PRIVACY POLICY

This Privacy Policy explains the principles regarding the processing of your personal data within the scope of the ControlBubble WhatsApp Automation Platform provided by ControlBubble.

As a company, we attach importance to the privacy and security of your personal data; we process your data in accordance with the Personal Data Protection Law No. 6698 (KVKK) and the relevant legislation.

1. Scope and Definitions

This policy applies to:

  • the ControlBubble website,
  • the ControlBubble panel and management screens,
  • your integrations with WhatsApp and other messaging channels,
  • demo/form submissions, support requests, and sales processes

and is valid for the personal data processed within these contexts.

Personal data: Any information relating to an identified or identifiable natural person,

Data controller: Refers to the Company that determines the purposes and means of processing personal data.

2. Categories of Personal Data Processed

Within the scope of our services, we may process the following categories of personal data:

  • Identity Information: Name, surname, company/brand name, title
  • Contact Information: Email address, phone number
  • Customer Transaction Information: Account information, panel usage, support requests, log records
  • Financial Information: Billing details, billing address, tax number (if any)
  • Transaction Security: IP address, session information, device and browser information
  • Message Content: Message templates sent via ControlBubble, limited data related to correspondence with customers (for example: message body, sending time, recipient number, etc.)

The personal data of your customers/end users may vary depending on how you use the platform. In respect of such data, the Company will in most cases act as a data processor, while you may be the primary data controller.

3. For What Purposes Do We Process Your Personal Data?

Your personal data may be processed for the following purposes:

  • Creating and managing your ControlBubble account
  • Establishing integrations with WhatsApp and other channels
  • Providing automated messages, campaigns, notifications, and similar services
  • Carrying out technical support, customer relations, and sales processes
  • Issuing invoices, tracking payments, and carrying out accounting processes
  • Improving our services, infrastructure, and security measures
  • Fulfilling our legal obligations and responding to requests from official authorities
  • Informing you about new features, campaigns, and announcements (if you have given your explicit consent)

4. Method and Legal Basis for Processing Personal Data

Your personal data is processed;

  • through forms on our website,
  • during contract processes, quotations/support correspondence,
  • through your user actions on the platform,
  • through integration API calls

automatically in electronic environments.

Your data is processed based on one of the legal grounds listed in Articles 5 and 6 of the KVKK. These are mainly:

  • being necessary for the establishment or performance of a contract,
  • being mandatory for us to fulfill our legal obligations,
  • being necessary for our legitimate interests (provided that it does not harm your fundamental rights and freedoms),
  • your explicit consent for certain marketing activities.

5. Transfer of Personal Data

Your personal data may be shared with;

  • our cloud service and hosting providers,
  • companies from which we receive email, SMS, or call center services,
  • our business partners from whom we receive accounting, auditing, legal, and consultancy services,
  • legally authorized public institutions and organizations

in accordance with the conditions and limitations set forth in the KVKK.

Where the transfer of data abroad is required, your explicit consent will be obtained pursuant to Article 9 of the KVKK, or the transfer will be carried out in accordance with the safe countries announced by the Board and/or the applicable undertaking procedures.

6. Data Security and Encryption

Within the ControlBubble infrastructure;

  • web traffic is encrypted with TLS (HTTPS),
  • user passwords are stored irreversibly using hash + salt methods,
  • access keys and sensitive data are stored in encrypted areas accessible only to authorized persons,
  • backup and log records are protected in environments with restricted access.

We take technical and administrative measures to prevent unauthorized access, loss, or data leakage. Although we acknowledge that no system can be one hundred percent secure, we regularly review our processes in order to minimize risks.

7. Your Rights

Pursuant to Article 11 of the KVKK, by applying to the Company, you have the right to:

  • learn whether your personal data is processed,
  • request information if it has been processed,
  • learn the purpose of processing and whether it is used in accordance with that purpose,
  • know the third parties to whom your data is transferred domestically or abroad,
  • request correction if your data is processed incompletely or inaccurately,
  • request deletion or destruction of your data in accordance with the KVKK,
  • request notification of these actions to third parties to whom the data has been transferred,
  • object to the occurrence of a result against you by means of the exclusive analysis of the processed data through automated systems,
  • request compensation for damages if you suffer harm

You have these rights.

To exercise these rights, you may contact the Company through the communication channels available on our website or by written application.

8. Updating the Policy

This Privacy Policy may be updated from time to time. The most current version is always published on the ControlBubble website and becomes effective as of the date of publication.