Privacy Policy

Effective Date: May 17, 2026

This Privacy Policy explains how personal data is collected, processed, shared and protected in connection with the BilgeBot enterprise AI platform, its mobile application and the bilgebot.ai website, provided by Mantis Yazılım Ltd. Şti. ("Mantis").

BilgeBot is a B2B product; in practice, Mantis acts mostly as a data processor on behalf of its institutional customers. Mantis currently operates only in Türkiye, and this Policy is drafted in accordance with the Turkish Personal Data Protection Law (KVKK). For detailed KVKK disclosure, please also see our KVKK Disclosure page.

1. Definitions

  • Mantis: Mantis Yazılım Ltd. Şti.
  • BilgeBot: The enterprise AI platform and mobile application developed by Mantis.
  • Customer: The legal entity that has licensed or otherwise uses BilgeBot.
  • End User: A natural person authorized by the Customer to access BilgeBot.
  • Data Controller: The party that determines the purposes and means of processing personal data.
  • Data Processor: The party that processes personal data on behalf of and under the authority of the Data Controller.
  • LLM Provider: The third party providing the large language model used by BilgeBot.

2. Mantis's Role

ContextMantis's Role
Visitors to bilgebot.aiData Controller
People submitting demo/contact formsData Controller
Customer agreement signatoriesData Controller
BilgeBot platform End User dataData Processor (Customer is the Controller)
Personal data within Knowledge SourcesData Processor (Customer is the Controller)

The Customer–Mantis data processing relationship is governed by a Data Processing Agreement (DPA) attached to the Agreement.

3. Personal Data We Collect

3.1. Website (bilgebot.ai)
  • IP address, browser/device information, pages visited
  • Cookie data and session information
  • Name, surname, organization name, role, email and phone submitted via demo/contact forms
3.2. BilgeBot Platform
  • Account information provided by the Customer's administrator: name, email, user role
  • Login records, IP address, usage logs
  • User queries (processed under the Customer's agreement)
  • Personal data that may be contained in Knowledge Sources (under the Customer's responsibility)
3.3. Mobile App
  • Device identifiers
  • Push notification tokens
  • Crash reports, performance data (anonymous/aggregated)
  • Data accessed within the scope of Device Permissions granted by the user
3.4. Communications and Support
  • Content of support requests
  • Email correspondence and phone call records (where applicable)

4. Purposes of Processing

  • Providing, maintaining and improving the Service
  • Account management, authentication, session security
  • Customer support
  • Contract management and billing
  • Compliance with legal obligations
  • Detection, prevention and response to security incidents
  • Service performance measurement, analysis and improvement (using anonymous/aggregated data)
  • Marketing communications and product announcements, where explicit consent is given

5. Legal Bases

Under Articles 5 and 6 of the KVKK (Turkish Personal Data Protection Law), we rely on:

  • Necessity for the performance of a contract
  • Legitimate interest of the data controller
  • Compliance with a legal obligation
  • Establishment, exercise or protection of a right
  • Explicit consent (for marketing and other operations that require consent)

6. Third-Party LLM Providers

BilgeBot does not have its own LLM. Depending on the Agreement, response generation uses LLMs provided by the Customer, Mantis or third-party providers (such as OpenAI, Anthropic, Google or Microsoft Azure OpenAI).

User queries are processed on the LLM provider's infrastructure. In this context:

  • The choice of LLM provider depends on the Customer's preference and the Agreement
  • Data sharing is subject to the LLM provider's terms of use and privacy policies
  • Where required, Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) are executed
  • Enterprise account settings ensure that queries are not used by the LLM provider to train its models

7. Data Sharing

Personal data may be shared with the following parties only within the scope of this Policy and applicable legislation:

  • Service providers: Cloud infrastructure, CDN, email services, analytics (Google Analytics)
  • LLM providers: As described in Section 6
  • Business partners: Contracted integrators or solution partners
  • Legally authorized authorities: Within the scope of lawful requests from judicial, law enforcement or regulatory bodies

Mantis does not sell personal data and does not transfer it to third parties for direct marketing purposes.

8. Cookies

The bilgebot.ai website uses the following cookies:

Cookie TypePurposeRetention
Essential cookiesCore site functions, sessionSession
Performance cookies (Google Analytics)Anonymous usage measurement, visitor statisticsUp to 24 months

The website uses Google Analytics to measure traffic. Google Analytics cookies (_ga, _gid, etc.) collect anonymous/aggregated statistics such as page views, visitor counts and session duration. The data is processed on Google LLC's infrastructure. For details, see the Google Privacy Policy.

9. Data Retention

  • Contract data: Term of the agreement + 10 years (TCC and statutory compliance)
  • Account/log data: For as long as the account is active + 2 years
  • Support requests: 3 years
  • Marketing consent records: Until consent is withdrawn + 1 year
  • Website log and cookie data: Up to 12 months

Upon expiration of statutory retention periods, data is securely deleted or anonymized.

10. Data Security

Mantis implements the following technical and organizational security measures:

  • TLS encryption in transit, encryption at rest
  • Role-based access control, principle of least privilege
  • Support for SSO and multi-factor authentication
  • Regular security audits and penetration tests
  • Incident response procedures
  • Staff confidentiality undertakings and awareness training
  • Data backup and disaster recovery plans

In case of a data breach, Mantis notifies the Turkish Data Protection Authority and affected parties within the periods prescribed by applicable law.

11. Privacy in the Mobile App

  • The Mobile App accesses data on your Device only within the scope of granted Device Permissions
  • Push notifications are delivered via APNs/FCM; their own privacy policies apply
  • Advertising identifiers (advertising ID) are not used

12. Data Subject Rights

Under KVKK Article 11, you have the following rights:

  • To learn whether your personal data is being processed
  • To request information about the processing, if any
  • To learn the third parties to whom your data has been transferred
  • To request correction if the data has been processed incompletely or inaccurately
  • To request erasure or destruction
  • To request that correction, erasure or destruction be notified to third parties to whom the data has been transferred
  • To object to processing, including automated decision-making
  • To request compensation for damages

You may submit your request in writing to bilgi@mantis.com.tr or to the postal address in the contact section. Mantis responds to requests within the statutory maximum of 30 days.

13. Children's Data

BilgeBot and the bilgebot.ai website are not intended for individual use by persons under 18. Mantis does not knowingly collect personal data from individuals under 18. If we become aware that we have collected such data, we will delete it as soon as possible.

14. Changes to This Policy

This Privacy Policy may be updated in response to legal requirements and service improvements. Material changes are announced on bilgebot.ai and are separately communicated to Customer organizations.

15. Contact

Company: Mantis Yazılım Ltd. Şti.

Address: ODTÜ Teknokent Bilişim ve İnovasyon Merkezi Mustafa Kemal Mahallesi Dumlupınar Bulvarı 280/G Block D, Floor 1, No: 113-114 06530 Çankaya / ANKARA, TÜRKİYE

Phone: +90 (312) 299 25 05

Fax: +90 (312) 299 25 06

Email: bilgi@mantis.com.tr

Website: bilgebot.ai

Türkçe versiyon