PratikYedek for e-commerce
A real scenario
An Anatolia-based cosmetics e-commerce business (anonymised reference: Store-C, ~3,500 orders/month) lost access to its VDS server in March 2025 due to a payment dispute with the hosting provider. Within 11 hours 22 GB of MySQL dumps (orders + customers), 8 GB of Magento media files and 14 months of invoice PDFs were gone. The provider offered to return the data within 72 hours for 12,000 TRY; no alternative existed.
Root cause: Backups were kept in another region of the same provider; suspending payment also suspended backup access.
How PratikYedek solves it
- Server-side cron script —
mysqldump+ tarball of media folder at 03:00; output written to/backups/. - PratikYedek desktop watcher — Monitors
/backups/and uploads new files as they arrive. - Customer data encryption layer — In addition to PratikYedek's AES-256-GCM, app-level encryption of PII columns (card token, national ID, GSM) is strongly encouraged by KVKK § 12.
- Per-order audit trail — Which order exists in which snapshot? Audit log retention of 7 years exceeds the 2-year e-commerce minimum and matches the 5-year VUK ceiling.
- Monthly restore drill — On the 1st of each month an automatic test snapshot is restored to a staging environment; integrity is verified.
KVKK + PCI-DSS alignment
Card data
PratikYedek does not store card numbers — and remember that anywhere you store them brings PCI-DSS scope. Best practice: keep the card information at the payment provider (PaynKolay/iyzico/PayTR) as a token and store only the token reference in your DB. The PratikYedek backup then stays clean for tokenisation rules.
- KVKK § 12 (Turkey's GDPR-equivalent): Customer PII (name, GSM, address) must be backed up encrypted → met by AES-256-GCM.
- KVKK § 11/e: When a customer requests deletion, order records must be removed from all snapshots — PratikYedek supports selective deletion (advanced flow shipped post Phase 4).
- E-Commerce Act art. 5: Distance-sales contract records must be kept 2 years; PratikYedek default audit retention meets this.
- Tax Procedure Law (VUK) art. 253: Invoice records must be kept 5 years → e-Archive integration (Foriba) already forwards to GİB; PratikYedek backs up a copy.
Recommended plan
| Monthly orders | Recommended plan |
|---|---|
| < 500 | Starter (50 GB is enough) |
| 500-2,000 | Professional (250 GB + 2FA) |
| 2,000-10,000 | Enterprise (500 GB + team + IP allow-listing) |
| > 10,000 | Enterprise + storage add-on |
FAQ
Is Magento / WooCommerce / OpenCart / Ticimax supported? PratikYedek works at the file level — the platform does not matter. MySQL dumps + media folder + uploads/ are backed up.
My customer requested deletion. Should the audit log also be deleted? No. KVKK § 11/e deletion applies to "personal data." The audit log keeps only a hash and action type (which user_id was deleted — that user_id is no longer assigned); no PII remains. It is not subject to KVKK deletion.
Are card numbers backed up? PratikYedek encrypts automatically — but the best practice is not to store card numbers. Use the payment provider's token system.
Can I increase backup frequency by season? Yes. For peak periods like Black Friday / Valentine's Day, hourly snapshots can be enabled temporarily and reverted to daily afterwards.