Privacy Policy

Privacy Policy

This Privacy Policy explains how billy A.Ş. collects, uses, shares, and protects personal data on our websites and services, including billy.com.tr. We follow the principles of Turkey’s Personal Data Protection Law No. 6698 (“KVKK”) and applicable legislation.

Effective date: January 2, 2026 Contact: [email protected]

1) Who we are

billy A.Ş. provides digital receipt delivery and analytics solutions to merchants. Our websites include billy.com.tr and may include service subdomains used to display receipts (e.g., receipt pages).

Address
Altınşehir Mah. 228. Sok. No:44, 16120 Nilüfer / Bursa, Türkiye
Email
[email protected]

2) Scope

This Privacy Policy applies to personal data processed when you:

  • visit our website and submit lead/contact forms,
  • view a digital receipt page delivered via QR/NFC/link,
  • use merchant or admin interfaces where available.

The policy does not cover third-party websites or services linked from our pages. Their privacy practices apply.

3) What data we process

Website leads & contact
  • Identity/contact: name, work email, company/brand, message content (if provided).
  • Technical: IP address, device/browser info, logs, timestamps (for security and troubleshooting).
Receipt viewing (end customers)
  • Receipt data: purchase and receipt details provided by the merchant (items, amounts, store, date/time, etc.).
  • Token/link data: receipt link token and access logs.
  • Technical: IP address, device/browser info, page interactions (e.g., “view breakdown”).

By default, receipt links can be designed to work without collecting personal identifiers. Merchants may enable optional flows that collect additional data (e.g., phone/email) with a proper legal basis and notices.

Optional features (merchant-enabled)
  • Feedback / ratings: if the merchant enables feedback modules, we process the submitted rating/feedback and related technical logs.
  • Promotional content on receipt pages: promotional banners may be shown when you open a receipt link. This is not “push” marketing; content is displayed only upon page visit.

4) Purposes & legal grounds

We process personal data for the purposes below, based on KVKK and other applicable laws (as relevant):

  • Provide the service: generate and display digital receipts; operate merchant dashboards; support and troubleshooting.
  • Security: prevent fraud, protect systems, maintain logs, and ensure availability.
  • Business communication: respond to your requests, schedule demos, and manage sales leads.
  • Compliance: meet legal and regulatory obligations where applicable.

Where consent is required (e.g., optional marketing communications), we will request it separately and provide opt-out options.

5) Controller / Processor roles

  • Merchant customer receipt data: In most cases, billy A.Ş. acts as a data processor on behalf of the merchant (the data controller). Roles may vary depending on the specific integration and business model.
  • billy.com.tr website leads: billy A.Ş. acts as the data controller for personal data collected via our own website forms.

6) Sharing & transfers

We may share personal data with:

  • Service providers (e.g., hosting/cloud infrastructure such as AWS) to operate our systems.
  • Merchants (as controllers) for receipt delivery, support, and contractual operations.
  • Authorized institutions if required by law.

Our infrastructure may involve processing and storage on cloud systems. If data is transferred abroad, we take steps to comply with applicable cross-border transfer requirements under KVKK (e.g., contractual safeguards and/or explicit consent where required).

Key suppliers

Hosting / cloud infrastructure: AWS

Analytics tools (e.g., Google Analytics) and SMS/email sending providers are currently not listed/active in this version (if enabled later, this policy and cookie notices will be updated).

7) Retention

We retain personal data only for as long as necessary for the purposes stated above, and as required by law. Retention periods for receipt data may be defined in our agreements with merchants and by applicable obligations.

8) Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. Measures may include access controls, encryption in transit, monitoring, and least-privilege permissions.

9) Your rights (KVKK)

Subject to KVKK and applicable laws, you may request:

  • to learn whether your personal data is processed,
  • information about processing purposes and whether data is used accordingly,
  • correction of incomplete or inaccurate data,
  • deletion or destruction under legal conditions,
  • notification of third parties to whom data has been transferred,
  • objection to outcomes against you arising from analysis,
  • compensation of damages where applicable.

To exercise your rights, contact us at [email protected]. If your request relates to a merchant’s receipt flow, the merchant may be the relevant controller and we may direct you accordingly.

10) Cookies

We may use necessary cookies to ensure the website operates properly and to remember your cookie preferences. If optional cookies (analytics/marketing) are enabled in the future, we will show a consent banner and update our cookie inventory accordingly.

For details, please see our Cookie Policy.

11) Updates

We may update this Privacy Policy from time to time. The latest version will be published on our website and will take effect on the date of publication.

12) Contact

For questions or requests related to this Privacy Policy, contact us:

Address
Altınşehir Mah. 228. Sok. No:44, 16120 Nilüfer / Bursa, Türkiye

This document is provided for informational purposes. Merchant-specific notices may apply on receipt pages depending on the merchant’s configuration and legal basis.