Welcome to Istanbul Travel Kit ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how your information is collected, used, and disclosed by our mobile application (the "App").

1. Data Controller

The party responsible for data processing within the meaning of the General Data Protection Regulation (GDPR) is:

Baris Yalcinkaya

PO Box 13 (Erenkoy PTT)

Ethem Efendi Cd. No: 65/A

34738 Kadikoy, Istanbul

Türkiye

Email: contact.istanbultravelkit@gmail.com

2. Information We Collect & Legal Basis

Since our App does not require user registration or authentication, we do not collect personal information such as your name, email address, or phone number as part of creating an account.

However, like most mobile apps, certain data may be processed when you use features that rely on third-party services (maps, subscriptions, and backend content delivery). Some of this data may be considered "personal data" under applicable laws (e.g., device identifiers, IP address, precise location).

a. Location Data (Optional)

If you grant location permission, the App can access your device location to:

Show your position on the map (Mapbox).
Power "nearby" and distance-based filters (our backend via Supabase).

When you use these features, your coordinates may be sent to our backend (Supabase) as part of the request to calculate distances and return relevant results. We do not create a user account or profile from your location, and we do not intentionally store a history of your precise location in our database.

Legal Basis: Your consent. You can revoke this consent at any time via device settings.

b. Subscription & Paywall Data (Adapty)

We use Adapty to manage subscriptions and show paywalls. Adapty may process data such as device/app information and identifiers (which may include advertising identifiers like IDFA/GAID where available/allowed), and subscription-related events (e.g., app launches, paywall views, purchase/restore events), as described in Adapty's End-Users Privacy Policy.

We do not ask you to create an account in our App, and we do not intentionally send contact details (like name/email/phone) to Adapty.

Legal Basis: Providing subscription functionality and operating the App (for example: to show paywalls, process purchases/restores, prevent fraud, and improve service quality).

c. Onboarding Inputs & Anonymous Statistics (Supabase)

During onboarding, the App may store on your device:

Selected language
Trip duration (if provided)
Selected interests (if provided)

When you complete onboarding, the App may also send trip duration, selected interests, and language code to our backend (Supabase) for aggregated product statistics.

This data is submitted without requiring a user account. Note that server providers typically process technical data (like IP address and request metadata) when you connect to them.

Legal Basis: Understanding how onboarding is used and improving the App (where permitted by law).

d. Anonymous In-App Usage Statistics (Supabase)

To understand which parts of the App are most useful, we collect anonymous, aggregate usage statistics such as how often and how long certain screens/pages are viewed, including engagement metrics like scroll depth.

We record screen/page view events without requiring a user account.
We may collect metrics such as time spent on a page and scroll depth to understand content engagement.
We store these statistics in aggregate form (e.g., total views per screen, average time spent, optionally grouped by time period such as day/week). Detailed event logs are automatically deleted after 30 days.
We do not intentionally attach these metrics to your identity, name, email, or phone number.
As with most backend services, technical data (such as IP address and request metadata) may be processed by our service providers when requests are made.

Legal Basis: Understanding how the App is used and improving the App (where permitted by law).

e. Crash Reporting (Sentry)

If you enable "Help Improve the App" in onboarding or Settings, we use Sentry to collect crash reports and error logs. This helps us identify and fix bugs to improve your experience.

The data collected may include:

Device model and operating system version
App version and build number
Error stack traces and diagnostic information
Session-related data (without personal identification)

We do not collect personal information such as your name, email address, or phone number through crash reports. You can enable or disable crash reporting at any time via the App's Settings screen.

Legal Basis: Your consent. You can withdraw consent at any time by disabling this feature in Settings.

f. Offline Downloads & Local Storage (On-device)

The App supports offline use by saving content and media locally:

Offline content you download is stored in a local database on your device.
Mapbox may store offline map resources (e.g., tiles/style packs) on your device when you download offline maps.

This offline data is stored on your device and is not uploaded back to us.

Legal Basis: Providing the feature you request (offline access).

g. In-App Feedback System (Supabase)

When you submit feedback through the App's built-in feedback feature, we collect:

A randomly generated, anonymous visitor identifier (UUID) stored locally on your device
Your feedback message and selected category
App version and build number
Platform (iOS or Android) and device locale

This data is submitted without requiring an email address or user account. We may respond to your feedback through the App. Your visitor identifier allows us to associate our reply with your original feedback, but it does not identify you personally.

Legal Basis: Providing the feature you request (feedback and support) and improving the App.

h. App Store Ratings

The App may occasionally prompt you to rate it using the native rating dialog provided by Apple (App Store) or Google (Play Store). When you interact with this dialog, any data (such as your rating or review) is collected and processed by Apple or Google under their respective privacy policies, not by us.

i. Contact Data

If you contact us via email or support channels, we collect the data you provide (e.g., your email address, message content) solely to respond to your inquiries.

Legal Basis: Responding to your request and providing support. Your data is deleted once the request has been processed and no legal retention obligations remain.

j. Subscription Renewal Reminders (Local Notifications)

If you have an active subscription, the App may ask for your permission to send local notifications to remind you before your subscription renews. This helps you manage your subscription and avoid unexpected charges.

These reminders are scheduled and delivered entirely on your device using the operating system's local notification feature.
No data is sent to our servers for this feature. The notification schedule is stored locally on your device.
Your notification preference (enabled/disabled) is stored locally on your device.
You can enable or disable subscription reminders at any time via the App's Settings screen or your device's notification settings.

Legal Basis: Your consent. You can withdraw consent at any time by disabling this feature in Settings.

3. Third-Party Services

We use third-party services to operate the App. These parties process data under their own privacy policies:

Supabase (backend and database): https://supabase.com/privacy
Cloudflare (media delivery via our Cloudflare Worker / object storage infrastructure): https://www.cloudflare.com/privacypolicy/
Mapbox (maps, location, directions, offline maps): https://www.mapbox.com/legal/privacy
Adapty (subscriptions and paywalls): https://adapty.io/end-users-privacy/
Sentry (crash reporting and error tracking, if enabled): https://sentry.io/privacy/
GetYourGuide (affiliate links and embedded widget content): https://www.getyourguide.com/privacy_policy

GetYourGuide WebView Notice: The App embeds GetYourGuide widget content inside a WebView. This content is loaded from GetYourGuide domains (e.g., widget.getyourguide.com) and may use cookies or similar technologies according to GetYourGuide's policies. When you tap certain GetYourGuide links, the App may open them in your external browser.

4. International Data Transfers

Your data may be processed on servers located outside of your jurisdiction (e.g., in the USA), depending on where our service providers operate. Where required, we rely on appropriate transfer mechanisms and safeguards under applicable law.

5. Data Retention

On-device data: Local preferences (including your anonymous visitor identifier, language preference, and consent settings) and offline downloads remain on your device until you delete them in the App (where available) or uninstall the App.
Backend data: We retain backend records (such as aggregated onboarding statistics and feedback messages) for as long as reasonably necessary for analytics, service improvement, and support purposes, unless a longer retention period is required by law. Detailed content view event logs are automatically deleted after 30 days.

6. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following rights:

Right to Access: You can request information about your personal data processed by us.
Right to Rectification: You can request correction of inaccurate data.
Right to Erasure / "Right to be Forgotten": You can request deletion of your personal data, unless we must keep it for legal reasons.
Right to Restriction of Processing: You can request restriction of processing under certain conditions.
Right to Data Portability: You can request to receive your data in a structured, machine-readable format.
Right to Withdraw Consent: Where we rely on your consent (e.g., for location data), you can withdraw it at any time.
Right to Object: Where we process data based on legitimate interests (where applicable), you can object to such processing for reasons arising from your particular situation.

To exercise these rights, please contact us at the email provided in Section 1. Note that since we do not maintain user accounts, some rights (like access or portability) may be limited if we cannot identify you without additional information.

7. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work, or where the alleged infringement took place.

8. Children's Privacy

Our App is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us so we can promptly delete it.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page or within the App.