Privacy Policy & GDPR Compliance Statement
Last Updated: July 3, 2026
This Privacy Policy and Data Protection Notice is designed to inform you, in accordance with the General Data Protection Regulation (“GDPR”) and other applicable privacy regulations, about the ways in which Turan Yazılım (hereafter referred to as the "Company", "we", "us", or "Data Controller") processes, stores, and protects personal data collected from users of the Chain — Habit Tracker mobile application (“Application”).
Data Controller Information:
Trade Name: Turan Yazılım
Tax Identification Number: 8691119325
MERSIS Number: 0869111932500001
Trade Registry Number: 1128726
Contact Email: iletisim@turandijital.com
1. Categories of Personal Data Processed and Collection Methods
In accordance with the principle of data minimization, we only process personal data that is strictly necessary to provide the features of the Application. The processed data categories include:
- Identity and Profile Information: Name/nickname and gender declared by the user during onboarding to personalize the in-app experience and customize styling themes.
- Account and Authentication Information: If you choose to enable the Google Sign-in synchronization feature, we process your email address, username, profile photo URL, and a unique system-generated User ID.
- Habit and Progress Logs: Habit names, categories, streak counts, completion logs, su consumption amounts, book reading progress (book title and pages read), study session logs (session time), gym workouts, daily calorie targets, and personal text notes appended to habits.
- Subscription and Purchase Records: To manage premium licenses, subscriptions, and trials via the RevenueCat SDK, we process technical transaction IDs, product IDs, purchase dates, subscription status, and device identifiers. (Financial/card transactions are processed securely by Google Play Store or Apple App Store directly; we do not store or access your credit card details).
- AI Assistant Chat History: Chat transcripts, input queries, and contextual parameters processed during interaction with the Gemini API powered "AI Habit Coach" feature.
2. Data Storage and Technical Security
The Application is designed with a hybrid, offline-first storage layout:
- Local Database (Hive): All habit entries, streaks, and profile details are stored locally in the secure Hive database on your mobile device. We do not have remote visibility or access to this local database.
- Cloud Synchronization (Firebase Cloud Firestore): If you opt-in to sync your account, your data is synced securely and encrypted in transit and at rest to our private cloud database using Google Firebase Services (Authentication and Cloud Firestore). This protects against data loss when changing devices or reinstalling the app.
3. Purposes and Legal Bases for Processing
We process your personal data under the following legal bases of GDPR Article 6:
- Performance of a Contract (GDPR Art. 6/1-b): To deliver the core application features, enable profile customization, process subscription purchases, manage account registration, and execute cloud backups.
- Legitimate Interests (GDPR Art. 6/1-f): To track daily free AI coach limits and trial activations (to prevent fraud or trial reset exploitation via app reinstallation) and improve the Application's stability and speed.
- Legal Obligation (GDPR Art. 6/1-c): To comply with financial reporting, taxation, consumer protection regulations, and legal directives from regulatory authorities.
- Consent (GDPR Art. 6/1-a): To process data through the Google Gemini API to operate the AI Habit Coach feature, and to sync local data to Firebase cloud backup when initiated by the user. You can withdraw your consent at any time by turning off sync or ceasing use of the AI features.
4. Data Recipients and International Data Transfers
To operate and support the technical infrastructure, we share specific pseudonymized or necessary records with the following processors:
- Google LLC (Firebase Auth, Cloud Firestore, Gemini API): Google services are utilized for database management, user verification, and the processing of inputs through Google's Generative AI models (Gemini API) to provide habit suggestions.
- RevenueCat, Inc.: RevenueCat manages premium subscriptions, checks subscription status, and processes transactions.
As the servers of these service providers are located outside of the European Economic Area (EEA), the use of these online services involves the transfer of personal data to third countries (e.g. the United States). These transfers are protected by Standard Contractual Clauses (SCCs) signed with the processors, and where applicable, user consent or contract performance exceptions.
5. Data Retention Periods
We retain personal data only as long as necessary to fulfill the processing purposes or comply with legal requirements:
- Local device data (Hive) is permanently deleted when you uninstall the Application or clear its cache from device settings.
- Cloud synchronized data (Firestore) is deleted or permanently anonymized within 30 days of receiving a user request to delete the account.
- Financial transaction records and logs required for accounting are stored for up to 10 years in compliance with local commercial and tax legislation.
6. Your Rights Under GDPR
Under GDPR Chapter III, you have the following rights regarding your personal data:
- Right of Access: Request details of the personal data we process about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Right to be Forgotten): Request deletion of your cloud-synced account and associated data.
- Right to Restriction: Request that we restrict processing in specific circumstances.
- Right to Data Portability: Obtain your synced data in a structured, commonly used format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw your consent at any time for cloud sync or AI features.
To exercise these rights, please email us at iletisim@turandijital.com. We will process your request free of charge within 30 days.
7. Children's Privacy
The Application is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If we become aware that we have collected personal data from a child under 13 without authorization, we will take immediate steps to delete that information.
8. Updates to this Policy
We reserves the right to modify this Privacy Policy at any time. Any changes will become effective immediately upon being published on this page. We encourage you to review this policy periodically.