AI Cleaner Privacy Policy

Effective Date: October 11, 2025

This Privacy Policy applies to FocusOnSharing (hereinafter referred to as the "Company" or "we"), and explains what personal data we collect, store, use, and share ("process") when you use services ("Services") related to the AI Cleaner Optimize Storage application and/or its website ("Application"). This includes downloading, installing, registering, accessing, or using the Application and its Services, or interacting with us in other relevant ways such as through sales, support, or marketing activities.

This Privacy Policy further describes how and why we collect your personal data; how we use, store, protect, and share your personal data; as well as your rights and how to exercise them.

Key Points Summary

This summary outlines the key points of our privacy notice.

What personal data do we process? When you use our Services, we may process your personal information based on your interactions with us, the choices you make, and the products or features you access. The personal data processed by the Company for users includes, in particular:
- If you contact the Company, we may receive your first name, last name, and email address; your Internet Protocol address (IP address); if you allow us access to your inbox, your email account information and related information; materials, files, documents, images, photos, visual records, videos, graphics, media, contact lists, selections, any content, records, and other inputs and data that you upload or transmit to the Application; if you make a purchase, your order information; (if you grant us permission) the advertiser identifier specified in the mobile device used to access our Services (Advertiser Identifier - IDFA), the vendor/developer identifier specified in the mobile device (Vendor Identifier - IDFV), Google Advertising ID (GAID), and Firebase Analytics Identifier.
Do we process sensitive personal data? We do not process any sensitive personal data. Please do not share any content with us that may contain sensitive personal data, and do not trust unofficial channels, thereby exposing your personal information. The Company assumes no responsibility for data breaches resulting from information not provided to us.
How do we process your information? We primarily process your personal data to provide, enhance, and manage our Services; communicate with you; maintain security; prevent fraud; and comply with legal obligations. Additionally, if we use your personal data for other purposes, we will obtain your explicit consent in advance. All processing activities are conducted only on valid legal bases.
When do we share personal information? We share your personal data with third parties only when necessary to provide our Services, comply with legal obligations, protect our rights, or prevent fraud and security threats. This may include service providers, business partners, and legal authorities. All data sharing complies with applicable data protection laws and is subject to strict safeguards to ensure the security of your personal data.
How do we keep your personal data secure? We implement administrative and technical measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, thereby ensuring its security.
What are your rights? Depending on your region, you may have specific rights regarding your personal data. These rights may include access, correction, deletion, restriction of processing, objection to processing, and data portability. Additionally, you may have the right to withdraw your consent.
How do you exercise your rights? You can exercise your rights by contacting us directly. We will carefully review and process any requests in accordance with applicable data protection laws.

1. Data Controller and Objectives

The personal data you provide/will provide to the Company, and/or obtained by us through any external means, may be processed by us as the "Data Controller."

The Company aims to process users' personal data in accordance with general principles of privacy and the data protection legislation applicable to the relevant individuals, particularly the Turkish Republic's Law No. 6698 on the Protection of Personal Data ("PDP Law") and other applicable laws and regulations.

We are committed to complying with this Privacy Policy in accordance with all applicable laws in each region where we operate. To ensure compliance with regional legal requirements, we provide additional privacy notices for specific jurisdictions. Therefore, where applicable, this Privacy Policy includes additional information regarding the EU General Data Protection Regulation (GDPR) (EU Regulation 2016/679). For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California residents, please scroll down to Section 12.

In accordance with this Privacy Policy, the Company processes personal data as the data controller in compliance with the basic principles listed here: (i) compliance with law and good faith, (ii) accuracy and, where necessary, keeping up to date, (iii) processing for specific, explicit, and legitimate purposes, (iv) limitation to the processing purposes and data minimization; and (v) storage for the period stipulated in the relevant legislation or required for the processing purposes.

Terms used in this Privacy Policy, unless separately defined herein, shall have the meanings specified in the terms and conditions.

2. Collection of Personal Data and Methods

The Company may process the following data for the purposes specified in this Privacy Policy.

Identity and Contact Information: When you contact us via email, we may process your first name, last name, phone number, and email address, (if any) other contact information, and the content of your communication.
Technical Information: When you access, use, or engage with our Services, we may collect the following information from such use of our Services:
- Usage Data: We may collect data on how you interact with our Services. This includes information about your access and use of the Application, such as time spent on the Application, time and date of access, date/time stamps of access data, accessed data, features you access, content you view, searches, actions you take within the Application, device event information (e.g., error reports), in-app/web purchase history.
- Log Data: We may collect log data generated when you use our Services/Application (through our products or third-party products). This log data includes internet traffic data, network activity, Internet Protocol ("IP") address, device name, device information, operating system version, access data, (when using the website) browser type, version and settings, language preferences, time zone, information about your use of the Services, application configuration when using our Services/Application, time/date of your use of the Services/Application, and other statistical information.
- Device Information: We may collect data about the device you use to interact with our Services, including device name, device ID, its model, its manufacturer, region information, device's operating system, device identifiers, hardware model.
- Location Information: Please note that when your device interacts with our Services, we may be able to determine the general regional location of your device based on information associated with your IP address and the device's region information.
- Identifiers: Unique user ID; and device token ID (in particular, if you allow us to send notifications via your device).
Email Account Information: We may require you to grant access to your email account to provide our Services when you use the Application, for example, to enable management of your inbox. You may choose not to allow us access to your email account by denying our access or disabling such access later in your mobile device settings. However, if you choose to deny, you may not be able to use that feature. When you grant us permission to access, we may access the following data and read, compose, send, and delete your emails.
- Email Account Information: Google User ID, nickname, username, profile picture, user token, Open ID, phone number, email address.
- Information Related to Email Accounts: Emails, subjects and header information, lists, other metadata related to emails.
- Please note that we do not store any of your emails on our servers; processing activities for these are performed only on your device or your own cloud service.
- Important Note: The Google Workspace API is not used to develop, improve, or train generalized AI and/or ML models.
User Content: We process data you provide when interacting with our Services, such as when you provide input to our Services.
- This data includes materials, files, documents, images, photos, videos, visual and audio records, voice recordings, graphics, media, selections, contact lists, and any content, inputs, records, or data that you provide, upload, transmit, create, store, use, edit, or share through the Application.
- We may require you to grant access to your device's photo files or gallery app or your preferred cloud service to provide our Services when you use the Application, for example, to generate outputs for your photos (e.g., identifying similar photos in your gallery). You may choose not to allow us access to your contacts app (thus accessing the full contact list), photo files or gallery app, or cloud service by denying our access or disabling such access later in your mobile device settings. However, if you choose to deny, you may not be able to use that feature.
- Please note that we do not store any of your contact lists, photos, and videos (or images, materials, files, documents, visual records, graphics, media) on our servers; processing activities for these are performed only on your device or your own cloud service.
Customer Transactions: We may collect order information directly from you, our marketing providers, or our payment processors.
- This information includes order date, payment date, subscription type, billing period, billing file, payment amount, due amount, payment status, and any related transaction identifiers (e.g., billing ID, your email address). This information is used to process your orders, manage subscriptions, and ensure proper handling of payments and subscriptions.
- Please note that we do not collect your payment method details, such as your credit card number, as we do not process your payments directly.
Marketing Data: When you grant us permission, we may collect your usage data; as well as the advertiser identifier specified in the mobile device used to access our Services (Advertiser Identifier - IDFA), the vendor/developer identifier specified in the mobile device (Vendor Identifier - IDFV), Google Advertising ID (GAID); Firebase Analytics Identifier.

Explanation of Information Sources

We may collect the above data directly from you through electronic or physical media, your device, your browser, third-party applications, or third-party sources, through which you may access our Application, such as the Apple App Store (similar platforms collectively referred to as "App Stores"), for the operation of our products, compliance with legal obligations, enhancement of our Services, management of your use of our Services, and to enable you to enjoy and easily navigate our Services.

Important Note on Google and Gmail API: When you use Gmail API services through the Application, the Company does not access, collect, or store any of your personal data. If you access any Gmail services through the Company; the Company only uses access permissions to allow you to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails, and since we do not process this data, we cannot transfer this Google user data to others. We do not access or process any Google user data when using Google APIs through the Application. Therefore, the Company cannot use any Google user data obtained through Google APIs for marketing purposes, such as serving advertisements, including retargeting, personalized, or interest-based advertising. The Company's use and transfer of information received from Google APIs to any other application will comply with the Google API Services User Data Policy, including the Limited Use requirements.

3. Purposes and Legal Bases for Processing Personal Data

Your personal data will be processed through automated or non-automated means for the purposes described below, in compliance with applicable legislation and Articles 5 and 6 of the PDP Law, where the law explicitly permits, the establishment of a contract or directly related to the execution or performance of a contract, and the Company's legitimate interests, provided that your fundamental rights and freedoms are protected, and to fulfill our legal obligations.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11.

a) Purposes of Processing Personal Data

Your personal data is processed in accordance with the general principles mentioned above and the legal bases determined below, for the following purposes:

Execution of goods/services sales processes,
Execution of contract processes,
Execution of company/product/service commitment operations,
Operation of our products,
Creation of user accounts for service recipients/Application users.
Conducting storage and archiving activities,
Execution of communication activities,
After-sales support services for goods/services,
Execution of activities in compliance with legislation,
Execution/audit of business activities,
Execution of information security processes,
Conducting audit/ethics activities,
Conducting activities to ensure business continuity,
Compliance with legislation and protection of individuals' rights, privacy, and security,
Providing information to authorized persons, institutions, and organizations,
Prevention of crimes and other illegal activities,
Conducting customer satisfaction activities,
Customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment of our Services, and improving our user experience,

Additionally, if you grant us explicit consent, your **marketing data** may be used for conducting marketing analysis studies and executing advertising (including personalized advertising)/campaign/promotion processes. Please note that GAID is collected and processed based on your explicit consent only if you are located in jurisdictions that require such consent for processing GAID (e.g., where PDP Law or GDPR applies).

If you grant us explicit consent, your **identity and contact information** may be used to communicate with you to send information about marketing and to inform you about new products, services, and applications, and to provide you with information about advertisements and promotions.

Furthermore, the purposes of processing personal data may be updated in accordance with our Company policies and legislative obligations, particularly:

Conducting digital subscription and in-app purchase processes for service recipients,
Conducting automatic renewal subscriptions to grant users access to content, services, or premium features in our Services,
Conducting financial and accounting transaction processes,
Following up on requests and complaints.

b) Purposes and Legal Bases for Processing

Processing Purpose	Personal Data Types	Legal Basis
Operation of our products, such as providing outputs in response to user inputs or providing certain features to certain subscription models	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Creation of accounts for service recipients/Application users	- Technical information	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Execution of goods/services sales processes (through in-app or web purchases)	- Identity and contact information - Customer transactions	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Execution of contract processes	- Contact and identity information - Technical information - Customer transactions - User content - Email account information	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Execution of company/product/service commitment operations (including detection and correction of technical defects)	- Identity and contact information - User content - Email account information - Technical information	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Execution of communication activities (This only involves communications for the purpose of establishing a contract with you or related to the operation of our products/services. This does not involve communications for marketing purposes based on explicit consent.)	- Identity and contact information - Customer transactions - Technical information	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
After-sales support services for goods/services (e.g., conducting refund processes or resolving technical defects users may encounter)	- Identity and contact information - Customer transactions - Technical information - Email account information - User content	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Conducting storage and archiving activities	- Contact and identity information - User content - Technical information - Customer transactions	Processing is necessary where we have a contractual relationship with you, or directly related to the performance obligations arising from such contract.
Execution/audit of business activities	- Technical information - Customer transactions - User content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting audit activities	- Technical information - Customer transactions	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting activities to ensure business continuity	- Technical information - Customer transactions	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting customer satisfaction activities	- Technical information - Customer transactions - Email account information - User content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment of our Services, and improving our user experience (This does not include processing to train AI models)	- Technical information - Customer transactions - Email account information - User content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Execution of activities in compliance with legislation	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary to comply with our legal obligations.
Compliance with legislation and protection of individuals' rights, privacy, and security	- Contact and identity information - Technical information - Customer transactions - Email account information - User content	Processing is necessary to comply with our legal obligations; and In cases where we are not bound by a specific legal obligation, we may process personal data when necessary for our legitimate interests. This includes detecting potential threats through processing technical information to protect our Services from abuse, fraud, or security risks.
Execution of information security processes	- Technical information	Processing is necessary to comply with our legal obligations; and In cases where we are not bound by a specific legal obligation, we may process personal data when necessary for our legitimate interests. This includes detecting potential threats through processing technical information to protect our Services from abuse, fraud, or security risks.
Providing information to authorized persons, institutions, and organizations	- Contact and identity information - Technical information - Customer transactions - Email account information - User content	Processing is necessary to comply with our legal obligations.
Prevention of crimes and other illegal activities	- Contact and identity information - Technical information - Customer transactions - Email account information - User content	Processing is necessary to comply with our legal obligations; and In cases where we are not bound by a specific legal obligation, we may process personal data when necessary for our legitimate interests. This includes protecting our Services from abuse, fraud, or security risks by detecting and blocking accounts and content that violate our community guidelines or pose potential threats to the security and integrity of the Services.

In addition to the above purposes, the following personal data may be processed based on your **explicit consent**.

If you grant us explicit consent (obtained through Apple and/or Google and/or in-app), your **marketing data** may be used for conducting marketing analysis studies and executing advertising (including personalized advertising)/campaign/promotion processes.

4. Third-Party Websites/Applications, Cookies, and Notifications

The Application may contain links to other websites or applications that are unknown to the Company and whose content is not controlled by it. These linked websites or applications may contain terms and conditions other than the Company's text. The Company cannot be held responsible for any use or disclosure of information that these websites or applications may process. Similarly, the Company assumes no responsibility for any links from other websites or applications to the Application owned by the Company.

We collect information through fair and lawful means, with your knowledge and consent. We also let you know why we are collecting it and how it will be used. You are free to refuse our request for this information, but please understand that without it, we may be unable to provide you with some of the services you desire.

When using the Application, you may provide information to the Company through third-party websites and applications; please note that your responsibilities and obligations to third-party applications or websites will continue, and the Company is not responsible for any terms, conditions, rules, or policies determined by third parties.

Cookies

Cookies are small text files stored on your computer's or mobile device's browser or hard drive when you visit a webpage. Cookies allow websites to operate more efficiently and ensure the presentation of personalized webpages to provide you with a faster, more tailored visit experience suited to your specific personal needs and requirements. Cookies only contain data from your website visit history via the internet and do not collect any information stored on your computer or mobile device, including your personal data/files. We may use cookies where necessary to operate our Services, to enhance the performance and functionality of our Services, and to provide content relevant to your interests, including advertisements, on our website or third-party websites. You can delete cookies already present on your computer and prevent the recording/placement of cookies on your internet browser.

Internet browsers are predefined to automatically accept cookies by default. Since cookie management varies by browser, you can refer to the help menu of your browser or application for details. Please refer to our Cookie Policy.

5. Data Storage

Your data will be stored for the periods specified in the applicable legislation or until the processing purposes no longer exist.

Even after the expiration of the usage purposes, the Company may continue to store your personal data, provided that it is required by other laws or with your separate consent.

In cases where you allow the Company to store your personal data for an additional period by granting consent, such data will be deleted, destroyed, or anonymized immediately upon the expiration of such additional period or withdrawal of consent.

Additionally, even after the fulfillment of the processing purposes, your data may be further stored until the end of the legal statute of limitations period on the necessary legal basis for establishing, exercising, and protecting our legal rights (in jurisdictions where GDPR applies, storage is based on our legitimate interests).

6. Technical and Administrative Measures

The Company stores the personal data it processes in accordance with the relevant legislation, for the periods stipulated in the relevant legislation or required for the processing purposes. The Company undertakes to take all necessary technical and administrative measures and to exercise due diligence to ensure the confidentiality, integrity, and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, alteration, or destruction of data.

Accordingly, the Company takes the following technical and administrative measures regarding the personal data it processes:

Antivirus Applications: Periodically updated antivirus applications are installed on all computers and servers in the Company's information technology infrastructure.
Firewall: The data centers hosting the Company servers and disaster recovery centers are protected by periodically updated software-loaded firewalls; the relevant next-generation firewalls control all employees' internet connections and provide protection against viruses and similar threats during control.
VPN: Suppliers can access Company servers or systems via SSL-VPN defined on the firewall. A separate SSL-VPN identification is made for each supplier; through the identification made, the supplier is provided access only to the system it should use or is authorized to use.
User Identification: Company employees' authorizations to Company systems are limited to the extent required by their job descriptions; in case of authorization or duty changes, system authorizations are also updated.
Information Security Threat and Event Management: Events occurring on Company servers and firewalls are transferred to the "Information Security Threat and Event Management" system. This system alerts responsible employees in the event of a security threat and allows them to respond immediately to the threat.
Encryption: Sensitive data is stored using cryptographic methods and, where necessary, transferred through environments using cryptographic methods, with cryptographic keys stored in secure and different environments.
Logging: All transactions related to sensitive data are securely logged.
Penetration Testing: Penetration tests are periodically performed on the servers in the Company system. Security vulnerabilities identified from these test results are closed, and verification tests are conducted to confirm that the relevant security vulnerabilities have been addressed. Additionally, the Information Security Threat and Event Management system automatically performs penetration tests. Test results are recorded.
Training: Periodic training is provided to Company employees to raise awareness of various information security violations and to minimize the impact of human factors in information violation incidents.
Physical Data Security: It ensures that personal data on paper must be stored in lockers and accessed only by authorized personnel. Adequate security measures are taken according to the nature of the environment where sensitive data is stored (against electrical leakage, fire, flood, theft, etc.).
Backup: The Company periodically backs up the data it stores. As a backup mechanism, it uses the backup facilities provided by cloud infrastructure providers and, where necessary, develops its backup solutions, provided that they comply with the relevant legislation and this Policy.
Non-Disclosure Agreements: Non-disclosure agreements are signed with employees involved in the processing of sensitive personal data.
Transfer of Sensitive Personal Data: If sensitive personal data needs to be transferred via email; such transfers are made through (i) encrypted corporate email or (ii) registered email.

If, despite the necessary information security measures taken by the Company, personal data is damaged due to attacks on the Application or Company systems, or personal data is obtained by unauthorized third parties, the Company will immediately notify the users and, if necessary, the relevant data protection authority, and take the necessary measures.

7. Age Restrictions

We do not allow children under 16 years of age to use our Application.

We do not knowingly collect or process personal data from anyone under 16 years of age. If you become aware that someone under 16 has provided us with personal information, please contact us via email.

Users under 18 years of age must obtain permission from their parents or legal guardians to use our Services.

8. Transfer of Personal Data to Third Parties

The procedures and principles for transferring personal data are stipulated in Articles 8 and 9 of the PDP Law, and suppliers' personal and special category data may be transferred to third parties domestically or abroad because we may use servers and cloud systems located abroad.

We implement the following mechanisms to ensure the secure transfer of your data abroad in compliance with applicable data protection laws:

We rely on standard contractual clauses issued by the Turkish Data Protection Authority pursuant to Article 9(4)(c) of the PDP Law.

Your following personal data may be transferred abroad to our service providers based on the legal bases explained above (Section 3.b) and under their respective standard contractual clauses, for the following purposes:

Your **technical information, identity and contact information, customer information, and user content**, for conducting storage and archiving activities (including cloud services and database services), which are necessary to maintain our operations.
Your **email account information**, for user account authentication, which is necessary to maintain our operations.
Your **technical information**, for correcting technical specifications, technical errors, and defects, which is necessary to maintain our operations.

The Company may also transfer your **marketing data** to service providers (including Google, Apple, Facebook SDK, Adjust, and Firebase Analytics embedded in our Services) for conducting marketing analysis studies and executing advertising (including personalized advertising)/campaign/promotion processes.

We may have to share personal information with authorized public institutions and organizations and judicial authorities to comply with our legal obligations and requirements, based on the necessity of fulfilling our legal obligations.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California individuals, please scroll down to Section 12.

9. Your Rights as a Data Subject

Pursuant to Article 11 of the PDP Law, you may request from the Company to exercise the following rights regarding your personal data:

To learn whether your personal data has been processed.
If your personal data has been processed, to request information about it.
To learn the purpose of processing personal data and whether the data is used in accordance with its purpose.
To know the third parties to whom your personal data has been transferred domestically or abroad.
If personal data is processed incompletely or inaccurately, to request correction and to request notification to third parties to whom personal data has been transferred regarding the transactions made within this scope.
If the reasons for processing cease to exist, to request deletion, destruction, or anonymization of personal data, and to request notification to third parties to whom personal data has been transferred regarding the transactions made within this scope.
To object to any result against you arising from the exclusive analysis of personal data through automated systems.
If you suffer damage due to unlawful processing of personal data, to request compensation for the damage.
To withdraw at any time the explicit consent for processing data based on explicit consent.

In your request outlining your rights as a data subject and specifying the right you wish to exercise, your request must be clear and understandable. If your request concerns your own personal data, or if you are acting on behalf of another person, you must be specifically authorized to do so, and such authorization must be properly documented. Additionally, the application must include your identity and address details and be accompanied by supporting documents verifying your identity.

Our Company will enable you to submit such requests via email. In accordance with Article 13 of the PDP Law, our Company will finalize your request free of charge within at most 30 (thirty) days, depending on the nature of the request. If the request is rejected, the reason or reasons for rejection will be notified electronically, along with its justification.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California individuals, please scroll down to Section 12.

10. Contact Information

If you have any questions or comments not covered by this Privacy Policy, or if you have any requests or wish to exercise your rights, you may contact us at the following email address or by mail to the following Company address:

Company Name: FOCUS ON SHARING TECHNOLOGY CO., LIMITED

Address: FLAT 1512, 15/F, LUCKY CENTRE, NO. 165-171 WAN CHAI ROAD, WAN CHAI, HK

Email: feedback@aicleanerpro.com

11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland

Where the General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal Data Protection Act applies, please read this privacy notice in conjunction with the above Privacy Policy outline for a comprehensive understanding of our data practices.

Purposes and Legal Bases for Processing Personal Data

Your personal data may be processed for the following purposes based on the following legal bases.

Processing Purpose	Personal Data Types	Legal Basis
Creation and maintenance of user accounts	- Technical information	Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Providing, analyzing, and maintaining our Services and all their features and functionalities (e.g., providing outputs in response to user inputs or providing certain features to certain subscription models, and conducting archiving and storage activities). This includes personalizing the features and functionalities of the Services (e.g., displaying the Services in a language relevant to your general region based on your IP address).	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Managing and operating our business, including for purposes such as managing subscriptions, troubleshooting technical defects and issues.	- Identity and contact information - Technical information - User content - Customer transactions	Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Communicating with you, including sending information about your subscriptions and other requests (This does not include communications for marketing purposes).	- Identity and contact information - Customer transactions - Technical information	Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
After-sales support for goods and services, including managing refund processes, assisting you with managing technical defects, responding to your inquiries	- Identity and contact information - Customer transactions - Technical information - Email account information - User content	Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
Conducting activities to ensure business continuity and user satisfaction and to improve our Services (This does not include processing to train AI models)	- Customer transactions - Technical information - Email account information - User content	Processing is necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Compliance with legal and regulatory obligations	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary for compliance with a legal obligation to which the controller is subject.
Ensuring safety and security, preventing fraud and illegal activities, and preventing abuse of our Services. This includes protecting our systems, securing our business operations, and investigating, preventing, and detecting prohibited conduct, illegal actions, and other security or technical issues.	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary for compliance with a legal obligation to which the controller is subject; and In cases where we are not bound by a specific legal obligation, we may process personal data when necessary for our legitimate interests. This includes protecting our Services from abuse, fraud, or security risks by detecting and blocking accounts and content that violate our community guidelines or pose potential threats to the security and integrity of the Services.
Protecting the rights, privacy, safety, or property of our users, the Company, or third parties	- Identity and contact information - Technical information - Email account information - User content - Customer transactions	Processing is necessary for compliance with a legal obligation to which the controller is subject; and In cases where we are not bound by a specific legal obligation, we may process personal data when necessary for our legitimate interests. This includes detecting potential threats through processing technical information to protect our Services from abuse, fraud, or security risks.
Auditing of business activities	- Technical information - User content - Customer transactions	Processing is necessary for the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In addition to the above purposes, we process the following personal data only with your **consent**. You may withdraw your consent at any time by contacting us via email or as described below. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you grant us consent (obtained through Google and/or in-app), your **marketing data** may be used for conducting marketing analysis studies and executing advertising (including personalized advertising)/campaign/promotion processes. You can revoke consent by providing feedback through your account and removing the app.
If you grant us consent (obtained when you opt-in to marketing communications), your **identity and contact information** may be used to communicate with you to send information about services, products, and applications, and to provide you with information about advertisements, promotions, and other marketing communications. You can withdraw your consent by clicking the "unsubscribe" link in the emails sent to you or by following the procedures specified in the communication.

Transfer of Personal Data to Third Parties

When transferring personal data outside the European Economic Area (EEA), Switzerland, or the United Kingdom (UK), we implement the following mechanisms to ensure compliance with applicable data protection laws:

Adequacy Decisions: We rely on adequacy decisions issued by the European Commission pursuant to Article 45(1) of the GDPR when transferring personal data to countries deemed to provide an adequate level of data protection. You can find the list of current adequate countries here: Adequacy Decisions.
Standard Contractual Clauses (SCCs) and Supplementary Measures: For transfers to jurisdictions not covered by adequacy decisions, we implement Standard Contractual Clauses adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR. We also apply additional safeguards where necessary, such as:
- Encryption of personal data in transit and at rest,
- Data minimization and anonymization where possible,
- Technical access controls limiting third-party access,
- Ongoing Transfer Impact Assessments (TIAs) to monitor local laws.
Binding Corporate Rules (BCRs): Where applicable, we rely on Binding Corporate Rules approved by the competent supervisory authority pursuant to Articles 46(2)(b) and 47 of the GDPR.

Your following personal data may be transferred abroad to our service providers based on the legal bases explained above, for the following purposes:

Your **technical information, contact and identity information, customer information, user content**, for conducting storage and archiving activities (including cloud services and database services), which are necessary to maintain our operations.
Your **email account information**, for user account authentication, which is necessary to maintain our operations.
Your **technical information**, for correcting technical specifications, technical errors, and defects, which is necessary to maintain our operations.

The Company may also transfer your **marketing data** to service providers (including Google, Facebook SDK, Adjust, and Firebase Analytics embedded in our Services) for conducting marketing analysis studies and executing advertising (including personalized advertising)/campaign/promotion processes.

Your Rights as a Data Subject

Under the GDPR, you have the following rights:

Right of Access (Article 15 GDPR) – You may request a copy of your personal data and details on how we process it.
Right to Rectification (Article 16 GDPR) – Request the Company to correct information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure (Article 17 GDPR, "Right to be Forgotten") – You may request deletion of your personal data, unless we need to retain it for legal obligations, public interest, or legal claims.
Right to Restriction of Processing (Article 18 GDPR) – Request restriction of personal data processing under conditions specified in the GDPR.
Right to Data Portability (Article 20 GDPR) – You may request a copy of your data in a structured, commonly used, machine-readable format (e.g., CSV or JSON), or request direct transfer to another provider where technically feasible.
Right to Object (Article 21 GDPR) – You may object to processing based on legitimate interests. If you object to direct marketing, we will stop processing immediately. For other objections, we will assess whether our legitimate interests override your rights.
Automated Decision-Making and Profiling (Article 22 GDPR) – If decisions affecting you are made solely through automated means (e.g., AI-based decisions), you have the right to request human intervention, express your point of view, and challenge the decision.
Right to Withdraw Consent (Article 7(3) GDPR) – If we process your data based on consent, you may withdraw it at any time. This will not affect prior processing.

You can exercise these rights by submitting your request via email. We will respond to your request within one month in accordance with GDPR requirements. If your request is complex, we may extend by an additional two months, in which case we will notify you.

If you believe that we or someone to whom we have transferred your data is violating your rights, you may lodge a complaint with your local data protection authority (EDPB Members) and other competent supervisory authorities. For any unresolved complaints related to the UK, you may contact the Information Commissioner's Office (ICO). For Switzerland, contact the Federal Data Protection and Information Commissioner (FDPIC).

12. For California Residents

To fully understand our data practices, please read this privacy disclosure in conjunction with the above Privacy Policy outline.

Your Rights

If you are a California resident, you have certain rights. These include the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right to limit the use and disclosure of sensitive personal information; as well as the right to non-discrimination. We do not sell your personal information in the traditional sense, but we may share usage data with third-party service providers for analytical and functional purposes. We do not collect sensitive personal information (please refer to Section 2 for more information). To exercise any of these rights or to designate an authorized agent to make a request on your behalf, please contact us via email. We will not discriminate against you for exercising any privacy rights.

We may verify your identity before responding to your request to protect your privacy and security.

Our Services comply with all applicable laws, and we ensure our systems do not violate these laws and respect users' constitutional privacy rights.

Disclosure Regarding Collection of Personal Data

We may collect the following categories of personal information: **identifiers** (e.g., name, email address, phone number, IP address); **personal information** as described in California Civil Code Section 1798.80(e) (e.g., name, contact information such as phone number, account name, billing information); **inferences** drawn from your personal information to create a profile about your preferences (if the Application has this option and you choose personalized services, this information may be used for personalization); **internet or network activity information** (information on how consumers interact with our app and website).

Please refer to Section 2 above for a full description of what information we collect and how we collect it. Please refer to Section 3 above for the purposes for which we use your personal information.

Disclosure Regarding Use of Third-Party Tools

We may use third-party tools such as Google, Facebook SDK, Adjust, and Firebase Analytics to understand app usage and improve performance. These tools may collect information such as **identifiers** and **in-app events** (please refer to the definition of marketing data in Section 2).

Under California law, using certain analytics and advertising tools may be considered a "sale" or "sharing" of personal information. We do not sell your personal information for monetary compensation, but we may share it for purposes of serving personalized ads or measuring marketing analytics.

We may require your permission before using your information for serving personalized ads or measuring marketing analytics purposes. California residents can opt out or withdraw permission at any time by adjusting privacy settings or contacting us.

Please refer to Section 8 for more information.

Retention of Personal Information

Please refer to Section 5 for information on how long we retain your personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will state the date at the top of this Policy.

If we make **material changes** (that significantly affect your rights or how we process your data), we will provide prominent notice before the changes take effect. This notice may be provided through the Application interface (e.g., pop-up notifications), by sending an email to the email address associated with your account (if applicable), or through other appropriate reasonable means.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated terms, unless applicable law requires a different form of acceptance (e.g., explicit consent for certain types of changes).