🔒 Privacy Policy

EsdisisPrime ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our call center management platform and integrations with Facebook, Instagram, and WhatsApp Business.

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account and Profile Information

• Personal Details: Name, email address, phone number, profile picture
• Company Information: Company name, business address, job title
• Authentication Data: Username, encrypted password, two-factor authentication settings

1.2 Call Center Data

• Call Records: Call logs, duration, timestamps, caller/receiver numbers
• Call Recordings: Audio recordings of calls (only with proper consent and legal compliance)
• Customer Data: Customer names, contact information, interaction history
• Agent Performance: Agent activity logs, call handling metrics

1.3 Social Media Integration Data

When you connect your Facebook, Instagram, or WhatsApp Business accounts, we collect:

• Facebook/Instagram: Page information, posts, comments, engagement metrics (likes, shares, impressions), follower demographics
• WhatsApp Business: Business profile details, message templates, conversation history, message delivery status
• Analytics: Engagement rates, reach, post performance, audience insights

1.4 Technical Information

• Device Data: IP address, browser type, operating system, device type
• Usage Data: Pages visited, features used, time spent on platform, click patterns
• Log Data: Access times, error logs, API calls, session information

2. How We Use Your Information

2.1 Service Delivery

• Provide call center management services (call routing, recording, analytics)
• Manage social media accounts (schedule posts, respond to comments/messages)
• Send and receive WhatsApp Business messages on your behalf
• Generate performance reports and analytics dashboards
• Authenticate users and maintain account security

2.2 Platform Improvement

• Analyze usage patterns to improve user experience
• Develop new features based on customer needs
• Fix bugs and optimize platform performance
• Conduct security monitoring and fraud prevention

2.3 Communication

• Send transactional emails (password resets, billing notifications, system alerts)
• Provide customer support and respond to inquiries
• Send service updates and feature announcements
• Deliver marketing communications (only with your consent - you can opt-out anytime)

2.4 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests from authorities
• Enforce our Terms of Service
• Protect against fraudulent or illegal activity

3. Meta Platform Integration (Facebook/Instagram/WhatsApp)

3.1 What We Access

When you authorize our app to connect with your Meta accounts, we request permission to:

• Facebook Pages: View page details, manage posts, read comments/messages, access page insights
• Instagram Business: View profile, publish posts/stories, read comments/DMs, access analytics
• WhatsApp Business: Send/receive messages, manage business profile, access message templates

3.2 How We Use Meta Data

Permitted Uses:

• ✅ Schedule and publish content to your connected social media accounts
• ✅ Display engagement metrics and analytics within our platform
• ✅ Manage customer conversations across Facebook Messenger, Instagram DMs, and WhatsApp
• ✅ Generate performance reports for your social media activities

Prohibited Uses:

• ❌ We do NOT sell or rent your Meta platform data to third parties
• ❌ We do NOT use your audience data for independent advertising
• ❌ We do NOT access data beyond what you explicitly authorize
• ❌ We do NOT share your social media content with unauthorized parties

3.3 Your Control

You have complete control over Meta integrations:

• Grant Access: You choose which pages/accounts to connect during setup
• Revoke Access: Disconnect anytime from our platform settings or Facebook Settings → Apps and Websites
• Data Deletion: When you disconnect, we delete associated Meta data within 30 days

4. Data Sharing and Disclosure

4.1 We Share Data With:

• Service Providers: Cloud hosting (AWS/Azure), email services (SendGrid), payment processors (Stripe), analytics tools (Google Analytics) - all bound by strict data processing agreements
• Legal Authorities: When required by law (court orders, subpoenas) or to protect our rights and safety
• Business Transfers: In case of merger or acquisition (you'll be notified in advance)

4.2 We DO NOT Share Data With:

5. Data Retention and Storage

5.1 How Long We Keep Your Data

• Account Data: Active account duration + 30 days after deletion
• Call Recordings: 90 days (configurable based on your legal requirements)
• Call Logs: 2 years (telecom regulatory compliance)
• Messages: Active conversation period + 1 year
• Billing Records: 7 years (tax compliance)

5.2 Account Deletion

When you delete your account:

1. Within 24 hours: Account deactivated, login access revoked, integrations disconnected
2. Within 30 days: All personal data permanently deleted from active systems
3. Exceptions: Financial records (7 years for tax purposes), anonymized analytics, data under legal hold

5.3 Data Storage

• Location: Secure data centers in Europe (GDPR-compliant)
• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Backups: Encrypted backups retained for 90 days, then automatically deleted

6. Data Security

We implement industry-standard security measures:

• Encryption: All data encrypted both at rest (AES-256) and in transit (TLS 1.3)
• Access Control: Multi-factor authentication (2FA), role-based permissions, IP restrictions
• Monitoring: 24/7 security monitoring, intrusion detection, regular security audits
• Infrastructure: Firewalls, DDoS protection, isolated tenant databases
• Employee Training: Regular security awareness training for all staff

Note: While we use best practices to protect your data, no system is 100% secure. We encourage you to use strong passwords and enable 2FA.

7. Your Privacy Rights

Under GDPR, CCPA, and other privacy laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing (e.g., marketing)
• Withdraw Consent: Withdraw consent for data processing at any time

To exercise your rights: Email us at destek@esdisisbilisim.com.tr. We'll respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for login, security, and core functionality (cannot be disabled)
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling cookies may limit platform functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place:

• EU Standard Contractual Clauses for EU data transfers
• Data Processing Agreements with all processors
• Compliance with GDPR and local data protection laws

10. Children's Privacy

Our platform is not intended for users under 16 years old. We do not knowingly collect data from children. If we learn we've collected data from a child, we'll delete it immediately.

11. Changes to This Privacy Policy

We may update this policy periodically. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we'll notify you via email or platform notification.

Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

---