Política de Privacidad
Fecha de vigencia: 21 de febrero de 2026
1. Quiénes Somos
Nex Habit LLC, 2093 Philadelphia Pike 8077, CLAYMONT DE 19703, United States (“we,” “us,” “our”) provides AI‑assisted customer support, inbox, and messaging solutions (“Services”). Contact: privacy@comturk.com.
2. Alcance
- Website/app users and workspace members
- End users who message through channels connected to our platform (web widget, Instagram, Facebook, WhatsApp, Telegram, email)
- Business contacts and support interactions
Data Controller vs. Processor:
- Controller: Comturk acts as the data controller for personal data collected through our website (e.g., account registration, cookies, analytics) and from business contacts.
- Processor: When processing Customer Content (messages, conversations, end‑user data) on behalf of our business customers, Comturk acts as a data processor. Our customers remain the controller for their end‑user data and are responsible for providing appropriate notices and obtaining necessary consents.
3. Información que Recopilamos
- Account & Profile: name, email, role, company, auth identifiers.
- Communications: messages, attachments, metadata, channel/page/IG IDs, email headers, delivery/read states.
- Integrations: tokens/IDs to connect channels (Instagram/Facebook/email), stored securely and minimally.
- Usage & Device: logs, IP, browser/OS, timestamps, diagnostics, analytics.
- Cookies: session and preference cookies; see Cookie Policy.
- Billing (if applicable): subscription and payment metadata via payment processors.
- Support: content provided in tickets/chats.
4. Cómo Usamos los Datos
- Provide, secure, and operate the Services
- Authenticate users; enforce workspace/account permissions
- Route and process messages across connected channels
- Communicate service notices and support
- Improve functionality and performance
- Comply with legal obligations and enforce terms
5. Bases Legales (EEE/RU, si aplica)
Contract, Legitimate Interests, Consent (where required), Legal Obligations.
6. Compartir
We do not sell personal data. We share with:
- Service providers (hosting, email, analytics, AI processing) under DPAs
- Channel providers you connect (Meta/Instagram/Facebook, email) to deliver messages
- Legal/safety, and business transfers (if applicable)
7. Transferencias Internacionales
We may transfer data internationally using safeguards (e.g., SCCs) and technical/organizational measures.
8. Retención
We retain personal data only as long as necessary for the purposes described in this Policy, your account settings, or as required by law.
| Categoría de Datos | Período de Retención |
|---|---|
| Account & profile data | Duration of account + 30 days |
| Messages & conversations | Per customer workspace settings (default: duration of subscription) |
| Billing & invoice records | 7 years (legal/tax requirement) |
| Server & access logs | 90 days |
| AI processing logs | 30 days |
| Cookie & analytics data | Per cookie durations (see Cookie Policy) |
You may request deletion of your data at any time (see “Your Rights” below).
9. Seguridad
Encryption in transit (TLS 1.2+) and at rest, role‑based access controls, least‑privilege, continuous monitoring, and regular security assessments. No method is 100% secure; we continually improve.
10. Tus Derechos
Subject to law, you may request access, correction, deletion, restriction, objection, and portability; withdraw consent (where used). Contact: privacy@comturk.com. If you’re an end user of our customer, we may redirect you to that organization.
11. Cookies
We use necessary cookies for authentication/session and may use analytics and session-recording cookies to improve the Service. Where required, we seek consent. You can control cookies via browser settings and our banner (if shown). For details, see our Política de Cookies. You may also adjust your preferences at any time via Cookie Settings.
12. Servicios de Terceros‑Party Services and Channels
When you connect channels (e.g., Instagram, Facebook, WhatsApp, Telegram, email), data flows under those platforms’ terms and policies. Specifically:
- Meta (Instagram & Facebook Messenger): Subject to Meta Platform Terms and Meta Privacy Policy.
- WhatsApp Business: Subject to WhatsApp Business Terms and WhatsApp Privacy Policy. Messages are end‑to‑end encrypted between end users and WhatsApp; we receive message content via the WhatsApp Business API.
- Telegram: Subject to Telegram Términos de Servicio and Telegram Privacy Policy. We interact via the Telegram Bot API.
- Email (IMAP/SMTP): We connect to your email provider using credentials you supply. Data handling is subject to your email provider’s terms.
12a. Procesamiento de Datos por IA
When AI features are enabled in your workspace:
- Data Sent: Message text content and relevant conversation context are sent to AI providers to generate responses. File attachments, images, and metadata (IP addresses, device info) are not sent to AI providers unless you explicitly enable attachment analysis.
- AI Providers: We may use services from OpenAI, Google (Gemini), and Anthropic (Claude) for AI processing. The specific provider depends on your workspace configuration.
- No Training: Your data is not used to train, fine‑tune, or improve any third‑party AI models. All AI providers are contractually prohibited from using your data for model improvement.
- Retention: AI providers retain input/output data for up to 30 days for abuse monitoring only, then delete it.
13. Menores
Not directed to children; we do not knowingly collect children’s data.
14. Cambios
We may update this Policy. We’ll post a new effective date and, where material, notify you via the Service or email.
15. Contacto
Nex Habit LLC
2093 Philadelphia Pike 8077
CLAYMONT DE 19703
United States
Email: privacy@comturk.com
16. Sub‑Processors
We use the following categories of sub‑processors to deliver our Services:
| Sub‑Processor | Purpose | Location |
|---|---|---|
| Cloud Infrastructure Provider | Hosting, storage, compute | EU / US |
| OpenAI | AI response generation | US |
| Google (Gemini) | AI response generation | US |
| Anthropic | AI response generation | US |
| Payment Processor | Billing, subscription management | US |
| Email Delivery Service | Transactional emails, notifications | US / EU |
| Google (Analytics) | Website analytics & usage metrics | US |
| Microsoft (Clarity) | Session recording & heatmaps | US |
We will notify customers of material changes to sub‑processors with at least 30 days’ advance notice via email or in‑app notification. Customers may object to a new sub‑processor within that notice period.
17. Notificación de Violación de Datos
In the event of a confirmed personal data breach that is likely to affect your rights:
- We will notify affected customers without undue delay and within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
- Notification will include: (a) nature of the breach; (b) categories and approximate number of data subjects affected; (c) likely consequences; (d) measures taken or proposed to address the breach.
- We will cooperate with affected customers in their obligations to notify data protection authorities and data subjects.
18. Divulgaciones Regionales (Suplementarias)
- EEA/UK: You may lodge a complaint with your data protection authority. Our legal basis for processing is detailed in Section 5 above.
- California (CCPA/CPRA):
- We do not “sell” or “share” personal information as defined by CCPA/CPRA.
- Categories of PI collected: identifiers, commercial information, internet activity, professional information, and inferences drawn from the above.
- You have the right to know, delete, correct, and opt out of the sale/sharing of personal information. We do not use sensitive personal information for purposes beyond providing the Services.
- To exercise your rights, contact privacy@comturk.com. We will respond within 45 days.
- Türkiye (KVKK): You may apply to exercise your rights (learn whether your data is processed; request correction/deletion; object in certain cases; request transfer to third parties) via privacy@comturk.com. We will respond within 30 days as required by KVKK.