SINI APPLICATION PRIVACY POLICY AND CLARIFICATION TEXT

Last Updated: [05.01.2026]

This text has been prepared pursuant to Article 10 of the Law on the Protection of Personal Data No. 6698 (KVKK) and Articles 13/14 of the EU GDPR, in order to explain the procedures and principles regarding the processing of your personal data by Emre Ozdemir, acting in the capacity of data controller, during the use of the Sini mobile application (“Application”).

1. Identity of the Data Controller

Your data is processed by Emre Ozdemir in the capacity of data controller.

Contact: emre@sini.istanbul

2. Processed Personal Data and Collection Method

Manually Provided Data:

  • Mandatory email address

  • Optional: Name-Surname, country information, profile photo

  • Restaurant reviews and ratings

Automatically Collected Data:

  • GPS-based location data (while the application is open)

  • Device identifiers and Instance ID

  • Search terms and Algolia search logs

  • Purchase/subscription status (RevenueCat)

  • IP address logs and security records

  • Google Firebase Analytics usage statistics

Collection Method: Data is collected through application forms, SDKs (Software Development Kits), and similar technologies.

3. Purposes of Data Processing and Legal Grounds

Performance of the Contract (GDPR 6/1-b, KVKK 5/2-c):

  • Creation of membership

  • Provision of access to content

  • Listing restaurants according to distance

Legitimate Interest (GDPR 6/1-f, KVKK 5/2-f):

  • Improvement of user experience

  • Search performance and ranking

  • Prevention of misuse/abuse

  • Service security via IP logs

Legal Obligation (GDPR 6/1-c):

  • Sharing unlawful content with authorized authorities

  • App Store contractual requirements

4. Cookies and Similar Technologies

SDKs such as Firebase Analytics, Algolia, and RevenueCat may collect:

  • Device identifiers

  • Instance ID

  • IP address

  • Usage statistics

These are collected via cookie-like tracking mechanisms. These technologies are used solely for the provision, analysis, and security of the service.

5. Data Transfer

Third Parties:

  • Firebase / Google (USA): Analytics and authentication

  • Algolia (USA/EU): Search logs

  • RevenueCat (USA): Subscription management

  • FlutterFlow (EU/USA): Application infrastructure

GDPR Transfer Mechanism:

For transfers outside the EU, Standard Contractual Clauses (SCC) and relevant technical safeguards are applied.

6. Data Retention Periods

  • Analytics data: 14 months

  • IP security logs: 2 years

  • User content and profile: Until the account is deleted

  • Purchase records: 5 years (due to financial regulations)

When the period expires, data is destroyed or anonymized.

7. Children's Privacy

The application is not directed at children under the age of 13. If it is discovered that data has been collected from this age group, the data will be deleted immediately.

8. Automated Decision Making

Ranking is performed based on your location.

This process does not constitute an automated decision producing legal effects; it is merely a distance-based recommendation.

9. User Rights

Under KVKK Art. 11 and the GDPR, you have the following rights:

  • Right of Access

  • Right to Rectification

  • Right to Erasure (Deletion)

  • Right to Restriction of Processing

  • Right to Data Portability

  • Right to Object

10. Account Deletion

You can delete all your data within the application by following this step:

Profile → Settings → Delete My Account

Requests are responded to within 30 days.

11. Security and EULA Compliance

In case of violations, we reserve the right to:

  • Block the user

  • Remove comments

  • Share information with authorized authorities

12. Policy Changes

Changes will be published on this page. In the event of significant changes, an email or in-app notification will be sent.

Analogy:

Sini’s approach to privacy is like a restaurant’s menu transparency—it clearly shows which ingredients are used and what tools are available in the kitchen.