Privacy Policy
Last updated: 13 May 2026
1. Overview
Altai Digital handles personal data in line with GDPR principles and Turkey's KVKK (Law No. 6698). This policy explains what we collect, how we process it, and your rights.
2. Data we collect
Your email when you sign up; business name and (encrypted) API keys when you configure a bot; customer phone numbers and message content during conversations.
3. Data security
API keys are encrypted with AES-256-GCM. Database access happens over TLS. Production SSH access is restricted to authorised personnel.
4. Retention
Active tenant data is retained until the account is closed. Within 30 days of closure, data is anonymised or deleted. Bot message history is retained for 12 months by default.
5. Your rights
Under GDPR and KVKK you have the right to access, correct, delete and port your data. Write to info@altai.digital to submit a request.