Privacy Policy

1. Introduction

Digid is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use Caio.

2. Data Controller

Digid Yönetim ve Bilişim Sistemleri A.Ş. is the data controller for your personal data. We comply with the Turkish Personal Data Protection Law (KVKK) and the EU General Data Protection Regulation (GDPR).

3. Data We Collect

We collect the following types of data:

• Account Information: Name, email address, phone number
• Business Information: Company name, industry, size, financial data you provide
• Usage Data: How you interact with our Service, features used, time spent
• Device Information: IP address, browser type, operating system
• Communication Data: Messages you send us, support requests

4. How We Use Your Data

We use your data to:

• Provide and improve our AI-powered recommendations
• Personalize your experience and generate relevant insights
• Process payments and manage your subscription
• Communicate with you about the Service
• Ensure security and prevent fraud
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your data based on:

• Contract: Processing necessary to provide the Service
• Consent: Where you have given explicit consent
• Legitimate Interests: To improve our Service and prevent fraud
• Legal Obligation: To comply with applicable laws

6. Data Sharing

We may share your data with:

• Service providers who help us operate the Service (cloud hosting, payment processing)
• Professional advisors (lawyers, accountants)
• Law enforcement when required by law
• Business partners with your consent

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. We may retain certain data longer to comply with legal obligations or resolve disputes.

9. Your Rights

Under GDPR and KVKK, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular security assessments.

11. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through the Service.