Privacy Policy

This Privacy Policy for Alfi AI Yazilim Bilgi Teknolojileri Reklamcilik Danismanlik Sanayi ve Ticaret Anonim Sirketi ("Company"), explains which personal data we collect, store, use, and share ("process") when you engage with our services ("Services") in relation to CleanCo application and/or its website ("Application"). This includes instances when you: download, install, register with, access or use the Application, and its services, or interact with us in other related ways, such as through sales, support, or marketing activities.

This Privacy Policy further describes how and why we collect your personal data; how we intend to use, store, protect and share your personal data, and what are your rights and how to exercise them.

Summary of Key Points

This summary outlines the key highlights of our Privacy Notice. For more detailed information on any specific topic, please refer to the table of contents below to navigate to the relevant sections.

What personal data do we process? When you use our Services, we may process your personal information based on your interactions with us, the choices you make, and the products or features that you access. The personal data of users processed by the Company, in particular, are as follows: your name and surname, e-mail address and phone number; your Internet Protocol Address (IP address); e-mail account information and related information if you allow us to access your inbox; materials, files, documents, images, photos, visual records, videos, graphics, media, contact list, choices, any content, record and other input and data which you have uploaded or transmitted to the Application; your order information if you make a purchase; identifier for advertisers (IDFA), identifier for vendors/developers (IDFV), and Google Advertising ID (GAID) if you give permission; and identifier for Firebase analytics.

Do we process sensitive personal data? No, we do not process any sensitive personal data. Please do not share with us any content that might have any sensitive personal data.

How do we process your information? We mainly process your personal data to deliver, enhance, and manage our Services, facilitate communication with you, safeguard security, prevent fraud, and comply with legal obligations. Additionally, your data may be processed for other purposes with your explicit consent. All processing activities are conducted only in accordance with valid legal bases.

When do we share personal information? We only share your personal data with third parties when necessary to deliver our Services, comply with legal obligations, protect our rights, or prevent fraud and security threats. This may include service providers, business partners, and legal authorities. All data sharing is carried out in compliance with applicable data protection laws and is subject to stringent safeguards to ensure the security of your personal data.

How do we keep your personal data secure? We implement administrative and technical measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, ensuring its security.

What are your rights? Depending on your region, you may have specific rights concerning your personal data. These rights may include the right to access, correct, delete, restrict processing, object to processing, and data portability. Additionally, you may have the right to withdraw your consent.

How can you exercise your rights? You can simply exercise your rights by reaching out to us directly. We will diligently review and address any request in compliance with applicable data protection laws.

1. The Data Controller and the Objective

Your personal data, which you provided/will provide to the Company (see Section 10 for contact information), and/or obtained by our Company by any external means, may be processed by our Company as "Data Controller". The Company aims to process the personal data of users in accordance with general principles of privacy and the provisions of the applicable data protection legislation, particularly Law on Personal Data Protection No. 6698 of Turkish Republic ("PDP Law") and other applicable law and regulations. We are committed to complying with this Privacy Policy in accordance with all applicable laws in each region in which we operate.

To ensure compliance with regional legal requirements, we provide additional privacy notices for specific jurisdictions. Accordingly, where applicable, this Privacy Policy includes additional information regarding the European Union's General Data Protection Regulation (GDPR) (EU Regulation 2016/679). For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California residents, please scroll down to Section 12.

In accordance with this Privacy Policy, personal data are processed by the Company as a data controller in line with the basic principles: (i) being in accordance with law and good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate purposes, (iv) being limited for the purpose for which they are processed and data minimization; and (v) being stored for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

2. Collection of Personal Data and Method

The Company may process your following data for the purposes specified in this Privacy Policy.

Identity and Contact Information: When you contact us, such as via e-mail or our phone number, we may process your name, surname, phone number and e-mail address, (if relevant) other contact information and the content of your communication.

Technical Information: When you visit, use or engage our Services, we may collect the following information:

Usage Data: We may collect data on how you interact with our Services. This includes information about your access to and use of our Application, such as duration of time spent, features accessed, contents viewed, searches, and actions taken within the Application, device event information, in-app purchase history.

Log Data: We may collect your log data including internet traffic data, IP address, device name, device information, operating system version, visit data, browser type, language preference, time zone, and other statistics.

Device Information:We may collect data about the device you use, including the device name, device ID, model, manufacturer, region information, device's operating system, device identifiers, and hardware model.

Location Information:We may be able to determine the general area of your device's location based on the information associated with your IP address and the region information of the device.

Identifiers: Unique user ID; and device token ID (particularly, if you allow us to send notifications through your device).

E-mail Account Information: We may ask for your permission to access your e-mail account in order to provide our services — specifically to enable you to unsubscribe from mailing lists and delete unwanted emails. You can choose not to allow us to access your e-mail account by either rejecting our access or later disabling such access in your mobile device settings. However, you may not be able to use essential features of our services if you choose to opt out.

When you give us permission to access, we can access the following data: e-mail account information (Google user ID, nickname, username, profile picture, user token, Open ID, phone number, e-mail address) and information related to e-mail account (e-mails, subject and header information, lists, other metadata related to e-mails).

User Content: We process the data that you provide when interacting with our Services. This data includes materials, files, documents, images, photos, videos, visual and audio records, graphics, media, choices, and any content, input, record or data that you provide, upload, transmit, create, store, use, edit or share with or through the Application. Please note that we do not store any of your photos and videos on our servers; activities to process these will be carried out on your device or your own cloud services only.

Customer Transaction: We may collect order information directly from you, our marketing vendors or our payment processors. This information includes order date, payment date, subscription type, billing period, payment amount, payment status and any associated transaction identifiers. This information is used to process your orders, manage subscriptions, and ensure the proper handling of payments. Please note that we do not collect your payment method details, such as your credit card number, as we do not directly process your payment.

Marketing Data: When you give us permission, we may collect your Usage Data; and an identifier for advertisers (IDFA), an identifier for vendors/developers (IDFV), Google advertising ID (GAID), and identifier for Firebase analytics.

3. Purposes of Processing Personal Data and Legal Bases

Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law. For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11.

Your personal data is processed for the following purposes: execution of goods/services sales processes; execution of agreement processes; execution of company/product/service commitment operations; operation of our product; creating user accounts for the service recipients/application users; conducting storage and archive activities; execution of communication activities; conducting after-sales support services for goods/services; execution of activities in compliance with legislation; execution/auditing of business activities; execution of information security processes; conducting activities to ensure business continuity; compliance with legislation and protection of persons' rights, privacy and safety; providing information to authorized persons, institutions and organizations; prevention of crimes and other illegal acts; conducting activities for customer satisfaction; and customizing our Services, understanding our users and their preferences to enhance user experience.

Additionally, if you give us explicit consent, your Marketing Data may be processed for conducting marketing analysis studies and executing advertising/campaign/promotion processes. If you give us explicit consent, your identity and contact information may be processed for communicating with you to send information about marketing and informing about new products, services and applications.

4. Third Party Websites/Applications, Cookies and Notifications

The Application may contain links to other websites or apps that are unknown to the Company and whose content is not controlled. The Company cannot be held responsible for the use or disclosure of information that these websites or apps may process.

Cookies: Cookies are small text files stored on the browser or hard drive of your computer or mobile device when you visit a webpage. We may use cookies when it is necessary for operating our Services, to enhance performance and functionality, and to deliver content, including ads relevant to your interests. You can delete cookies or prevent them from being stored via your internet browser settings.

Push Notifications: The Company may occasionally send you push notifications via its mobile applications regarding Application upgrades or notifications about our Services. You can always edit such communications through the settings on your device.

5. Data Storage

Your data will be stored for the duration specified in the applicable legislation or until the purpose of processing ceases to exist. The Company may continue to store your personal data, even after the expiry of the purpose of its use provided that it is required by other laws or separately a consent is granted by you in this regard.

In cases that you allow the Company to store your personal data for additional time by giving your consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such additional time or once the consent is withdrawn.

6. Technical and Administrative Measures

The Company stores the personal data it processes in accordance with relevant legislation and undertakes to take all necessary technical and administrative measures to ensure the confidentiality, integrity and security of personal data. Accordingly, the Company takes the following technical and administrative measures: anti-virus application on all computers and servers; firewall protection with periodically updated software; VPN access controls for suppliers; user identification and authorization limited to job descriptions; information security threat and event management system; encryption of sensitive data at rest and in transit; logging of all transaction records regarding sensitive data; two-factor authentication for remote access and account creation; periodic penetration tests; regular Information Security Management System (ISMS) meetings; employee security training at regular intervals; physical data security measures; regular data backups using cloud infrastructure providers; and non-disclosure agreements with employees handling sensitive data.

7. Age Limitation

We do not permit the use of our application by children under the age of 16. We do not knowingly collect or process personal data from anyone under the age of 16. If you learn that someone under the age of 16 has provided us with personal information, please contact us via email. Users under 18 must have permission from their parents or legal guardians to use our Services.

8. Transferring Personal Data to Third Parties

The procedures and principles to be applied for transferring of personal data are regulated in articles 8 and 9 of the PDP Law, and the personal data of the user may be transferred to third parties within the country or abroad since we may use servers and cloud systems located abroad.

We implement the following mechanisms to ensure your data is transferred abroad securely and in accordance with applicable data protection laws: We rely on the Standard Contractual Clauses as issued by the Turkish Data Protection Authority pursuant to Article 9/4(c) of the PDP Law.

Your following personal data may be transferred abroad to our service providers for the following purposes: Your Technical Information, Identity and Contact Information, Customer Information, and User Content for the purpose of conducting storage and archive activities (including cloud services and database services); your E-mail Account Information for the purpose of authentication of user accounts; and your Technical Information for the purposes of correction of technical specifications, technical errors and defects.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, and Firebase Analytics) for the purpose of conducting marketing analysis studies and execution of advertising/campaign/promotion processes.

We may have to share personal information with authorized public institutions and organizations, and judiciary bodies for the purpose of complying with our legal obligations and requirements.

9. Your Rights as the Data Subject

Pursuant to Article 11 of the PDP Law, you may request from the Company the exercise of the following rights regarding your personal data: learn whether or not your personal data have been processed; demand for information as to if your personal data have been processed; learn the purpose of the processing of personal data and whether data are used in accordance with their purpose; know the third parties in the country or abroad to whom your personal data have been transferred; request correction and notification of transactions to third parties in case the personal data is processed incompletely or inaccurately; request deletion, destruction or anonymization of personal data if the reasons for the processing have disappeared; object to the occurrence of any result that is to your detriment by means of the analysis of personal data exclusively through automated systems; request compensation for the damages in case you incur damages due to unlawful processing of your personal data; and right to withdraw explicit consent from processing data based on explicit consent at any time.

Our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest, depending on the nature of the request.

10. Contact Information

If you have any questions or comments regarding this Privacy Policy, or if you have any request or would like to exercise your rights, you may contact us via the following:

Company Title: Alfi AI Yazilim Bilgi Teknolojileri Reklamcilik Danismanlik Sanayi ve Ticaret Anonim Sirketi

Address: Icerenkoy Mah. Topcu Ibrahim Sk. Quick Tower No: 8-10D, Atasehir, Istanbul 34752, Turkey

E-mail: info@cleanco.app

11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland

Where General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal Act on Data Protection is applicable, for a complete understanding of our data practices, please read this privacy notice together with our Privacy Policy outlined above.

In addition to the purposes listed above, we will only process the following personal data with your consent. You may withdraw your consent at any time by contacting us via email: your Marketing Data may be processed for conducting marketing analysis studies and execution of advertising/campaign/promotion processes (you can withdraw consent through settings of your account); and your Identity and Contact Information may be processed for communicating with you to send information about services, products, and applications (you can withdraw your consent by clicking on "unsubscribe" link in the e-mail sent to you).

We implement the following mechanisms to ensure compliance with applicable data protection laws when transferring Personal Data outside the EEA, Switzerland, or the UK: Adequacy Decisions (relying on adequacy decisions issued by the European Commission in accordance with Article 45(1) of the GDPR); Standard Contractual Clauses (SCCs) & Supplementary Measures (for transfers to jurisdictions not covered by an adequacy decision, along with additional safeguards such as encryption, data minimization, and access controls); and Binding Corporate Rules (BCRs) where applicable.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, and Firebase Analytics) for the purpose of conducting marketing analysis studies and execution of advertising/campaign/promotion processes.

Your rights as the Data Subject under the GDPR: Right of Access (Article 15 GDPR) — you can request a copy of your personal data and details on how we process it; Right to Rectification (Article 16 GDPR) — to request the rectification of inaccurate or completion of incomplete information; Right to Erasure (Article 17 GDPR) — you can request deletion of your personal data, except when we are required to retain it for legal obligations or legal claims; Right to Restriction of Processing (Article 18 GDPR); Right to Data Portability (Article 20 GDPR) — you can request a copy of your data in a structured, machine-readable format such as CSV or JSON; Right to Object (Article 21 GDPR) — you can object to processing based on legitimate interests; Automated Decision-Making and Profiling (Article 22 GDPR) — you have the right to request human intervention for decisions made solely by automated means; and Right to Withdraw Consent (Article 7(3) GDPR) — if we process your data based on consent, you can withdraw it at any time.

You may exercise these rights by submitting your request via email at info@cleanco.app. We will respond within one month as required under GDPR. If you believe that we are violating your rights, you can file a complaint to the local data protection authority in your country.

12. For California Residents

For a complete understanding of our data practices, please read this privacy disclosure together with our Privacy Policy outlined above.

If you are a California resident, you have certain rights. These include the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; and right to non-discrimination.

We do not sell your personal information in the traditional sense, but we may share usage data with third-party service providers for analytics and functionality purposes. We do not collect sensitive personal information. To exercise any of these rights, please contact us via email at info@cleanco.app.

We may collect the following categories of personal information: identifiers (e.g., name, email address, phone number, IP address); personal information described in California Civil Code Section 1798.80(e); inferences from your personal information to create a profile about your preferences; and network activity information. Please refer to Section 2 above for a complete description of what information we collect and how we collect it.

We may use third-party tools such as Google, Apple, Facebook SDK, and Firebase Analytics to understand app usage and improve performance. These tools may collect information such as identifiers and in-app events. Under California law, the use of certain analytics and advertising tools may be considered a "sale" or "sharing" of personal information. California residents may always opt out or withdraw their permission by adjusting privacy settings or by contacting us.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will state the date at the top of this Policy. If we make material changes, we will provide you with prominent notice before the changes take effect through the Application interface or by sending an email to the address associated with your account. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated terms.