempts, data exfiltration, session hijacking, authorisation bypass and similar scenarios. Every finding is reported, prioritised, fixed and then re-tested for closure. Result: we never promise that a piece of software is 100% untouchable, but we can say that everything we deliver goes live with no known open door — hardened against every well-known vulnerability class.

We do not develop software "however we feel today" — we follow internationally recognised standards. We have team members with internationally accredited certifications, and we have a code-quality policy aligned with these credentials. In practice this means: • Clean code and layered architecture: single-responsibility principle, meaningful naming, modular structure, testability. To be blunt — the term "spaghetti code" is not part of our vocabulary :) • Consistent code style: every project applies the same style guide (PSR-12 / ESLint / defined lint rules); every commit passes through automated checks. • Version control and reviews: every change is managed through Git and reviewed by at least one other developer. • Automated tests and CI/CD: unit and integration tests run automatically on every change. Going to production is not a manual "let us hope it works", it is an automated pipeline. • Security and privacy: OWASP references, KVKK / GDPR alignment, the principle of least privilege for sensitive data. • Sustainability: documentation, written architectural decisions and a codebase that any developer can confidently pick up years later. In short, the code we deliver is written with the mindset that "someone — possibly we ourselves — will reopen this in years and it should still make sense".

"We delivered it, the rest is your problem" is simply not how we work. The moment a piece of software goes live is not the end of the line for us — it is the start of a maintenance lifecycle for an asset we still care about. The post-delivery process covers the following: • Security updates: critical patches released for Laravel, Filament and other dependencies are applied regularly. • Routine technical maintenance: server health, database performance, log review and backup verification are performed at defined intervals. • Bug fixes & support tickets: you can open a support ticket via your ID.Partnerfy panel. Tickets are prioritised, assigned to the right team and tracked transparently with you. • Release management: new features and large changes are first tested on a staging environment, approved, and only then promoted to production — minimising unexpected side effects. • Reporting and transparency: maintenance work is reported back to you; you can see in ID.Partnerfy which work was carried out on which date. The exact scope of maintenance and support depends on your contract type, but whichever model you choose, your software is never left orphaned after delivery.

At Partnerfy there is no "let's negotiate behind closed doors" approach. We apply a transparent pricing policy: prices for our standard services are clearly published on the ID.Partnerfy panel so that our partners can see them and compare options. In practice this means: • Standard web services (corporate site packages, corporate e-commerce, blog / portal platforms, etc.) have defined prices and can be viewed directly on your ID.Partnerfy panel. • Standard tiers of our SEO and digital marketing packages are listed on the panel in the same way. • These prices are the same for everyone — there is no "we'll just come up with a number for whoever asks" logic here. So you can first check the panel, clarify your options, and then talk to us for any additional consultancy if needed. This transparency dramatically shortens the decision-making process — both for you and for your team.

For custom projects — bespoke mobile apps, desktop software and large-scale web applications — giving a fixed list price would not be honest. Scope, user load, integrations, performance targets and timeline change from project to project, so a price is only meaningful once the need is properly understood. Our process is as follows: 1) We listen to your requirements in an introductory call and, if needed, run a short technical workshop. 2) Our team defines the scope, the technology stack, the team setup and the timeline. 3) Within 48 hours at the latest, a custom proposal is prepared and delivered to you. 4) The proposal is not just a number; it also includes a technical presentation of the project (architectural approach, modules, timeline, assumptions and risks). So when you open the proposal you see, in a single document, the answers to "how much will it cost", "what will be delivered" and "how will it be built". This way, your decision is driven by value rather than by price alone.

For SEO and digital marketing we use a two-layer approach: 1) Standard packages: recurring services such as SEO maintenance, content production and technical SEO audits have defined tiers with clear prices, visible on your ID.Partnerfy panel. You can start any of these packages from the panel with a single click and upgrade or downgrade your tier whenever you want. 2) Customised work: brand positioning, multilingual SEO strategy (TR/EN/DE and others), large-scale content migration, e-commerce SEO and custom reporting setups fall outside the standard flow and are quoted separately. In that case we clarify the scope and send you a custom proposal within 48 hours. So for small and mid-size needs you do not have to "wait for a quote" — you can simply check the panel and move forward. When your need goes beyond the standard scope, we still support you with clear numbers and a transparent scope.

For sales to macro-scale businesses we apply a clear payment process that fits corporate workflows: • Invoicing: the invoice for the relevant service is issued via ID.Partnerfy and, at the same time, sent to your finance contact address. • Payment term: payment is expected to be completed within 5 business days from the invoice date. This period is designed to fit standard corporate approval and payment cycles. • Official kick-off: once the payment reaches us, the official process is started within the following 24 hours (counted in business hours). In other words, on the first business day after we receive the payment, the project or service is officially booked and started. • Tracking and transparency: you can see all your payment statuses in real time on your ID.Partnerfy panel and access all past invoices and receipts. This structure fits your internal procurement and approval processes while removing any uncertainty around "when does this actually start".

For every project that falls outside our standard packages, a custom proposal is delivered to you within 48 hours at the latest. We do not just send a number; the proposal always comes with a technical project presentation. A typical proposal package includes: • Requirement summary: a written version of how we understood what you described — this reduces future "in scope / out of scope" disagreements. • Proposed solution: which modules, which technologies and which architectural approach will be used — short and readable. • Timeline: main phases, intermediate deliveries and the go-live date. • Team setup: a definition of the roles assigned to the project (project manager, developer, designer, QA etc.). • Price: a clear figure, a payment plan (upfront / milestone-based / monthly etc.) and an expiry date. • Assumptions and risks: explicitly listed assumptions and a "what if scope grows" scenario. Thanks to this format you do not have to answer with a flat "yes / no" the moment you open it; you can shrink or expand the scope and revise it together with us. In other words, our proposals are an invitation to think together — not a haggling ground.

Because Partnerfy operates across multiple countries, we support different currencies and methods for payments. Which options apply to you depends on the office your contract is signed from (Türkiye / Germany) and the type of service. In general, we accept the following methods: • Bank transfer / EFT (TRY): the primary method for Türkiye-based contracts. • SEPA transfer (EUR): the primary method for Europe-based contracts. • SWIFT / international wire: for USD or EUR international payments. • Corporate credit card / online payment: available for certain packages and recurring subscriptions via ID.Partnerfy. • Recurring direct debit: an automated charging option for ongoing services such as monthly SEO, maintenance or hosting. The invoicing currency also depends on the office: invoices from the Türkiye office are issued in TRY and invoices from the Germany office in EUR. Taxes and withholding items are clearly shown on the invoice, in line with the applicable tax legislation. Which method is most suitable for you is determined before the contract is signed and made selectable item-by-item in your ID.Partnerfy panel.

In custom software projects, confidentiality is not an optional add-on for us — it is a standard process active from the very first minute. Even during the technical workshop stage, we prefer to move forward under a signed NDA with you. In practice, confidentiality is managed through these steps: 1) Mutual NDA: before discussions begin, or at the latest before the needs analysis, a mutual non-disclosure agreement is signed. It covers everything you tell us, every document you share, designs, code snippets, customer lists and internal processes. 2) Need-to-know information sharing: team members who are not part of the project do not have access to project details. Only the people actively working on it can see the relevant information. 3) Secure sharing channels: instead of attaching sensitive content to e-mails, we use authorised sharing environments; all access is logged. 4) Obligation continues after delivery: the confidentiality obligation does not end when the project ends; it continues under the same conditions for the duration defined in the agreement. In other words, from the moment you share an idea, a prototype or an internal process with us, written rules are already in place that define how that information will live and who is allowed to see it.

Yes. Confidentiality is a standard part not only of "custom software" projects, but also of our website development and SEO / digital marketing engagements. A signed confidentiality agreement is in place for these processes as well. The reason is simple: SEO and web projects involve a lot more sensitive information than people usually assume. • Your keyword strategy, target-market plans and competitor analysis are critical assets for your competitive position. • Access to Search Console, Analytics, ad accounts, CRM and e-commerce panels carries real commercial value. • Content planned for your website, product launch dates, pricing policies or internal documents may not yet be public. For this reason our confidentiality agreement on web and SEO projects guarantees that your content, plans, access credentials and any data that gives you an edge over competitors is processed "only by the team working on the project, only for the purpose of the project". The same information is never shared with another client and is never used as a reference in another project.

All of our software operations — server management, deployment, monitoring, scaling, backups and security hardening — are run by our dedicated DevOps team in our Germany office. So the infrastructure side is not "outsourced and hidden" — it is a direct part of Partnerfy. This setup gives us three serious advantages: 1) Operational control: access to servers, CI/CD pipelines, monitoring dashboards and logs is only granted to the DevOps team in Germany. There is no scenario in which a third-party vendor "sees everything". 2) European legal framework: a large part of operations runs within the European Union; this gives our partners an additional layer of trust, especially regarding GDPR. 3) Standardised flows: server provisioning, hardening, patch cycles, log retention, backups and disaster recovery are documented and repeatable. We never fall into the "infrastructure only one person understands" trap. Our DevOps team also runs the incident-response process: abnormal traffic, failed login attempts, sudden resource spikes and similar signals are monitored 24/7 and handled through pre-defined runbooks.

KVKK and GDPR are not topics we check "afterwards" — they are principles we apply during design (privacy by design). The main pillars of our approach are: • Data inventory: in every project we clarify with you which personal data is stored, for which purpose, for how long and in which system. The "let's just collect it, maybe we'll need it one day" mindset is not allowed. • Data minimisation: registration forms, panel users and daily operations only request the personal data that is genuinely needed; "we don't need it but let's keep it anyway" is not acceptable. • Authorisation and audit: who accessed which data, with what role and when is logged. Two-factor authentication (2FA) and role-based access control are standard in sensitive areas. • Encryption: data is protected both in transit (TLS) and at rest (database encryption for sensitive fields). • Data subject rights: the processes and technical capabilities needed to fulfil KVKK / GDPR rights (deletion, correction, portability of data) are planned from the very beginning. • Data location: for our European partners we make sure data stays within the EU; for Türkiye we take into account the applicable location-based legal requirements. So the software we build does not stand in the way of your regulatory obligations — it directly helps you meet them.

Instead of relying on a single measure, we run server security through a layered architecture. Our DevOps team in Germany keeps the following layers continuously in place: • Network layer: managed firewall, only the necessary ports open, brute-force protection, anomalous-request detection, DDoS mitigation and a CDN layer. • Server layer: OS hardening (turning off unnecessary services), timely security patches, automated anti-malware scans and file integrity monitoring. • Application layer: software hardening against OWASP Top 10, secure session management, password policies, 2FA and role-based authorisation. • Database layer: connections to the production database only from authorised IPs, encryption for sensitive fields and regular, encrypted backups. • Monitoring and logging: application, system and security logs are collected centrally; alerting rules run for anomalous behaviour. • Backup and disaster recovery: regular automated backups, off-site storage and restore drills (we don't just check "is there a backup" — we also check "can we actually restore it"). • Access discipline: SSH key-based access (no passwords), individual accounts, no "shared passwords", and access for a leaving team member revoked the same day. In other words, the system is not based on a single protective measure; breaking one layer does not automatically defeat the others. In the event of an attack, the goal is for the attacker to hit a new obstacle at every step.

Promising that a security incident will never happen would not be an honest statement. What we actually have to do is define in advance how we will react when an incident does happen, and run that process transparently for you. For this reason we have a defined incident-response process. The process is made of four key steps: 1) Detection: automated monitoring systems or unusual log signals immediately alert our DevOps team in Germany. As soon as a potential incident is identified, an internal "triggered state" is opened. 2) Containment: the affected service or account is isolated immediately. If necessary, sessions are terminated, the relevant IP addresses are blocked and the affected user accounts have their permissions temporarily suspended. 3) Notification and transparency: the part of the incident that concerns you is reported to you as quickly as the applicable regulation allows. This notification covers what happened, when it happened, which data may have been affected and what steps have been taken so far. Updates are also posted on the ID.Partnerfy panel throughout the incident. 4) Remediation and lessons learned: the root cause is identified, a permanent fix is applied and, if needed, system-wide measures are taken to close similar risks. After the incident a written post-mortem report is prepared and shared with the relevant partners. The principle behind this approach is simple: instead of promising that nothing will ever go wrong, we promise to react honestly, quickly and in a documented way when something does. For us, the real test of security is not "when nothing happens" — it is "how we react when something does".