1. General Provisions

This Privacy Policy (hereinafter referred to as the "Policy") defines the procedures for the collection, use, storage, and protection of personal data of users of the Bayge CRM service (hereinafter referred to as the "Service"), available at crm.bayge.kz.

By using the Service, you agree to the terms of this Policy. If you do not agree with any of its provisions, please do not use the Service.

2. Data We Collect

During registration and use of the Service, we may collect the following information:

Registration data: name, email address, phone number, company name.
Google authorization data (OAuth 2.0): when signing in via Google, we receive your email, name, and avatar from your Google profile. We use this data exclusively for identification within the Bayge CRM system and do not share it with third parties.
Usage data: information about your actions within the Service (pages visited, features used).
Business data: contacts, deals, conversations, files — everything you upload and create within the CRM.
Technical information: IP address, browser type and version, operating system, cookies.

3. How We Use Data

Collected data is used for:

Providing access to the Service's functionality and personalizing your experience.
User identification and authentication (including sign-in via Google OAuth).
Providing technical support and communicating with the user.
Improving the quality of the Service and developing new features.
Fulfilling obligations under the laws of the Republic of Kazakhstan.

4. Google OAuth Data

When using the "Sign in with Google" feature, we request access to the following data from your Google account:

Email: for identifying your account in Bayge CRM.
Name and profile photo: for display within the Service interface.

We do not request access to your Google contacts, calendar, Drive, Gmail, or other Google services. We do not store Google access tokens longer than necessary to complete the authentication process.

5. Disclosure of Data to Third Parties

We do not sell, exchange, or transfer your personal data to third parties without your consent, except in the following cases:

When required by the laws of the Republic of Kazakhstan.
To ensure security and prevent fraud.
When using technical contractors (hosting, server infrastructure) — strictly within the framework of contractual confidentiality obligations.

6. Data Storage and Protection

Data is stored on secure servers. We apply standard security measures: data transmission encryption (HTTPS/TLS), password hashing (bcrypt), role-based access control (RBAC), and regular backups.

The data retention period is determined by the period of Service use. Upon account deletion, data is removed within 30 days, except for data whose retention is required by law.

7. Cookies

We use cookies for authentication (session storage), ensuring the Service's operability, and improving user experience. You may disable cookies in your browser settings; however, this may limit the Service's functionality.

8. Chatbots and AI

The Service uses artificial intelligence (AI) technologies to process customer messages and generate responses via chatbots.
Data anonymization: before transmitting messages to the AI provider, all personal data (phone numbers, email addresses, IIN/BIN, names) is automatically anonymized and replaced with depersonalized markers.
The AI provider does not receive or store actual personal data of customers.
Upon first contact, the chatbot identifies itself as the company's AI assistant.

9. Messengers and Communication Channels

When connecting channels (WhatsApp, Telegram, Instagram), data from messengers (phone number, profile name) is processed for contact identification.
Customer messages are stored in the Service to maintain communication history and service quality.
Data is stored on servers in the Republic of Kazakhstan.

10. User Rights

You have the right to:

Request information about the personal data collected.
Demand correction of inaccurate data.
Demand deletion of your data (subject to legal restrictions).
Withdraw consent to data processing by ceasing to use the Service.

To exercise your rights, contact us at: hello@bayge.kz.

11. Changes to the Policy

We reserve the right to update this Policy. The current version is always available on this page. In case of significant changes, we will notify you via the Service or by email.

12. Contact Information

For questions related to this Privacy Policy, please contact:

Email: hello@bayge.kz
Astana, Republic of Kazakhstan