Privacy Policy

Estiq (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, your rights as a data subject, and how to contact us with privacy-related requests.

This policy applies to all users of the Estiq platform and associated services. We comply with the European Union General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK — Law No. 6698).

The data controller responsible for your personal data is Estiq. You may contact us at any time at destek@estiq.app.

We collect the following categories of personal data:

• Account data: Name, email address, phone number, and professional information you provide during registration or in your profile.
• Content data: Notes, voice recordings, customer records, property records, reminders, and other content you create within the platform.
• Usage data: Log files, IP addresses, browser type, device identifiers, pages visited, and time spent on features — collected automatically when you use the Service.
• Payment data: Billing address and payment method details (processed directly by our payment processor; we do not store full card numbers).
• Communication data: Email correspondence, support tickets, and demo request submissions.

We process your data on the following legal bases:

• Contract performance: Processing necessary to provide the Service you subscribed to.
• Legitimate interests: Improving the platform, preventing fraud, and ensuring security.
• Legal obligation: Compliance with applicable laws (e.g., tax and financial record-keeping).
• Consent: Where required, we obtain your explicit consent (e.g., marketing communications). You may withdraw consent at any time.

We use your data to:

• Provide, operate, and maintain the Service.
• Process subscription payments and manage billing.
• Respond to your support requests and inquiries.
• Send transactional emails (account confirmation, billing receipts, service updates).
• Analyze usage patterns to improve features and performance (using aggregated, anonymized data where possible).
• Detect and prevent fraud, abuse, and security incidents.
• Comply with applicable laws and legal obligations.

When you use voice note features, your audio is transcribed to text. The resulting transcription and, optionally, the note content are processed by automated analysis to extract tasks, follow-up actions, and other structured information.

Audio recordings are processed in real time and are not permanently stored after transcription. Transcribed text and extracted data are stored as part of your account content. We do not use your content data to train general AI models.

We do not sell or rent your personal data. We may share data with:

• Service providers: Trusted third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, email delivery). These vendors process data on our behalf under binding data processing agreements.
• Legal authorities: When required by law, regulation, court order, or to protect our legal rights and the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account cancellation or termination:

• Your data is retained for 60 days after account expiry to allow for reactivation or export.
• After 60 days, account data is deleted from our systems, except where retention is required by law (e.g., financial records, which may be kept for up to 10 years).
• Anonymized and aggregated usage statistics may be retained indefinitely.

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, regular security assessments, and incident response procedures.

No method of transmission or storage is 100% secure. If we become aware of a data breach that affects your rights, we will notify you and the relevant authorities as required by applicable law.

Our service infrastructure may process and store data in data centers located in the EU or other jurisdictions. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or equivalent mechanisms) to protect your data in accordance with GDPR.

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a machine-readable export of your data.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdrawal of consent: Withdraw any consent you have given at any time.

To exercise any of these rights, contact us at destek@estiq.app. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (for Turkey: KVKK Authority; for EU: your national DPA).

We use essential cookies and local storage to maintain your session and preferences (such as your selected theme). We do not use third-party advertising or tracking cookies.

We may use first-party analytics to understand aggregate usage patterns. These analytics do not identify you personally and do not share data with third-party advertisers.

The Service is intended for adults (18 years and older) and professional users. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before changes take effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

For privacy-related questions or requests, contact: destek@estiq.app