PRIVACY POLICY

Last Updated: December 20, 2025

This Privacy Policy explains how EkFlow Yapay Zeka Hizmetleri (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our platform (the “Service”). This policy applies to data processed through our Instagram, WhatsApp, and phone call integrations as well as our website/app.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Who We Are

Controller / Data Controller: Emirhan Kartal
Product / Service Name: EkFlow Yapay Zeka Hizmetleri
Email (Privacy): emirhan@kartaldigital.co
Email (Support): emirhan@kartaldigital.co
Address: Fenerbahçe Mah. Iğrıp Sk. No:13/1 Kadıköy/İstanbul PK:34726

2. Data We Collect

Depending on how you use the Service, we may collect the following categories of data:

2.1 Account & Business Information

Name and surname (if provided)
Email address
Company / business name and details (if provided)
Billing details and transaction references (if applicable)

2.2 Connected Account Identifiers (Instagram / WhatsApp)

Instagram account ID / Page ID
WhatsApp Business account ID / phone number identifier
Connection tokens and authorization data (stored securely)

2.3 Messaging & Interaction Data

Message content only when required to provide automation and AI-assisted responses
Conversation history within the Service
Timestamps, sender/recipient identifiers, and message status (delivered/read where available)

2.4 Phone / Call Automation Data

Call triggers and workflow logs
Call-related metadata (e.g., timestamps, routing events)

Note: Unless explicitly stated by a specific feature, we do not store raw call audio recordings.

2.5 Technical & Usage Data

IP address
Device and browser information
Log files, event records, crash reports
Approximate location inferred from IP (country/city-level)

3. How We Use Data

We use personal data to:

Provide, operate, and maintain the Service
Enable official Instagram/WhatsApp integrations and automations
Generate AI-assisted responses and workflows based on your configuration
Provide analytics and performance insights
Prevent fraud, abuse, and unauthorized access
Respond to support requests and technical issues
Comply with legal obligations and enforce our Terms of Service

We process personal data based on one or more of the following legal bases:

Consent (including explicit user consent where required)
Contractual necessity (to provide the Service you requested)
Legitimate interests (e.g., security, fraud prevention, service improvement)
Legal obligations (e.g., compliance with applicable laws)

Where required by applicable data protection laws (including GDPR and similar regulations), personal data is processed based on explicit user consent.

5. Data Security & Encryption

We protect data with industry-standard security measures, including:

Encryption in transit (TLS/HTTPS)
Encryption at rest (encrypted storage/databases)
Role-based access controls and least-privilege access
Monitoring and logging for security events

Encryption keys are securely managed and access to encrypted data is restricted to authorized systems only.

Even in the event of unauthorized access, stored data remains encrypted and unreadable.

6. Meta Platform Data (Instagram / WhatsApp) & AI Training

We do not use data obtained from Meta Platforms (including Instagram and WhatsApp) to develop, train, or improve any generalized artificial intelligence or machine learning models.

AI functionality is limited strictly to user-configured automation and response generation within the scope of the Service.

We do not sell personal data.

We may share data only in the following cases:

7.1 Service Providers (Processors)

We may share data with trusted service providers that help us operate the Service (e.g., hosting, databases, analytics, email delivery). These providers process data only on our instructions and are bound by confidentiality and data protection obligations.

7.2 Platform APIs (Meta / WhatsApp / Instagram)

To provide the Service, we exchange necessary data with official platform APIs according to your authorized connection and platform policies.

7.3 Legal Requirements

We may disclose data if required to comply with a legal obligation, lawful request, court order, or to protect rights, safety, and security.

8. Data Retention

We retain personal data only as long as necessary to:

Provide the Service
Meet legal, accounting, or compliance requirements
Resolve disputes and enforce agreements

You may request deletion as described below.

9. Your Rights

Depending on your location and applicable laws, you may have the right to:

Access your personal data
Correct inaccurate or incomplete data
Request deletion (“right to be forgotten”)
Withdraw consent (where processing is based on consent)
Object to processing or request restriction
Request data portability (where applicable)

To exercise these rights, contact us using the details in Section 12.

10. Data Deletion Requests

To request account deletion or personal data deletion, contact:

Email: emirhan@kartaldigital.co

Upon verified deletion requests, associated personal data is permanently removed or anonymized unless retention is required by law.

You may also revoke platform permissions (Instagram/WhatsApp) via your platform settings, which will stop future data access.

11. International Transfers

If personal data is transferred outside your country, we apply appropriate safeguards (e.g., contractual protections, security measures, and encryption) consistent with applicable data protection laws.

12. Contact

For privacy-related questions, requests, or complaints:

Controller / Data Controller: Emirhan Kartal
Email (Privacy): emirhan@kartaldigital.co
Address: Fenerbahçe Mah. Iğrıp Sk. No:13/1 Kadıköy/İstanbul PK:34726

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy with a new “Last Updated” date. Continued use of the Service after updates constitutes acceptance of the revised policy.