Privacy Policy

Effective Date: 2025/11/25

Controller: BLARMA TEKNOLOJI ANONIM SIRKETI (“Blarma”, “we”, “us”, “our”)
Website: https://blarma.com
iOS App: https://apps.apple.com/app/id1594884449
Android App: https://play.google.com/store/apps/details?id=com.blarma

Scope

This Policy explains how we collect, use, disclose, transfer, and retain personal data when you use the Blarma mobile apps and website. By using our Services, you agree to this Policy. For more information about your legal obligations and use of our Services, please review our Terms and Conditions.

What Data We Collect

Data you provide

• Account and profile data (name or nickname, email).
• Support communications and content you submit (feedback, bug reports).
• Purchase and subscription context (store receipt IDs, product tier). We do not store card numbers.

Data collected automatically

• Device and usage data (device model, OS, app version, language, time zone, IP, identifiers permitted by your OS).
• Event analytics (feature usage, session length, crash logs, performance metrics).
• Cookies and similar technologies on our website.

Third-Party Tools and SDKs

We use third-party services to operate and improve the Services. These may process limited personal data under their own policies:

• Google Analytics for Firebase, Firebase Crashlytics
• RevenueCat (subscriptions, entitlements)
• Meta Ads SDK / Google Ads (where applicable, with consent where required)
• Cloud hosting providers (e.g., AWS, Google Cloud)

We keep this list current. Partners can change as we improve our stack.

Purposes and Legal Bases (GDPR)

• Provide the Service (contract): account, core features, subscriptions, customer support.
• Improve and secure (legitimate interests): analytics, diagnostics, fraud and abuse prevention.
• Comply with law (legal obligation): tax, accounting, legal claims.
• Marketing/notifications (consent where required): emails or in-app messages. You can opt out at any time.

Your Rights

GDPR (EU/EEA) — You can exercise your rights below by sending us an email. We respond within statutory timelines. For security reasons, we may ask you to verify your identity before fulfilling your request.

• Access — obtain a copy of your data.
• Rectification — correct inaccurate data.
• Erasure — request deletion where applicable.
• Restriction — limit processing in certain cases.
• Data Portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Object — object to processing based on legitimate interests, including profiling; we will stop unless we demonstrate compelling legitimate grounds or need the data for legal claims.
• Withdraw Consent — where processing is based on consent, you can withdraw it at any time.
• Complain — with your local supervisory authority.

If you wish to obtain our EU representative details for GDPR matters, contact us via email.

KVKK (Türkiye) — You have the rights of access, correction, deletion, objection, and appeal under the KVKK No. 6698. For your applications, please send us an email.

CCPA/CPRA (California, US) — California residents may request access, deletion, and correction. We do not “sell” personal information as defined by CCPA. To exercise rights, contact us via email.

Data Deletion Requests (How to delete your data)

Users can request the deletion of their personal data at any time by:

• Using the "Delete Account" option inside the Blarma mobile app: Blarma > Learn > Profile > Delete Account
• Sending an email to [email protected] with the subject line "Data Deletion Request"

All verified requests are processed within 7 business days, unless we are legally required to retain certain data for a longer period (for example, for tax, accounting, or legal obligations).

Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from them. If you are a parent/guardian and believe your child provided personal data, contact us to delete it.

In-App Purchases and Subscriptions

Purchases are processed by Apple App Store or Google Play. These stores may share limited data with us (e.g., anonymous identifiers, receipt status) to validate entitlements, manage refunds, and prevent fraud. We do not process or store full payment card details.

Retention

We retain personal data only as long as necessary for the purposes above or as required by law. Typical periods:

• Account data: for your account’s lifetime, then up to 24 months for dispute handling.
• Support tickets: 12–24 months.
• Analytics events: 12–24 months in aggregated or pseudonymized form.
• Financial records: up to 10 years where required by tax/accounting law.

After expiry, data are deleted or irreversibly anonymized.

International Transfers

We may process data on servers outside your country of residence, including the EEA, UK, and the United States. Where GDPR applies, we use appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) for data transfers to countries without an adequacy decision, or rely on an adequacy decision where available. Copies of applicable safeguards can be requested via email.

Security

We use technical and organizational measures appropriate to risk, including encryption in transit, access controls, and audit logging. No method of transmission or storage is 100% secure.

Marketing and Choices

• Email and in-app messages: unsubscribe or disable in settings, or contact us.
• Push notifications: control via your device OS settings.
• Analytics/ads: manage consent where prompts are shown; you can reset your device advertising ID.

Cookies

We use necessary and analytics cookies on our website. You can control cookies from your browser settings. Where required, we obtain consent via a banner. Visitors from the EU and UK will see a cookie consent banner before non-essential cookies are activated.

Disclosures

We may disclose data to: service providers under contract, group companies (if any), lawful authorities, or in connection with a merger, acquisition, or asset sale. We do not share personal data with third parties for their direct marketing without your consent.

Changes to this Policy

We may update this Policy. We will post the updated version with a new “Effective Date” and, where required by law, notify you by in-app message and/or email.

Contact

Email: [email protected]
Address: İvedikOSB Mahallesi, 2224. Cadde, No: 1/116, Teknopark Ankara, Yenimahalle, Ankara, Türkiye

If there is any conflict between localized versions, the English version controls unless local law requires otherwise.