Privacy Policy

Last updated: 02.04.2026

Table of Contents

Who We Are

SuponAI is an AI-powered chatbot platform. This Privacy Policy explains how we collect, use, share and protect your personal information when you use our services.

Data Controller
Website: https://suponai.com
Email: info@suponai.com

Roles & Responsibilities

Our service involves three distinct parties, each with specific data protection roles:

Platform (Data Processor) — SuponAI

Provides the chatbot infrastructure, technically processes messages and generates AI responses. Acts as the Data Processor under KVKK/GDPR. Does not determine the purpose of personal data collection; processes data solely according to customer instructions.

Customer / Subscriber (Data Controller)

The user who creates a chatbot and integrates it into their website. Acts as the Data Controller under KVKK/GDPR. Determines what data is collected from visitors and for what purpose. Is responsible for informing visitors, obtaining necessary consents, and complying with their own privacy policy.

Visitor (Data Subject)

The end user who sends messages through the chatbot widget. Acts as the Data Subject under KVKK/GDPR. May exercise their rights regarding the processing of their personal data.

Important: SuponAI is not responsible for ensuring its customers' (subscribers') compliance with data protection laws. As a chatbot owner, you are responsible for fulfilling all legal obligations (privacy notices, consent, etc.) for the chatbot integrated into your website.

KVKK / GDPR Compliance

SuponAI places great importance on the protection of personal data within the framework of Turkish Personal Data Protection Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR).

What is Personal Data?

Under KVKK, personal data refers to "any information relating to an identified or identifiable natural person."

Legal Basis

We process your personal data based on the following legal grounds:

  • Your explicit consent (KVKK Art.5/1)
  • Necessity for the performance of a contract (KVKK Art.5/2-c)
  • Compliance with legal obligations (KVKK Art.5/2-ç)
  • Legitimate interests of the data controller (KVKK Art.5/2-f)

Your Rights Under KVKK

Pursuant to Article 11 of KVKK, you have the following rights:

  • To learn whether your personal data is processed
  • To request information about the processing if data has been processed
  • To learn the purpose of processing and whether data is used accordingly
  • To know the third parties to whom your data is transferred domestically or abroad
  • To request rectification of incomplete or inaccurate data
  • To request erasure or destruction under KVKK Art.7
  • To object to a result arising exclusively from automated processing
  • To claim compensation for damages arising from unlawful processing

Data We Collect

Account Information

  • Full name
  • Email address
  • Password (stored encrypted with bcrypt)

Usage Data

  • IP address (depending on chatbot settings)
  • Browser type and version
  • Device information
  • Pages visited and timestamps

Chatbot Message Data

  • Message contents between visitors and the chatbot
  • Session and conversation identifiers
  • Message dates and times
  • Word counts (for credit calculation)

Payment Information

Payment processing is handled by a third-party payment provider. We do not store your credit card information.

Processing Purposes

We process your personal data for the following purposes:

  • Providing and maintaining the AI chatbot service
  • Account and subscription management
  • Credit usage tracking and billing
  • Service quality improvement and analytics
  • Security, fraud prevention and abuse detection
  • Compliance with legal obligations
  • Customer support

Processing of Chatbot Messages

Messages sent through the chatbot are processed as part of our core service:

Message Recording

All conversations with the chatbot are recorded on our servers. These records:

  • Are required for AI response generation
  • Are used to maintain conversation context
  • Are necessary for credit usage calculation
  • Are stored for the retention period set by the chatbot owner (subscriber) and then automatically deleted

Chatbot Owner Access

The chatbot owner (subscriber) has access to conversations of their own chatbot through the management panel. This access is provided to help them deliver better service to their customers:

  • Customer service quality: Verifying accuracy and quality of AI responses, preventing incorrect or misleading information
  • Knowledge base improvement: Analyzing frequently asked questions and unanswered topics to update the chatbot knowledge base
  • Understanding customer needs: Identifying common visitor issues to improve products and services

Chatbot owners are responsible for using the conversation data they access only for the legitimate purposes stated above and for complying with their obligations under GDPR/KVKK.

Platform Access

As SuponAI, we do not systematically read the private content of chatbot conversations. However, we reserve the right to access message data in the following circumstances:

  • Detection of illegal and harmful content: Identification and prevention of hate speech, harassment, fraud, illegal activities, and similar misuse
  • Platform security: Prevention of spam, malware distribution, or activities threatening the technical security of the platform
  • Legal obligations: Retention of records that may serve as evidence upon request of competent authorities or in legal disputes
  • Abuse reports: Investigation of complaints and reports received from third parties

AI Processing

Chatbot messages are sent to the OpenAI API for response generation. For OpenAI's data processing policies, see: OpenAI Privacy Policy

Visitor Notice: The chatbot widget displays a notice informing users that the conversation is being recorded. The chatbot owner can customize this notice in their privacy settings.

Data Sharing

We may share your personal data with third parties only in the following circumstances:

  • To comply with legal requirements and court orders
  • With sub-processors that help us provide the service (listed below)
  • To protect our rights, security or property
  • With your explicit consent

We never sell your personal data to third parties.

Sub-Processors

We use the following third-party sub-processors to provide our services:

Service Purpose Location
OpenAIAI response generationABD / USA
Hosting ProviderServer hostingTurkey
ShopinextPayment processingTurkey

Cookies

We use cookies and similar technologies to enhance your experience on our platform.

Type Purpose Duration
EssentialLogin, security and core functionalitySession
FunctionalRemembers your preferences (language, theme)1 year
AnalyticsUsage analysis and improvement2 years

For our detailed cookie policy: Cookie Policy

Data Security

We implement appropriate technical and organizational measures to protect your data:

  • SSL/TLS encryption for all data transmission
  • Password hashing with bcrypt algorithm
  • Role-based restricted access to personal data
  • Regular security monitoring and updates
  • Regular data backups
  • Rate limiting and brute-force protection

Data Retention

We retain your personal data as long as your account is active or as needed to provide our services.

  • Chatbot messages: Automatically deleted according to the retention period set by the chatbot owner (7 days to 1 year).
  • Account data: Retained until account closure. Deleted within a legally compliant timeframe after account closure.
  • Security logs: Retained for a maximum of 90 days.

Your Rights

Under KVKK, GDPR and other applicable laws, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Data Portability

Receive your data in a machine-readable format

Right to Restriction

Request limitation of data processing

Right to Object

Object to the processing of your data

Withdraw Consent

Withdraw your consent at any time

To exercise your rights, use our Data Request Form or email info@suponai.com. We will respond within 30 days.

Children's Privacy

Our services are not designed for users under 18 years of age. We do not knowingly collect personal data from children. If we learn that a person under 18 has provided us with personal data, we will delete it as soon as possible.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of our services after changes are published constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: info@suponai.com

Website: https://suponai.com

Terms of Service Cookie Policy Sales Agreement Data Deletion Request
Back to Home