Summary: At e9e, we value your privacy. This policy explains how we collect, use, and protect your personal data.
1. Introduction
Tabbyte Teknoloji ve Danışmanlık Limited Şirketi ("e9e", "we", "our") is committed to protecting the personal data of all users ("you", "user") who use our platform. This Privacy Policy explains how your personal data is collected, processed, and protected when you use our services through the e9e.io website and mobile applications.
2. Data We Collect
2.1. Data You Provide Directly
- Account Information: Name, email address, phone number, company name
- Profile Information: Profile photo, job title, industry
- Communication Data: Support requests, feedback
- Payment Information: Billing address, payment method details (credit card data is processed by our secure payment provider)
2.2. Automatically Collected Data
- Usage Data: Platform activities, click data, session duration
- Device Information: IP address, browser type, operating system, device ID
- Cookie Data: Session cookies, preference cookies, analytics cookies
- Location Data: Approximate location derived from IP address
2.3. Data from Third Parties
- Profile information from integrated platforms like LinkedIn and Google
- Transaction confirmation from payment processors
- Lead information compiled from publicly available sources (Google Maps, business directories, professional networks, social media platforms, corporate websites)
- Business contact information obtained from search engine results
- Contact information enriched through third-party data providers and API services
3. How We Use Your Data
We use collected data for the following purposes:
- Providing and improving our services
- Creating and managing your account
- Customer support
- Processing payments
- Security and fraud prevention
- Legal compliance
- Marketing communications (with your consent)
- Analytics and service improvement
- Data collection, compilation, and enrichment from publicly available sources to provide lead information to our users
- AI-powered lead scoring and prioritization
- Lead data verification and currency checks
4. Data Sharing
We do not share your personal data with third parties except:
- Service Providers: We work with third-party service providers in the following categories for infrastructure, analytics, payment processing, data collection, and enrichment services:
- Cloud Infrastructure - Server hosting and database (EU / UK)
- Search API Services - Search engine results querying (USA)
- Web Data Collection Services - Data compilation from public sources (EU / USA)
- Artificial Intelligence Services - Data enrichment and analysis (USA)
- Payment Processing - Payment infrastructure (EU / UK)
- Email Infrastructure - Email delivery services (EU / USA)
- Analytics - Usage analytics (EU / USA)
Data Processing Agreements (DPA) have been executed with all service providers. Standard Contractual Clauses (SCC) are applied for international data transfers. - Legal Requirements: When required by law or authorities
- Business Transfers: In case of merger or acquisition
- With Consent: With your explicit permission
5. Data Security
We implement the following measures to protect your data:
- SSL/TLS encryption for data transmission
- AES-256 encryption for data storage
- Regular security audits
- Access control and authorization
- Employee training
- Security incident response plans
6. Data Retention
| Data Type | Retention Period |
|---|
| Account Information | While account is active + 2 years |
| Transaction Records | 10 years (legal requirement) |
| Usage Data | 2 years |
| Support Requests | 3 years |
| Marketing Consent | Until consent is withdrawn |
| Lead (Prospective Customer) Data | While user account is active, deleted within 30 days upon request |
7. Your Rights
Under GDPR and applicable laws, you have the following rights:
- Right to Access: Request access to your data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Request restriction of processing
- Right to Portability: Receive your data in portable format
- Right to Object: Object to data processing
8. Google API Services & Gmail Data
e9e integrates with Google API Services, including Gmail API, to provide email marketing and communication features. This section describes how we handle data obtained through Google APIs.
8.1. Gmail Data We Access
When you connect your Gmail account to e9e, we request access to:
- Send emails (gmail.send): To send marketing emails and automated campaigns on your behalf
- Read emails (gmail.readonly): To track email delivery status, replies, and engagement metrics
- Modify emails (gmail.modify): To manage email labels and organize your inbox for campaign tracking
- Basic profile information: Your email address and name for account identification
8.2. How We Use Gmail Data
We use Gmail data exclusively for:
- Sending email campaigns and automated sequences you create
- Email warm-up to improve deliverability of your email account
- Tracking email opens, clicks, and replies for campaign analytics
- Managing your inbox organization related to campaigns
We do NOT:
- Read, scan, or analyze the content of your personal emails
- Share your Gmail data with third parties for advertising
- Use Gmail data for any purpose other than providing our email services
- Store email content beyond what is necessary for service delivery
8.3. Gmail Data Storage & Security
- OAuth tokens are encrypted using AES-256 and stored securely
- We only store metadata (send status, timestamps) not email content
- Access tokens are automatically refreshed and old tokens are invalidated
- All Gmail API communications use HTTPS/TLS encryption
8.4. Revoking Gmail Access
You can disconnect your Gmail account at any time:
Upon disconnection, we delete your Gmail access tokens within 24 hours.
8.5. Google API Services Limited Use Disclosure
e9e's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
9. Lead Data Processing (Prospective Customer Data)
The e9e platform collects and processes data from publicly available sources to provide lead information to its users. This section explains how such data is collected, processed, and protected.
9.1. Lead Data Collected
- Business information: Trade name, address, phone number, email address, website
- Professional profile information: Name, job title, company name, city/country
- Social media profile information: Username, bio/description, follower count, profile URL
- Business ratings: Star rating, review count, business category
- Geographic location data: Latitude/longitude coordinates, city, country
9.2. Data Collection Sources
- Google Maps and map services (business information)
- Search engine results and web directories
- Publicly available professional profile information
- Publicly available social media profiles
- Contact information from corporate websites
9.3. Data Collection Methods
- Automated search and compilation through search engine APIs
- Web scraping technologies
- Third-party data providers and API services
- AI-powered data enrichment and verification
9.4. Legal Basis
Processing of lead data is based on the following legal grounds:
- Legitimate interest (GDPR Article 6(1)(f) / KVKK Article 5(2)(f)): Compilation and provision of publicly available information for the purpose of providing lead information for business communication
- Performance of contract: Fulfillment of the lead discovery service committed to our users
9.5. Legitimate Interest Assessment
The following factors have been assessed under the legitimate interest basis:
- Only information that has been publicly shared is processed
- Reasonable expectations of data subjects are considered (business contact information may be used for commercial purposes)
- Data subjects are provided with deletion and objection rights
- Collected data is used solely for legitimate business communication purposes
- Sensitive (special category) personal data is not collected
9.6. Lead Data Retention Periods
- Lead data is retained while the user account is active
- Upon account closure, lead data is deleted within 30 days
- Upon data subject deletion request, data is permanently deleted within 30 days
- Inactive lead data (not accessed for more than 6 months) is automatically anonymized or deleted
9.7. Rights of Leads (Data Subjects)
Data subjects whose information is collected through the Platform have the following rights:
- Right to know what data has been collected about them
- Right to request correction of their data
- Right to request deletion of their data (right to be forgotten)
- Right to object to data processing
- Right to request restriction of data processing
Requests regarding these rights can be submitted to info@e9e.io or through the Data Deletion Request Form on the platform.
10. Cookies
For detailed information about our use of cookies, please review our Cookie Policy.
11. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If such data is identified, it will be promptly deleted.
12. International Data Transfer
Your data is processed within the United Kingdom and the European Union. When data transfer to another country is required, appropriate safeguards (standard contractual clauses, etc.) are applied.
13. Policy Changes
We may update this policy from time to time. When significant changes occur, we will notify you via email or in-platform notification.
14. Contact
For privacy-related questions, you can reach us at:
- Email: info@e9e.io
- Address: TABBYTE TECHNOLOGIES LTD, London, United Kingdom
