Privacy Policy

Effective: April 26, 2026 · Last updated: April 26, 2026

Contents

Introduction
Data We Collect
How We Use Data
Sharing With Third Parties
Storage and Security
Device Permissions
Your Rights (GDPR / KVKK)
Children's Privacy
Changes
Contact

1. Introduction

CC Bilgi Teknolojileri ("we", "us") respects your privacy. This Privacy Policy explains what data the Contact QR mobile application ("App") collects, how it is processed, where it is stored, and your rights.

2. Data We Collect

2.1 Profile information from Microsoft Azure AD

When you sign in with a corporate account, we read the following fields from Microsoft Graph API:

First name, last name, display name
Work email (mail / userPrincipalName)
Business and mobile phone numbers
Company address, country, city, postal code
Profile photo
Azure AD user identifier (oid) and tenant identifier (tid)

2.2 Local profile data

If you use the "local profile" mode without signing in, the name, email, phone, website, address and any logo / profile photo you upload are stored only on your device.

2.3 Design and settings

Your business card and QR appearance settings (template, color, background, offset) are stored in a Cloud Firestore document scoped to your organization. The document is readable only by members of the same organization.

2.4 Session and usage logs

For license validation and abuse prevention, we record session id, tenant id, locale, and session start/end timestamps in Cloud Firestore.

3. How We Use Data

Generate QR codes and digital business cards
Produce Apple Wallet (.pkpass) and Google Wallet passes
Share vCard (.vcf) files and save them to device contacts
Validate licenses and subscriptions
Diagnose service errors

Your data is never sold and not used for advertising, marketing or profiling.

Microsoft — Authentication and profile read via Azure AD and Graph API.
Google Firebase — Cloud Firestore (designs, sessions), Firebase Authentication.
Apple / Google Wallet — Only the fields shown on the pass (name, title, contact) are sent during pass generation; raw personal data is not retained.
Legal obligations — Disclosure may occur if duly required by competent authorities.

5. Storage and Security

All traffic is encrypted with HTTPS / TLS 1.2+.
Access tokens are kept in the device's secure storage (iOS Keychain / Android Keystore).
Local profile data and images live inside the application sandbox.
Firestore documents are readable only by organization members; write access is restricted to admins.
Session logs are retained while your subscription is active or as required by law.

6. Device Permissions

Photos / Gallery — to pick a logo or profile photo and to save the generated QR / card image.
Contacts — to save the vCard to your device address book (with your consent).
Camera — (optional) for a future QR scanner.
Internet — to communicate with Microsoft Graph, Firebase and the licensing service.

You can revoke any permission at any time from your device settings.

7. Your Rights

Under GDPR (EU) and KVKK (Türkiye) you have the right to:

Access the data we process
Request rectification, deletion or restriction of processing
Data portability
Object and lodge a complaint

Contact privacy@cloudcan.com.tr for any request.

8. Children's Privacy

The App is not directed to children under 13 and does not knowingly collect their data.

9. Changes

We may update this Policy. Material changes will be communicated via in-app notice or by updating the "Last updated" date on this page.

10. Contact

CC Bilgi Teknolojileri
Email: privacy@cloudcan.com.tr
Web: cloudcan.com.tr

→ Terms of Service