AcademiaBus

Privacy Policy

Last updated: February 23, 2026 • Version 3

Service Provider

Academia Marmara Eğitim Bilişim Danışmanlık Anonim Şirketi

1. Overview

AcademiaBus ("We", "Our", "Platform") places great importance on protecting the privacy of our users. This Privacy Policy explains how your personal data is collected, processed, stored, and protected when using our platform.

AcademiaBus is a multi-tenant business management platform designed for companies. Our platform provides Customer Relationship Management (CRM), task and project management, document management, calendar and meeting scheduling, instant messaging, visit tracking, personnel management, and subscription-based services.

By using our platform, you agree to the terms outlined in this Privacy Policy.

2. Personal Data Collected

2.1. Account and Identity Information

  • First and last name – For user account creation and authentication
  • Email address – For login, notifications, and communication
  • Phone number – Optional, for communication purposes
  • Job title / position – For role identification within the company
  • Profile picture – For personalizing the user experience
  • Preferred language – For interface language preferences
  • Password (hashed) – For secure authentication

2.2. Company Information

  • Company name and contact details
  • Tax identification number
  • Industry information
  • Address details
  • Company logo

2.3. Customer Relationship Management (CRM) Data

  • Customer name, email, phone, and address information
  • Customer contact persons and notes
  • Customer status and sub-status information
  • Sales pipeline data and stage transitions
  • Reminders and follow-up information
  • Customer activity history
  • Customer-related files and attachments

2.4. Task and Project Management Data

  • Task titles, descriptions, and priorities
  • Task assignments and followers
  • Task comments and activity history
  • Task attachments (files, images)
  • Checklist items
  • Archived task data
  • Project information

2.5. Communication Data

  • Instant messaging content (one-to-one and group chats)
  • Chat room information and memberships
  • Notification records
  • Email account information (if integrated)
  • Sent and received emails
  • Email templates

2.6. Calendar and Meeting Data

  • Calendar events and appointments
  • Meeting requests and approval statuses
  • Meeting participant information
  • Google Calendar integration data (authorization tokens, linked calendar IDs)

2.7. File and Document Management Data

  • Uploaded files and documents
  • Document versions and approval history
  • File sharing information and permissions
  • Folder structure and access privileges
  • Google Drive integration data (authorization tokens)

2.8. Visit Tracking Data

  • Visit date, time, and duration
  • Visit purpose and notes
  • Visit status information
  • Visiting personnel details

2.9. Payment and Subscription Information

  • Subscription plan and status
  • Payment history and amounts
  • Invoice details
  • Payment provider reference numbers (Polar.sh)

Important: Credit card numbers, CVV codes, and similar sensitive payment information are never stored on our platform. This information is securely processed by our PCI DSS-compliant payment provider, Polar.sh.

2.10. Technical and Usage Data

  • IP address
  • Browser type and version
  • Last login date and time
  • Last activity time
  • Session information (cookies)

3. Purposes of Data Processing

Your personal data is processed for the following purposes:

  1. Service delivery: Providing platform features (CRM, task management, messaging, document management, etc.)
  2. Account management: Creating user accounts, authentication, and authorization
  3. Communication: Sending notifications, system alerts, and responding to support requests
  4. Payment processing: Subscription management, invoicing, and payment tracking
  5. Security: Preventing unauthorized access, brute-force protection, IP-based security
  6. Legal obligations: Maintaining records required by applicable regulations
  7. Service improvement: Enhancing platform performance and user experience
  8. Integration services: Enabling third-party integrations such as Google Calendar and Google Drive

4. Data Storage and Security

4.1. Data Storage

  • Your data is stored in encrypted databases on secure servers.
  • Each company's data is completely isolated from others through our multi-tenant architecture.
  • Passwords are stored using industry-standard hashing algorithms and are never kept in plain text.

4.2. Security Measures

  • SSL/TLS encryption: All data transmission is encrypted with 256-bit SSL certificates.
  • Role-Based Access Control (RBAC): Each user's access is limited by roles defined by the company administrator.
  • Brute-force protection: Failed login attempts are monitored, and IP addresses are automatically blocked beyond a certain threshold.
  • IP-based authorization: IP restriction mechanisms are used for API access.
  • Session management: Secure cookie policies and automatic session timeouts are enforced.
  • PCI DSS compliance: Payment transactions are processed through PCI DSS-compliant Polar.sh infrastructure.

4.3. Data Retention Periods

  • Active account data: Retained as long as the account remains active.
  • Deleted user data: Marked as "deleted" upon user removal; permanently destroyed after legal retention periods expire.
  • Payment records: Retained for a minimum of 10 years in accordance with legal regulations.
  • Log records: Security-related log records are retained for at least 1 year.
  • Archived tasks: Retained for the period determined by the company administrator.

5. Data Sharing

5.1. Sharing with Third Parties

Your personal data is not shared with third parties except in the following circumstances:

  • Payment provider (Polar.sh): Minimum necessary information (email, company ID) is shared for processing subscriptions and payments.
  • Google Services: With the user's explicit consent, authorization information is shared for Google Calendar and Google Drive integrations.
  • Legal requirements: When disclosure is required by court order, prosecutorial request, or legal regulation.

5.2. Intra-Company Data Access

Due to our multi-tenant architecture:

  • Each company's data is accessible only by users belonging to that company.
  • Company administrators can view all user activities and data within their company.
  • Pipeline stage approval mechanisms control access to sensitive data.
  • File and folder permissions restrict document access.

6. Cookies

Our platform uses the following types of cookies:

  • Essential cookies: Session management and authentication (ASP.NET identity cookies)
  • Preference cookies: Language preferences, interface settings, menu open/close states
  • Security cookies: Anti-forgery tokens (CSRF protection)

No advertising cookies are used on our platform.

7. User Rights

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

  1. Right to information: To know whether your personal data is being processed
  2. Right of access: To request access to your processed personal data
  3. Right to rectification: To request correction of incomplete or inaccurate data
  4. Right to erasure: To request deletion or destruction of your personal data
  5. Right to object: To object to the processing of your personal data
  6. Right to data portability: To request your data in a structured format
  7. Right against automated decision-making: To object to decisions based solely on automated processing

To exercise these rights, you may submit a written request to info@academiabus.com. Requests will be responded to within 30 days at the latest.

8. Data Breach Notification

In the event of a potential data breach:

  • Relevant regulatory authorities will be notified within 72 hours.
  • Affected users will be informed via email within a reasonable timeframe.
  • Immediate technical measures will be taken to address the breach.

9. International Data Transfer

Your data may be processed in the countries where our platform's servers are located. When international data transfers occur, we ensure that adequate data protection safeguards are in place.

10. Children's Privacy

AcademiaBus does not provide services intended for individuals under the age of 18. We do not knowingly collect personal data from individuals under 18. If such a situation is identified, the relevant data will be deleted immediately.

11. Policy Updates

This Privacy Policy may be updated in accordance with legal regulations, service changes, or security requirements. Significant changes to the policy will be announced through platform notifications and/or sent to your registered email address.

Continuing to use the updated policy constitutes your acceptance of the changes.

12. Contact

For questions, requests, or complaints regarding our privacy policy or your personal data, you may contact us:

  • Email: info@academiabus.com
  • Web: www.academiabus.com

Last updated: February 2026

Back