プライバシーポリシー

1. データ管理者

Acting as the data controller, Morfoz Ltd. is registered at 128 City Road, London EC1V 2NX, United Kingdom (Companies House No. 14728392). For data processed by the Istanbul branch, the local data controller is Morfoz Yazılım ve Bilişim Hizmetleri Ltd. Şti.

2. 収集するデータ

The following personal data may be processed when you use the Service:

• アカウント情報: First name, last name, email address, password hash, billing address.
• アシスタント/クローン学習データ: Text you upload, voice samples, images, product information, and other content.
• 会話データ: Records of your assistants' conversations with end users (for quality and training).
• 使用データ: IP address, browser type, session duration, clickstream, cookie information.
• 支払いデータ: We do not store card details; our payment service provider (Stripe) tokenizes and processes them.

3. Purposes and 法的事項 Basis for Processing

We process your data only for the following purposes, based on a valid legal ground:

• 契約履行: Service provision, account management, billing.
• 正当な利益: Service quality improvement, fraud prevention, security.
• 明示的同意: Marketing communications, cookies (other than necessary), optional analytics.
• 法的事項 obligation: Tax, accounting, response to legal requests.

4. データ保持

We retain your account data until you delete your account. After a deletion request, all personal data is permanently deleted within 30 days; backups are cleared within 90 days at the latest. Data we are required to retain by law (e.g., invoices, tax records) is kept for the period specified in the relevant law.

5. データ共有

We do not sell your data. We share it with third parties only in the following cases:

• 処理者: Cloud infrastructure providers (AWS, Cloudflare), payment processor (Stripe), email service (Postmark) — all under GDPR-compliant contracts.
• 法的事項 talepler: When required by a valid court order or legal obligation.
• 譲渡/合併: In case of company transfer or merger, to the new owner (with 30 days prior notice to you).

6. 国際データ転送

Morfoz infrastructure is hosted in the European Union (Frankfurt) and the United Kingdom (London) regions. Data collected from Turkey is transferred under explicit consent and standard contractual clauses. Required safeguards for cross-border data transfer are provided in accordance with Article 9 of KVKK.

7. あなたの権利

You have the following rights under GDPR and KVKK:

• Access your personal data and obtain a copy
• Request correction of inaccurate data
• Request erasure of your data ("right to be forgotten")
• Restrict processing or object to it
• Port your data in a machine-readable format
• Withdraw your consent (without retroactive effect)

To exercise these rights, write to support@aigap.com. We respond within 30 days.

8. Cookie

Our site uses only necessary cookies for session management and (with consent) anonymous analytics cookies. We do not place advertising cookies. You can update your cookie preferences at any time from your browser or the cookie panel on the site.

9. セキュリティ

Data is encrypted with TLS 1.3 in transit and AES-256 at rest. Access is bound to strict role-based permissions and audited. We are in the SOC 2 Type II preparation process. In case of suspected breach, we notify the relevant authority and affected users within 72 hours.

10. 子供のデータ

The Service is not intended for individuals under 16. We do not knowingly collect data from a child under 16.

11. ポリシー変更

We may update this policy from time to time. Material changes will be notified at least 30 days in advance via email and on the site.

12. 苦情

If you are not satisfied with our data processing, you may file a complaint with the UK ICO (ico.org.uk) or, in Turkey, with the KVKK Authority (kvkk.gov.tr).