Privacy Policy — Quick AI Chat

This Privacy Policy explains how Quick Global Infotech Bilişim ve Sanayi Ticaret A.Ş. ("Quick Global Infotech", "we", "us") collects, uses, stores, and protects personal data when you use the Quick AI Chat application (the "App") for Bitrix24. By installing, accessing, or using the App, you ("Customer", "you") agree to the practices described in this Policy.

1. Scope

This Policy applies to all personal data processed by the App in the course of providing WhatsApp-to-Bitrix24 integration services, including messages, phone numbers, and user credentials exchanged between Meta (WhatsApp), Bitrix24, and end customers.

2. Legal Bases for Processing

We process personal data under the following legal bases (GDPR Art. 6 / KVKK Art. 5):

• Performance of a contract — to deliver the App and its messaging features to Customers who have purchased or installed it.
• Legitimate interest — to secure the service, prevent abuse, maintain system integrity, and provide customer support.
• Legal obligation — to comply with tax, accounting, and electronic communications regulations applicable in Türkiye.
• Consent — where you explicitly opt in to non-essential features (e.g. AI-generated replies via third-party providers).

3. What Data We Collect

3.1 Account and Billing Data

• Full name, email address, phone number, role (user / dealer / admin)
• Encrypted password (hashed — we never see your plaintext password)
• Subscription plan, invoice records, payment references (payment processors are handled by banking/ODEAL and we do not store card data)

3.2 Integration Credentials

• Bitrix24 portal domain, OAuth access/refresh tokens, application token
• WhatsApp Business Cloud API credentials (WABA ID, Phone Number ID, access token) — provided by you from Meta
• WhatsApp Web session data (Baileys) — encrypted session files, stored per account
• AI provider API keys (OpenAI, Google Gemini, Anthropic Claude, DeepSeek) — only if you choose to enable AI replies

3.3 Messaging Content

• WhatsApp messages sent and received via your connected numbers (text, media references, template parameters)
• End-customer phone numbers and any contact metadata pulled from Bitrix24 CRM (Lead, Deal, Contact names and fields)
• Conversation timestamps, delivery status (sent / delivered / read), message direction

3.4 Technical Data

• IP address, browser type, device information, login timestamps
• Application logs required for debugging and security (7-day rolling window)

4. How We Use Your Data

• To authenticate you and route WhatsApp messages to the correct Bitrix24 Open Channel or CRM record
• To send and receive WhatsApp messages through Meta's WhatsApp Business APIs on your behalf
• To deliver optional AI-assisted replies through the third-party AI provider you selected
• To issue invoices, process subscriptions, and manage billing
• To provide customer support and respond to inquiries
• To improve the App's reliability, detect abuse, and enforce security
• To comply with applicable legal obligations

We do not sell your personal data. We do not use your message content for advertising or for training any general-purpose AI model.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described above.

After these periods, data is deleted or anonymized. You may also request earlier deletion via the contact details above, subject to any overriding legal retention requirements.

6. Where Your Data Is Stored

All customer data is hosted on servers physically located within the Republic of Türkiye, in the Datacasa data center (Başakşehir, Istanbul). Data does not leave Türkiye for storage purposes.

Certain processing necessarily involves international transfers to our sub-processors described in Section 7 (e.g. Meta servers for WhatsApp delivery, AI provider servers when you enable AI replies). Those transfers are governed by the sub-processor's own safeguards and, where applicable, Standard Contractual Clauses.

7. Sub-Processors and Third Parties

The App relies on the following independent services. Your use of the App means your data may be processed by each of them for the specific function described.

8. Security

• All traffic between you, Bitrix24, WhatsApp, and our servers is encrypted in transit (TLS 1.2+)
• Passwords are stored using industry-standard one-way hashing; we never see plaintext passwords
• OAuth tokens and API keys are stored in encrypted form in our database
• Rate limiting, input validation, and HTTP security headers (Helmet) are applied at all public endpoints
• Access to production data is restricted to authorized Quick Global Infotech personnel under a need-to-know basis

No system is 100% secure. In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify affected Customers without undue delay and in accordance with KVKK and GDPR notification requirements.

9. Your Rights

Under KVKK (Türkiye) and GDPR (EU), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion ("right to be forgotten"), subject to legal retention obligations
• Request restriction or object to specific processing
• Request data portability in a structured, machine-readable format
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the competent supervisory authority (KVKK Board in Türkiye, or your local EU supervisory authority)

To exercise any of these rights, email info@quickinfotech.tr. We will respond within 30 days (or sooner, where legally required).

10. Children's Data

The App is a B2B product intended for professional use. We do not knowingly collect data from individuals under 18. If you believe we have inadvertently collected such data, contact us and we will delete it.

11. Cookies

The App's web panel uses only essential cookies required for authentication (session cookies) and for storing your language and theme preferences in the browser's local storage. No advertising or third-party tracking cookies are used.

12. Changes to This Policy

We may update this Policy to reflect changes in our practices, applicable law, or the services we offer. Material changes will be announced in the App and by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

13. Contact