Privacy Policy
1. Who We Are
AVE Software & AI ("AVE", "we", "us" or "our"), operating at avebt.com and part of Karabiber Holding, is an enterprise software company and SAP Business One partner. We build business applications and integrations, including ERP Cep, Direkt Finans and AVEbanka. ERP Cep connects SAP Business One to messaging platforms such as the WhatsApp Business Platform (operated by Meta), Slack, Telegram and Microsoft Teams.
This Privacy Policy explains what personal data AVE collects through our website and our applications and integrations (together, the "Services"), how we use it, with whom we share it, and the rights and choices you have.
2. Data We Collect
2.1 Data received through Meta platforms
When you interact with a business that uses our Services over WhatsApp (via Meta's WhatsApp Business Cloud API) or other Meta platforms, we receive:
- Contact information: your phone number and/or platform user ID, and your profile name as provided by the platform;
- Message content: the text, media and attachments you exchange with the business through the Services;
- Message metadata: timestamps, delivery and read status, and conversation identifiers.
2.2 Data processed on behalf of our customers
- Businesses using AVE products may connect their ERP systems (such as SAP Business One) to the Services. ERP queries and responses (e.g. sales reports, stock levels, account balances) are processed solely to deliver the requested functionality. The business remains the controller of this data.
2.3 Data we collect automatically
- Technical logs: IP address, request timestamps and error logs generated when our servers process requests and webhook events — used solely to operate, secure and debug the Services;
- Website data: if you contact us through avebt.com, the name, e-mail and company details you submit.
AVE does not sell personal data, does not use message content for advertising, and does not collect any data beyond what is necessary to provide the Services.
3. How We Use Data
- To receive, route and deliver messages and ERP queries between you and the business you are communicating with;
- To provide the automated responses, notifications and workflows requested by the business;
- To maintain, secure and troubleshoot the Services (error logging, abuse prevention);
- To respond to enquiries you send us through our website;
- To comply with legal obligations and with Meta's Platform Terms and Developer Policies.
4. Legal Basis for Processing
Where the GDPR or the Turkish Personal Data Protection Law No. 6698 ("KVKK") applies, we process personal data based on: performance of a contract (delivering the services you or the business requested), legitimate interests (service security, debugging and abuse prevention), and compliance with legal obligations. Where consent is required, we rely on the consent you give when you initiate a conversation or submit a form.
5. Data Sharing
We share personal data only with:
- Meta Platforms, Inc. — as the operator of WhatsApp, Facebook and Instagram, Meta processes messages transmitted over its platforms under its own privacy policy;
- The business you interact with — the content of your conversation is delivered to the business you chose to contact;
- Technology partners — for our financial products (Direkt Finans, AVEbanka), banking connectivity is provided by our partner Finekra under separate data processing agreements;
- Infrastructure providers — hosting and cloud providers that run our servers, bound by data processing agreements.
We do not sell, rent or trade personal data. We may disclose data if required by law or a valid legal process.
6. Data Retention
Message data is retained only as long as necessary to provide the Services and for a maximum of 24 months after the last activity in a conversation, unless a longer period is required by law. Technical logs are retained for up to 90 days. Data belonging to a business account is deleted or anonymized within 30 days after the business terminates its use of the Services.
7. Data Deletion — How to Request Deletion of Your Data
You can request the deletion of all personal data AVE holds about you at any time:
- By email: send a request to info@avebt.com from the account or phone number you used with the Services, with the subject line "Data Deletion Request";
- Through the business: ask the business you communicated with to forward your deletion request to us.
We will verify your request, delete your personal data from our systems within 30 days, and confirm the deletion to you. Note that the business you communicated with and Meta may hold their own copies of the conversation, governed by their respective privacy policies.
8. Security
All data in transit between Meta's platforms and our servers is encrypted using TLS (HTTPS). Access to production systems is restricted to authorized personnel, protected by authentication, and logged. We follow the principle of least privilege and store only the minimum data required to operate the Services.
9. Children
The Services are not directed at children under 13 (or the higher age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.
10. Your Rights
Depending on your jurisdiction (including under the GDPR and KVKK), you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data (see Section 7);
- object to or restrict certain processing;
- receive your data in a portable format;
- lodge a complaint with your supervisory authority (in Turkey, the Personal Data Protection Authority).
To exercise any of these rights, contact us using the details in Section 12.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows when it was last revised. Material changes will be announced through the Services or on this page before they take effect.
12. Contact
- Company: AVE Software & AI (Karabiber Holding)
- Website: avebt.com
- Email: info@avebt.com
KVKK Aydınlatma Metni (Özet)
AVE Software & AI ("AVE"), Karabiber Holding bünyesinde faaliyet gösteren, SAP Business One iş ortağı bir kurumsal yazılım şirketidir. ERP Cep, Direkt Finans ve AVEbanka ürünlerimiz; SAP Business One'ı WhatsApp Business Platform (Meta), Slack, Telegram ve Microsoft Teams gibi platformlara bağlar. 6698 sayılı Kişisel Verilerin Korunması Kanunu ("KVKK") kapsamında veri sorumlusu sıfatıyla sizi aşağıdaki konularda bilgilendiririz.
İşlenen Kişisel Veriler
- İletişim verileri: telefon numarası, platform kullanıcı kimliği, profil adı;
- Mesaj içeriği ve meta verileri: işletmeyle paylaştığınız mesajlar, zaman damgaları, iletim durumu;
- Teknik kayıtlar: IP adresi ve sunucu erişim/hata kayıtları;
- Web sitesi verileri: iletişim formu üzerinden ilettiğiniz ad, e-posta ve şirket bilgileri.
İşleme Amaçları ve Hukuki Sebep
Verileriniz; mesajların ve ERP sorgularının iletilmesi, hizmetin sunulması ve güvenliğinin sağlanması amacıyla, KVKK md. 5/2 uyarınca sözleşmenin ifası ve meşru menfaat hukuki sebeplerine dayanılarak işlenir. Verileriniz reklam amacıyla kullanılmaz ve üçüncü kişilere satılmaz.
Aktarım
Veriler yalnızca Meta Platforms, Inc.'e (platform işleticisi olarak), etkileşimde bulunduğunuz işletmeye, finansal ürünlerde bankacılık altyapı ortağımız Finekra'ya ve barındırma hizmeti sağlayıcılarımıza aktarılır.
Saklama ve Silme
Mesaj verileri son etkinlikten itibaren en fazla 24 ay, teknik kayıtlar en fazla 90 gün saklanır. Silme talebinizi info@avebt.com adresine "Veri Silme Talebi" konusuyla iletebilirsiniz; talebiniz 30 gün içinde sonuçlandırılır.
Haklarınız
KVKK md. 11 kapsamındaki haklarınızı (bilgi talep etme, düzeltme, silme, itiraz vb.) yukarıdaki e-posta adresi üzerinden kullanabilir, gerekirse Kişisel Verileri Koruma Kurumu'na başvurabilirsiniz.