Privacy Policy

Last updated: 4 June 2026 · Effective: 4 June 2026

This Privacy Policy explains what personal data we collect when you use the simlek mobile application (the "App") and the simlek.app website (the "Site"), how we use it, who we share it with, and the rights you have.

Users residing in Türkiye are additionally covered by the KVKK Notice. Where the two conflict, the KVKK Notice prevails for Türkiye-based users.

Contents

Data Controller
Data We Collect
How We Use Data
Legal Basis
Third Parties and Transfers
International Transfers
Retention
Security
Your Rights
Children's Privacy
Changes
Contact

1. Data Controller

Personal data covered by this Policy is processed by Delilcan Düven, operating under the simlek brand ("we", "us", "our"). simlek is an independent product. We are not affiliated with, endorsed by, or officially partnered with Zara, Mango, Bershka, Pull&Bear, or any other retailer named in the App.

Contact: [email protected]

2. Data We Collect

2.1. When you create an account

You can use the App anonymously at first. To start a watch or receive notifications you need to use Sign in with Apple or Sign in with Google. From the identity provider we receive:

A unique user ID (Firebase UID)
Your email address (or a relay address if you choose Apple's "Hide My Email")
Your name (only when the provider shares it at first sign-in)
A profile photo URL (Google sign-in only, if available)

2.2. When you use the App

Watches: the product URLs you paste, the sizes you pick, when each watch was started, your notification preferences (quiet hours, mutes).
Notifications: type, time and read status of the notifications we send you.
Device info: device model, OS version, app version, language preference.
Push token: the unique token Apple/Google generates for your device so we can send notifications.

2.3. When you buy a subscription (Premium)

The subscription product identifier, start and renewal dates, as reported by Apple App Store or Google Play.
We do not collect your card, bank, or billing information. All payments are processed by Apple or Google; we only receive subscription state via RevenueCat.
If you redeem a referral code: the code used and redemption time.

2.4. Technical data we collect automatically

Crash and error logs (Sentry) — anonymous technical info when the App crashes or errors.
API request logs — requests between the App and our servers, including IP address and timestamps. We do not run marketing analytics; we do not embed any advertising SDK.

2.5. What we do NOT collect

We do not collect: precise location (GPS), contacts, photo library, microphone, health data, financial account info, advertising identifiers.

3. How We Use Data

To create your account and let you sign in.
To repeatedly check the public APIs of retailers for the products and sizes you've asked us to watch.
To push a notification when a size you're tracking returns to stock.
To manage subscriptions (excluding the billing side handled by Apple/Google).
To diagnose and fix App errors.
To meet legal obligations.

We do not sell your data, share it with advertising networks, or share it with the retailers.

4. Legal Basis (GDPR / KVKK)

For users in the EU/UK and Türkiye, our legal bases for processing are:

Performance of contract: account, watches, notifications, subscription management.
Legitimate interest: security, error diagnostics, service improvement.
Explicit consent: for international data transfers (KVKK art. 9).
Legal obligation: responses to lawful requests from authorities.

We use the minimum set of service providers required to operate. None of them may use your data for their own marketing purposes.

Apple Inc. (US) — sign-in, push delivery infrastructure, billing.
Google LLC / Firebase (US) — authentication, Remote Config.
Expo, Inc. (US) — push notification delivery.
RevenueCat, Inc. (US) — subscription state verification.
Functional Software, Inc. (Sentry) (US) — error monitoring.
Render Services, Inc. (US) — server hosting.
Cloudflare, Inc. (US / global) — CDN, domain, edge network.
Database provider (Supabase/Neon, US/EU) — database hosting.

We may also disclose data to comply with lawful requests from authorities (court orders, prosecutor requests, etc.).

6. International Transfers

Most of the providers above are based in the United States. Your personal data may therefore be transferred to and processed in the US and other countries to enable our service. These transfers:

Rely on Standard Contractual Clauses and equivalent safeguards under GDPR.
Rely on your explicit consent at sign-up under KVKK.

7. Retention

Account data: while your account is active, plus up to 30 days after deletion (backup purge window).
Watches: 30-day natural expiry, or until you stop the watch.
Notification history: 12 months.
Error logs (Sentry): 90 days.
API logs: 30 days.
Invoice / payment records: kept by Apple/Google for 10 years per tax law; not stored on our side.

8. Security

All connections use HTTPS/TLS. We do not store passwords (authentication is handled by Apple/Google). Database access is restricted by least privilege. IP addresses in error logs are anonymized after 30 days.

That said, no internet transmission is 100% secure. In the event of a data breach we will notify you and the relevant authorities within 72 hours.

9. Your Rights

Under KVKK art. 11 and GDPR art. 15-22 you have the right to:

Confirm whether your data is being processed.
Request information about how it is processed.
Know the purpose and whether it's used in line with that purpose.
Have inaccurate or incomplete data corrected.
Have your data deleted or destroyed.
Object to processing.
Receive your data in a structured, portable format.
Object to automated decision-making (not applicable; we do not run automated decision-making).

You can delete your account directly from the App via Profile → Delete Account. For written requests: [email protected]

10. Children's Privacy

The App is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If we learn we have collected such data, we will delete it as soon as possible. In Türkiye, parental consent is recommended for users under 18.

11. Changes

We may update this Policy from time to time. For material changes we will notify you in the App or by email. The current version is always at this URL; the "Last updated" date at the top reflects the latest revision.

12. Contact

For any question or request about this Policy or your personal data:

General: [email protected]
KVKK requests (Türkiye): [email protected]
Support: [email protected]