🔒 Your Privacy Matters

Kismet is committed to protecting your personal data. We comply with GDPR (EU), KVKK (Turkey), CCPA (USA), and international data protection standards. Kismet is an AI-powered pattern analysis tool for entertainment purposes only.

Privacy Policy

Effective Date: April 2026

Last Updated: April 2, 2026

1. Data Controller

The data controller responsible for your personal data is:

TABA TASARIM İNŞAAT A.Ş.

Operating as Graviti Labs

Şehit Şakir Elkovan cad. No:3, Ataşehir, Istanbul, Turkey

Email: kismet@gravitilabs.com

Data Protection Officer: dpo@gravitilabs.com

Privacy Inquiries: privacy@gravitilabs.com

2. Data We Collect

2.1 Account Data

When you create an account, we collect: email address, display name (optional), and profile photo (optional). This data is necessary to provide and personalize the Service.

2.2 Analysis Data

When you use our coffee cup analysis feature, we process: photographs of your coffee cup (transmitted to our AI service for pattern analysis, not permanently stored on our servers after analysis completes), analysis results and interpretations, and optional personal context you provide (name, date of birth) to personalize your entertainment experience.

2.3 Usage Data

We automatically collect: app interactions and feature usage patterns, session duration and frequency, language preference, and analysis history metadata.

2.4 Device Data

We collect: device model and operating system version, app version, unique device identifiers (for crash reporting), and IP address (processed but not permanently stored).

2.5 Payment Data

For in-app purchases, we receive: transaction identifiers and purchase timestamps only. We do not collect, store, or have access to your credit card numbers, bank account details, or other financial information. All payment processing is handled by Apple (App Store) or Google (Play Store).

2.6 Advertising Data

Our advertising partner (Google AdMob) may collect: advertising identifier (IDFA/GAID), ad interaction data, and general demographic inferences. You can limit ad tracking through your device settings.

2.7 Feedback Data

If you provide feedback on analyses, we collect: your feedback rating and comments, the associated analysis identifier, and timestamp.

3. How We Use Your Data

We use your personal data for the following purposes:

Service Delivery: To provide coffee cup pattern analysis and generate entertainment-based interpretations
Account Management: To create and maintain your account, authenticate access, and manage your credit balance
Service Improvement: To improve our AI analysis algorithms, app performance, and user experience
Payment Processing: To verify and record in-app purchases and manage credit balances
Advertising: To display advertisements through Google AdMob (free-tier users)
Communications: To send essential service notifications (password resets, account security)
Legal Compliance: To comply with applicable laws, regulations, and legal processes
Fraud Prevention: To detect and prevent fraudulent activity, abuse, and security threats

4. Legal Basis for Processing

Under GDPR (EU) and KVKK (Turkey), we process your data based on the following legal grounds:

Purpose	Legal Basis
Providing the analysis service	Performance of contract (GDPR Art. 6(1)(b) / KVKK Art. 5(2)(c))
Processing cup photos via AI	Explicit consent (GDPR Art. 6(1)(a) / KVKK Art. 5(1))
Optional personal info for readings	Explicit consent (GDPR Art. 6(1)(a) / KVKK Art. 5(1))
Analytics and service improvement	Legitimate interest (GDPR Art. 6(1)(f) / KVKK Art. 5(2)(f))
Displaying advertisements	Legitimate interest / Consent (where required)
Legal record-keeping	Legal obligation (GDPR Art. 6(1)(c) / KVKK Art. 5(2)(ç))
Fraud prevention and security	Legitimate interest (GDPR Art. 6(1)(f) / KVKK Art. 5(2)(e))

5. AI and Automated Processing

Transparency Disclosure (EU AI Act Compliance): Kismet uses artificial intelligence (Google Gemini API) to analyze patterns in coffee cup photographs and generate interpretive readings. This is an automated process.

Your coffee cup photos are transmitted securely to Google's AI API for pattern analysis
The AI generates interpretations based on visual patterns — these are entertainment content only and do not constitute predictions, professional advice, or factual statements
Photos are processed in real-time and are not permanently stored by Google's AI service after analysis
No automated decision-making produces legal effects or similarly significant effects on you (GDPR Art. 22)
You have the right to request human review of any AI-generated content by contacting us

6. Data Sharing and Third Parties

We share your data with the following categories of recipients, only to the extent necessary:

Service Providers

Google LLC (Firebase): Authentication, database storage, crash reporting — processes account data, usage data, device data

Google LLC (Gemini AI): Coffee cup photo analysis — processes photos in real-time only

Google LLC (AdMob): Advertisement delivery — processes advertising identifiers and interaction data

Apple Inc. / Google LLC: Payment processing — processes transaction data only

We do NOT:

Sell your personal data to any third party
Share your data with data brokers
Use your photos for any purpose other than generating your analysis
Share your analysis results with any third party

We may disclose data to law enforcement or regulatory authorities only when legally compelled to do so by valid legal process (court order, subpoena, or binding regulatory request).

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Google servers are located). We ensure adequate protection through:

EU Standard Contractual Clauses (SCCs) as approved by the European Commission
EU-US Data Privacy Framework certification of our service providers
KVKK Article 9 compliance for transfers from Turkey — transfers occur only to countries with adequate protection or with explicit consent
Appropriate technical and organizational safeguards

8. Data Retention

Data Category	Retention Period
Account data	Until you delete your account
Analysis results	Until you delete them or your account
Coffee cup photos	Processed in real-time, not permanently stored after analysis
Usage and analytics data	24 months from collection
Payment transaction records	10 years (Turkish Commercial Code No. 6102)
Feedback data	Until you delete your account
Device/crash data	12 months

When data is no longer needed, it is securely deleted or anonymized in accordance with applicable data protection laws.

9. Your Rights

9.1 GDPR Rights (EU/EEA Users including Greece)

Under the General Data Protection Regulation, you have the right to:

Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Erase your data — "right to be forgotten" (Art. 17)
Restrict processing (Art. 18)
Data portability — receive your data in a structured format (Art. 20)
Object to processing based on legitimate interest (Art. 21)
Not be subject to solely automated decision-making (Art. 22)
Withdraw consent at any time without affecting prior processing (Art. 7(3))
Lodge a complaint with your local supervisory authority

9.2 KVKK Rights (Turkish Users)

Under the Personal Data Protection Law No. 6698 (KVKK), you have the right to:

Learn whether your personal data is being processed (Art. 11(1)(a))
Request information about processing if data has been processed (Art. 11(1)(b))
Learn the purpose of processing and whether data is used in accordance with its purpose (Art. 11(1)(c))
Know the third parties to whom data is transferred domestically or abroad (Art. 11(1)(ç))
Request rectification of incomplete or inaccurate data (Art. 11(1)(d))
Request erasure or destruction of data (Art. 11(1)(e))
Object to a result that is to your detriment arising from automated analysis (Art. 11(1)(g))
Claim compensation for damages arising from unlawful processing (Art. 11(1)(ğ))
Apply to the KVKK Board (Kişisel Verileri Koruma Kurulu) at kvkk.gov.tr

9.3 CCPA/CPRA Rights (California Users)

Right to Know: What personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out of Sale: We do not sell your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising these rights

9.4 PDPL Rights (UAE/Saudi Arabia Users)

Right to access your personal data
Right to correct inaccurate or incomplete data
Right to request deletion of your data
Right to restrict processing of your data

10. How to Exercise Your Rights

To exercise any of your data protection rights:

Email: privacy@gravitilabs.com or dpo@gravitilabs.com
In-App: Settings → Delete Account (for account and data deletion)

We will verify your identity before processing your request. We will respond within 30 days (extendable by 60 days for complex requests under GDPR, or 30 days under KVKK). All requests are free of charge unless manifestly unfounded or excessive.

11. Children's Privacy

Kismet is not directed at children. We do not knowingly collect personal data from:

Children under 13 years of age (COPPA — United States)
Children under 16 years of age in the European Economic Area and Turkey (GDPR Art. 8 / KVKK)

If we become aware that we have collected data from a child without appropriate parental consent, we will promptly delete that data. If you believe a child has provided us with personal data, please contact us at privacy@gravitilabs.com.

12. Cookies and Tracking Technologies

As a native mobile application, Kismet does not use browser cookies. However:

Firebase Analytics: Collects anonymized usage statistics to help us improve the app
Google AdMob: May use your device's advertising identifier (IDFA on iOS, GAID on Android) to deliver relevant advertisements
Crash Reporting: Firebase Crashlytics collects device and crash data to help us identify and fix bugs

You can opt out of personalized advertising through your device settings: iOS: Settings → Privacy → Tracking; Android: Settings → Google → Ads.

13. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

Encryption in transit using TLS 1.2 or higher
Encryption at rest for all stored data (Firebase)
Access controls and authentication for all systems
Regular security assessments and monitoring
Principle of least privilege for data access

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (GDPR Art. 33) and affected users without undue delay (KVKK Art. 12), where the breach poses a risk to rights and freedoms.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through an in-app notification. The "Last Updated" date at the top indicates when this policy was most recently revised. Your continued use of Kismet after changes constitutes acceptance of the updated policy.

15. Contact and Supervisory Authorities

Contact Us

General: kismet@gravitilabs.com

Privacy: privacy@gravitilabs.com

DPO: dpo@gravitilabs.com

Supervisory Authorities

Turkey: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr

Greece: Hellenic Data Protection Authority (HDPA/ΑΠΔΠΧ) — dpa.gr

EU: You may contact the supervisory authority in your EU Member State of residence

🔒 Gizliliğiniz Bizim İçin Önemlidir

Kismet, kişisel verilerinizin korunmasına kararlıdır. KVKK (Türkiye), GDPR (AB), CCPA (ABD) ve uluslararası veri koruma standartlarına uyum sağlıyoruz. Kismet, yalnızca eğlence amaçlı yapay zeka destekli desen analiz aracıdır.

Gizlilik Politikası

Yürürlük Tarihi: Nisan 2026

Son Güncelleme: 2 Nisan 2026

1. Veri Sorumlusu

Kişisel verilerinizden sorumlu veri sorumlusu:

TABA TASARIM İNŞAAT A.Ş.

Graviti Labs markası altında faaliyet göstermektedir

Şehit Şakir Elkovan cad. No:3, Ataşehir, İstanbul, Türkiye

E-posta: kismet@gravitilabs.com

Veri Koruma Görevlisi: dpo@gravitilabs.com

Gizlilik Soruları: privacy@gravitilabs.com

2. Topladığımız Veriler

2.1 Hesap Verileri

Hesap oluşturduğunuzda topladığımız veriler: e-posta adresi, görünen ad (isteğe bağlı) ve profil fotoğrafı (isteğe bağlı). Bu veriler Hizmeti sağlamak ve kişiselleştirmek için gereklidir.

2.2 Analiz Verileri

Kahve fincanı analiz özelliğimizi kullandığınızda işlediğimiz veriler: kahve fincanı fotoğrafları (desen analizi için yapay zeka servisimize iletilir, analiz tamamlandıktan sonra sunucularımızda kalıcı olarak saklanmaz), analiz sonuçları ve yorumlar, ve eğlence deneyiminizi kişiselleştirmek için sağladığınız isteğe bağlı kişisel bilgiler (ad, doğum tarihi).

2.3 Kullanım Verileri

Otomatik olarak toplanan veriler: uygulama etkileşimleri ve özellik kullanım kalıpları, oturum süresi ve sıklığı, dil tercihi ve analiz geçmişi meta verileri.

2.4 Cihaz Verileri

Toplanan veriler: cihaz modeli ve işletim sistemi sürümü, uygulama sürümü, benzersiz cihaz tanımlayıcıları (çökme raporlama için) ve IP adresi (işlenir ancak kalıcı olarak saklanmaz).

2.5 Ödeme Verileri

Uygulama içi satın alımlarda yalnızca işlem tanımlayıcıları ve satın alma zaman damgaları alınır. Kredi kartı numaralarınızı, banka hesap bilgilerinizi veya diğer finansal bilgilerinizi toplamıyor, saklamıyor veya bunlara erişmiyoruz. Tüm ödeme işlemleri Apple (App Store) veya Google (Play Store) tarafından gerçekleştirilir.

2.6 Reklam Verileri

Reklam ortağımız (Google AdMob) tarafından toplanabilecek veriler: reklam tanımlayıcısı (IDFA/GAID), reklam etkileşim verileri ve genel demografik çıkarımlar. Cihaz ayarlarınızdan reklam izlemeyi sınırlandırabilirsiniz.

2.7 Geri Bildirim Verileri

Analizler hakkında geri bildirim sağlarsanız, topladığımız veriler: geri bildirim puanınız ve yorumlarınız, ilişkili analiz tanımlayıcısı ve zaman damgası.

3. Verilerinizi Nasıl Kullanıyoruz

Hizmet Sunumu: Kahve fincanı desen analizi sağlamak ve eğlence amaçlı yorumlar üretmek
Hesap Yönetimi: Hesabınızı oluşturmak ve yönetmek, erişimi doğrulamak, kredi bakiyenizi yönetmek
Hizmet İyileştirme: Yapay zeka analiz algoritmalarımızı, uygulama performansını ve kullanıcı deneyimini geliştirmek
Ödeme İşleme: Uygulama içi satın almaları doğrulamak ve kaydetmek
Reklamcılık: Google AdMob aracılığıyla reklam göstermek (ücretsiz katman kullanıcıları)
İletişim: Temel hizmet bildirimleri göndermek (şifre sıfırlama, hesap güvenliği)
Yasal Uyumluluk: Yürürlükteki yasa ve düzenlemelere uymak
Dolandırıcılık Önleme: Dolandırıcılık faaliyetlerini, kötüye kullanımı ve güvenlik tehditlerini tespit etmek ve önlemek

4. İşlemenin Hukuki Dayanağı

KVKK (6698 sayılı Kanun) ve GDPR kapsamında verilerinizi aşağıdaki hukuki dayanaklara göre işliyoruz:

Amaç	Hukuki Dayanak
Analiz hizmetinin sunulması	Sözleşmenin ifası (KVKK m. 5(2)(c) / GDPR m. 6(1)(b))
Fincan fotoğraflarının yapay zeka ile işlenmesi	Açık rıza (KVKK m. 5(1) / GDPR m. 6(1)(a))
Okumalar için isteğe bağlı kişisel bilgiler	Açık rıza (KVKK m. 5(1) / GDPR m. 6(1)(a))
Analitik ve hizmet iyileştirme	Meşru menfaat (KVKK m. 5(2)(f) / GDPR m. 6(1)(f))
Reklam gösterimi	Meşru menfaat / Rıza (gerekli olduğunda)
Yasal kayıt tutma	Hukuki yükümlülük (KVKK m. 5(2)(ç) / GDPR m. 6(1)(c))

5. Yapay Zeka ve Otomatik İşleme

Şeffaflık Bildirimi (AB Yapay Zeka Yasası Uyumluluğu): Kismet, kahve fincanı fotoğraflarındaki desenleri analiz etmek ve yorumlayıcı okumalar üretmek için yapay zeka (Google Gemini API) kullanmaktadır.

Kahve fincanı fotoğraflarınız desen analizi için Google'ın yapay zeka API'sine güvenli bir şekilde iletilir
Yapay zeka, görsel desenlere dayalı yorumlar üretir — bunlar yalnızca eğlence içeriğidir
Fotoğraflar gerçek zamanlı olarak işlenir ve analiz sonrası Google'ın yapay zeka servisi tarafından kalıcı olarak saklanmaz
Hukuki sonuçlar doğuran veya benzer şekilde önemli etkiler yaratan otomatik karar verme yapılmamaktadır (GDPR m. 22)
Yapay zeka tarafından üretilen herhangi bir içeriğin insan incelemesini talep etme hakkınız vardır

6. Veri Paylaşımı ve Üçüncü Taraflar

Hizmet Sağlayıcılar

Google LLC (Firebase): Kimlik doğrulama, veritabanı, çökme raporlama

Google LLC (Gemini AI): Kahve fincanı fotoğraf analizi — yalnızca gerçek zamanlı işlem

Google LLC (AdMob): Reklam sunumu

Apple Inc. / Google LLC: Ödeme işleme

Yapmadığımız şeyler:

Kişisel verilerinizi herhangi bir üçüncü tarafa satmıyoruz
Verilerinizi veri simsarlarıyla paylaşmıyoruz
Fotoğraflarınızı analizinizi oluşturma dışında herhangi bir amaçla kullanmıyoruz

7. Uluslararası Veri Aktarımları

Verileriniz, ikamet ettiğiniz ülke dışındaki ülkelere aktarılabilir ve orada işlenebilir. KVKK Madde 9 uyarınca, aktarımlar yalnızca yeterli korumaya sahip ülkelere veya açık rızanızla gerçekleşir. Ayrıca AB Standart Sözleşme Maddeleri (SCC'ler) uygulanır.

8. Veri Saklama

Veri Kategorisi	Saklama Süresi
Hesap verileri	Hesabınızı silene kadar
Analiz sonuçları	Siz silene veya hesabınızı silene kadar
Kahve fincanı fotoğrafları	Gerçek zamanlı işlenir, analiz sonrası kalıcı olarak saklanmaz
Kullanım ve analitik verileri	Toplama tarihinden itibaren 24 ay
Ödeme işlem kayıtları	10 yıl (6102 sayılı Türk Ticaret Kanunu)
Geri bildirim verileri	Hesabınızı silene kadar

9. Haklarınız

9.1 KVKK Hakları (Türkiye'deki Kullanıcılar)

6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında aşağıdaki haklara sahipsiniz:

Kişisel verilerinizin işlenip işlenmediğini öğrenme (m. 11(1)(a))
Kişisel verileriniz işlenmişse buna ilişkin bilgi talep etme (m. 11(1)(b))
Kişisel verilerinizin işlenme amacını ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme (m. 11(1)(c))
Yurt içinde veya yurt dışında kişisel verilerinizin aktarıldığı üçüncü kişileri bilme (m. 11(1)(ç))
Kişisel verilerinizin eksik veya yanlış işlenmiş olması hâlinde bunların düzeltilmesini isteme (m. 11(1)(d))
Kişisel verilerinizin silinmesini veya yok edilmesini isteme (m. 11(1)(e))
İşlenen verilerin münhasıran otomatik sistemler vasıtasıyla analiz edilmesi suretiyle aleyhinize bir sonucun ortaya çıkmasına itiraz etme (m. 11(1)(g))
Kişisel verilerinizin kanuna aykırı olarak işlenmesi sebebiyle zarara uğramanız hâlinde zararın giderilmesini talep etme (m. 11(1)(ğ))
Kişisel Verileri Koruma Kurumu'na başvurma hakkı — kvkk.gov.tr

9.2 GDPR Hakları (AB/AEA Kullanıcıları)

Genel Veri Koruma Tüzüğü kapsamında erişim, düzeltme, silme, kısıtlama, veri taşınabilirliği, itiraz ve otomatik karar vermeye tabi olmama haklarına sahipsiniz.

10. Haklarınızı Nasıl Kullanabilirsiniz

E-posta: privacy@gravitilabs.com veya dpo@gravitilabs.com
Uygulama İçi: Ayarlar → Hesabı Sil (hesap ve veri silme için)

Talebinizi işleme almadan önce kimliğinizi doğrulayacağız. KVKK kapsamında 30 gün, GDPR kapsamında 30 gün (karmaşık talepler için 60 gün uzatılabilir) içinde yanıt vereceğiz.

11. Çocukların Gizliliği

Kismet çocuklara yönelik değildir. 13 yaşından küçük çocuklardan (ABD - COPPA) ve 16 yaşından küçük çocuklardan (AEA ve Türkiye - GDPR m. 8 / KVKK) bilerek kişisel veri toplamıyoruz.

12. Çerezler ve İzleme Teknolojileri

Yerel bir mobil uygulama olarak Kismet tarayıcı çerezleri kullanmaz. Ancak Firebase Analytics anonim kullanım istatistikleri toplar ve Google AdMob cihazınızın reklam tanımlayıcısını kullanabilir. Cihaz ayarlarınızdan kişiselleştirilmiş reklamları devre dışı bırakabilirsiniz.

13. Veri Güvenliği

Kişisel verilerinizi korumak için uygun teknik ve idari tedbirler uyguluyoruz: aktarım sırasında TLS 1.2+ şifreleme, depolama sırasında şifreleme, erişim kontrolleri ve düzenli güvenlik değerlendirmeleri. Bir kişisel veri ihlali durumunda, ilgili denetim makamını 72 saat içinde (GDPR m. 33) ve etkilenen kullanıcıları gecikmeksizin (KVKK m. 12) bilgilendireceğiz.

14. Bu Politikadaki Değişiklikler

Bu Gizlilik Politikasını zaman zaman güncelleyebiliriz. Önemli değişiklikleri uygulama içi bildirim yoluyla size ileteceğiz.

15. İletişim ve Denetim Makamları

Denetim Makamları

Türkiye: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr

Yunanistan: Hellenic Data Protection Authority (HDPA/ΑΠΔΠΧ) — dpa.gr

AB: İkamet ettiğiniz AB Üye Devletindeki denetim makamıyla iletişime geçebilirsiniz

🔒 Το Απόρρητό σας Μας Ενδιαφέρει

Το Kismet δεσμεύεται για την προστασία των προσωπικών σας δεδομένων. Συμμορφωνόμαστε με τον GDPR (ΕΕ), το KVKK (Τουρκία), το CCPA (ΗΠΑ) και τα διεθνή πρότυπα προστασίας δεδομένων. Το Kismet είναι ένα εργαλείο ανάλυσης μοτίβων με τεχνητή νοημοσύνη αποκλειστικά για ψυχαγωγικούς σκοπούς.

Πολιτική Απορρήτου

Ημερομηνία Ισχύος: Απρίλιος 2026

Τελευταία Ενημέρωση: 2 Απριλίου 2026

1. Υπεύθυνος Επεξεργασίας

Ο υπεύθυνος επεξεργασίας των προσωπικών σας δεδομένων είναι:

TABA TASARIM İNŞAAT A.Ş.

Λειτουργεί ως Graviti Labs

Şehit Şakir Elkovan cad. No:3, Ataşehir, Κωνσταντινούπολη, Τουρκία

Email: kismet@gravitilabs.com

Υπεύθυνος Προστασίας Δεδομένων: dpo@gravitilabs.com

Ερωτήσεις Απορρήτου: privacy@gravitilabs.com

2. Δεδομένα που Συλλέγουμε

2.1 Δεδομένα Λογαριασμού

Κατά τη δημιουργία λογαριασμού, συλλέγουμε: διεύθυνση email, εμφανιζόμενο όνομα (προαιρετικό) και φωτογραφία προφίλ (προαιρετικό).

2.2 Δεδομένα Ανάλυσης

Κατά τη χρήση της ανάλυσης φλιτζανιού καφέ, επεξεργαζόμαστε: φωτογραφίες του φλιτζανιού καφέ σας (μεταδίδονται στην υπηρεσία AI για ανάλυση μοτίβων, δεν αποθηκεύονται μόνιμα στους διακομιστές μας μετά την ολοκλήρωση της ανάλυσης), αποτελέσματα ανάλυσης, και προαιρετικές προσωπικές πληροφορίες (όνομα, ημερομηνία γέννησης).

2.3 Δεδομένα Χρήσης

Συλλέγουμε αυτόματα: αλληλεπιδράσεις εφαρμογής, διάρκεια συνεδρίας, γλωσσική προτίμηση και μεταδεδομένα ιστορικού αναλύσεων.

2.4 Δεδομένα Συσκευής

Συλλέγουμε: μοντέλο συσκευής, έκδοση λειτουργικού συστήματος, έκδοση εφαρμογής και μοναδικά αναγνωριστικά συσκευής.

2.5 Δεδομένα Πληρωμών

Λαμβάνουμε μόνο αναγνωριστικά συναλλαγών. Δεν συλλέγουμε, αποθηκεύουμε ή έχουμε πρόσβαση σε αριθμούς πιστωτικών καρτών ή τραπεζικούς λογαριασμούς.

2.6 Δεδομένα Διαφήμισης

Το Google AdMob μπορεί να συλλέξει αναγνωριστικό διαφήμισης και δεδομένα αλληλεπίδρασης με διαφημίσεις.

3. Πώς Χρησιμοποιούμε τα Δεδομένα σας

Παροχή Υπηρεσιών: Ανάλυση μοτίβων φλιτζανιού καφέ και παραγωγή ψυχαγωγικών ερμηνειών
Διαχείριση Λογαριασμού: Δημιουργία και συντήρηση λογαριασμού
Βελτίωση Υπηρεσιών: Βελτίωση αλγορίθμων AI και εμπειρίας χρήστη
Διαφήμιση: Προβολή διαφημίσεων μέσω Google AdMob
Νομική Συμμόρφωση: Συμμόρφωση με ισχύοντες νόμους
Πρόληψη Απάτης: Ανίχνευση και πρόληψη δόλιας δραστηριότητας

4. Νομική Βάση Επεξεργασίας (GDPR)

Σκοπός	Νομική Βάση
Παροχή υπηρεσίας ανάλυσης	Εκτέλεση σύμβασης (Άρθρο 6(1)(β))
Επεξεργασία φωτογραφιών μέσω AI	Ρητή συγκατάθεση (Άρθρο 6(1)(α))
Αναλυτικά στοιχεία και βελτίωση	Έννομο συμφέρον (Άρθρο 6(1)(στ))
Νομική τήρηση αρχείων	Νομική υποχρέωση (Άρθρο 6(1)(γ))

5. AI και Αυτοματοποιημένη Επεξεργασία

Γνωστοποίηση Διαφάνειας: Το Kismet χρησιμοποιεί τεχνητή νοημοσύνη (Google Gemini API) για ανάλυση μοτίβων. Οι φωτογραφίες επεξεργάζονται σε πραγματικό χρόνο και δεν αποθηκεύονται μόνιμα. Τα αποτελέσματα είναι αποκλειστικά ψυχαγωγικού περιεχομένου. Δεν πραγματοποιείται αυτοματοποιημένη λήψη αποφάσεων με νομικές συνέπειες (Άρθρο 22 GDPR).

6. Κοινοποίηση Δεδομένων

Πάροχοι Υπηρεσιών

Google LLC (Firebase): Ταυτοποίηση, βάση δεδομένων, αναφορές σφαλμάτων

Google LLC (Gemini AI): Ανάλυση φωτογραφιών — μόνο σε πραγματικό χρόνο

Google LLC (AdMob): Προβολή διαφημίσεων

Apple Inc. / Google LLC: Επεξεργασία πληρωμών

ΔΕΝ πωλούμε τα προσωπικά σας δεδομένα σε τρίτους και ΔΕΝ τα μοιραζόμαστε με μεσίτες δεδομένων.

7. Διεθνείς Μεταφορές Δεδομένων

Τα δεδομένα σας μπορεί να μεταφερθούν εκτός ΕΟΧ. Εξασφαλίζουμε επαρκή προστασία μέσω Τυποποιημένων Συμβατικών Ρητρών (SCCs) και του Πλαισίου Προστασίας Δεδομένων ΕΕ-ΗΠΑ.

8. Διατήρηση Δεδομένων

Κατηγορία	Περίοδος Διατήρησης
Δεδομένα λογαριασμού	Μέχρι τη διαγραφή λογαριασμού
Αποτελέσματα ανάλυσης	Μέχρι τη διαγραφή τους
Φωτογραφίες φλιτζανιού	Δεν αποθηκεύονται μόνιμα
Δεδομένα χρήσης	24 μήνες
Αρχεία πληρωμών	10 έτη

9. Τα Δικαιώματά σας (GDPR)

Βάσει του Γενικού Κανονισμού Προστασίας Δεδομένων, έχετε δικαίωμα:

Πρόσβασης στα προσωπικά σας δεδομένα (Άρθρο 15)
Διόρθωσης ανακριβών δεδομένων (Άρθρο 16)
Διαγραφής — «δικαίωμα στη λήθη» (Άρθρο 17)
Περιορισμού της επεξεργασίας (Άρθρο 18)
Φορητότητας δεδομένων (Άρθρο 20)
Εναντίωσης στην επεξεργασία (Άρθρο 21)
Ανάκλησης συγκατάθεσης ανά πάσα στιγμή (Άρθρο 7(3))
Υποβολής καταγγελίας στην Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (ΑΠΔΠΧ) — dpa.gr

10. Άσκηση Δικαιωμάτων

Email: privacy@gravitilabs.com ή dpo@gravitilabs.com. Απαντάμε εντός 30 ημερών.

11. Απόρρητο Παιδιών

Το Kismet δεν απευθύνεται σε παιδιά κάτω των 16 ετών στον ΕΟΧ (Άρθρο 8 GDPR) και κάτω των 13 ετών στις ΗΠΑ (COPPA).

12. Ασφάλεια Δεδομένων

Εφαρμόζουμε κατάλληλα τεχνικά και οργανωτικά μέτρα: κρυπτογράφηση TLS 1.2+, κρυπτογράφηση σε αδράνεια, έλεγχοι πρόσβασης. Σε περίπτωση παραβίασης, ειδοποιούμε την εποπτική αρχή εντός 72 ωρών (Άρθρο 33 GDPR).

13. Αλλαγές στην Πολιτική

Μπορεί να ενημερώσουμε αυτή την Πολιτική Απορρήτου. Θα σας ειδοποιήσουμε για ουσιαστικές αλλαγές μέσω ειδοποίησης εντός εφαρμογής.

14. Επικοινωνία και Εποπτικές Αρχές

Εποπτικές Αρχές

Ελλάδα: Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (ΑΠΔΠΧ) — dpa.gr

Τουρκία: KVKK — kvkk.gov.tr

🔒 خصوصيتك تهمنا

يلتزم Kismet بحماية بياناتك الشخصية. نمتثل للائحة العامة لحماية البيانات (GDPR) في الاتحاد الأوروبي، وقانون حماية البيانات الشخصية (KVKK) في تركيا، وقانون خصوصية المستهلك في كاليفورنيا (CCPA)، والمعايير الدولية لحماية البيانات. Kismet هو أداة تحليل أنماط مدعومة بالذكاء الاصطناعي لأغراض الترفيه فقط.

سياسة الخصوصية

تاريخ السريان: أبريل ٢٠٢٦

آخر تحديث: ٢ أبريل ٢٠٢٦

١. مراقب البيانات

مراقب البيانات المسؤول عن بياناتك الشخصية هو:

TABA TASARIM İNŞAAT A.Ş.

تعمل تحت اسم Graviti Labs

Şehit Şakir Elkovan cad. No:3, Ataşehir, إسطنبول، تركيا

البريد الإلكتروني: kismet@gravitilabs.com

مسؤول حماية البيانات: dpo@gravitilabs.com

استفسارات الخصوصية: privacy@gravitilabs.com

٢. البيانات التي نجمعها

٢.١ بيانات الحساب

عند إنشاء حساب، نجمع: عنوان البريد الإلكتروني، واسم العرض (اختياري)، وصورة الملف الشخصي (اختياري).

٢.٢ بيانات التحليل

عند استخدام ميزة تحليل فنجان القهوة، نعالج: صور فنجان القهوة (تُنقل إلى خدمة الذكاء الاصطناعي لتحليل الأنماط، ولا تُخزن بشكل دائم على خوادمنا بعد اكتمال التحليل)، ونتائج التحليل، والمعلومات الشخصية الاختيارية (الاسم، تاريخ الميلاد).

٢.٣ بيانات الاستخدام

نجمع تلقائياً: تفاعلات التطبيق، ومدة الجلسة، وتفضيل اللغة، وبيانات سجل التحليلات.

٢.٤ بيانات الجهاز

نجمع: طراز الجهاز، وإصدار نظام التشغيل، وإصدار التطبيق، ومعرفات الجهاز الفريدة.

٢.٥ بيانات الدفع

نتلقى فقط معرفات المعاملات. لا نجمع أو نخزن أو نصل إلى أرقام بطاقات الائتمان أو تفاصيل الحسابات المصرفية.

٢.٦ بيانات الإعلانات

قد يجمع Google AdMob معرف الإعلان وبيانات التفاعل مع الإعلانات. يمكنك تقييد تتبع الإعلانات من إعدادات جهازك.

٣. كيف نستخدم بياناتك

تقديم الخدمة: توفير تحليل أنماط فنجان القهوة وإنتاج تفسيرات ترفيهية
إدارة الحساب: إنشاء وصيانة حسابك والتحقق من الوصول
تحسين الخدمة: تحسين خوارزميات الذكاء الاصطناعي وأداء التطبيق
الإعلانات: عرض الإعلانات عبر Google AdMob
الامتثال القانوني: الامتثال للقوانين واللوائح المعمول بها
منع الاحتيال: اكتشاف ومنع النشاط الاحتيالي

٤. الأساس القانوني للمعالجة

الغرض	الأساس القانوني
تقديم خدمة التحليل	تنفيذ العقد (GDPR المادة ٦(١)(ب))
معالجة الصور عبر الذكاء الاصطناعي	الموافقة الصريحة (GDPR المادة ٦(١)(أ))
التحليلات والتحسين	المصلحة المشروعة (GDPR المادة ٦(١)(و))
حفظ السجلات القانونية	الالتزام القانوني (GDPR المادة ٦(١)(ج))

٥. الذكاء الاصطناعي والمعالجة الآلية

إفصاح الشفافية: يستخدم Kismet الذكاء الاصطناعي (Google Gemini API) لتحليل الأنماط. تُعالج الصور في الوقت الفعلي ولا تُخزن بشكل دائم. النتائج هي محتوى ترفيهي حصراً ولا تشكل تنبؤات أو نصائح مهنية. لا يتم اتخاذ قرارات آلية تنتج آثاراً قانونية (المادة ٢٢ من GDPR).

٦. مشاركة البيانات مع أطراف ثالثة

مقدمو الخدمات

Google LLC (Firebase): المصادقة، قاعدة البيانات، تقارير الأعطال

Google LLC (Gemini AI): تحليل صور فنجان القهوة — معالجة في الوقت الفعلي فقط

Google LLC (AdMob): تقديم الإعلانات

Apple Inc. / Google LLC: معالجة المدفوعات

نحن لا نبيع بياناتك الشخصية لأي طرف ثالث ولا نشاركها مع وسطاء البيانات.

٧. نقل البيانات الدولي

قد تُنقل بياناتك إلى دول خارج بلد إقامتك. نضمن الحماية الكافية من خلال البنود التعاقدية القياسية (SCCs) وإطار حماية البيانات بين الاتحاد الأوروبي والولايات المتحدة.

٨. الاحتفاظ بالبيانات

فئة البيانات	فترة الاحتفاظ
بيانات الحساب	حتى حذف حسابك
نتائج التحليل	حتى حذفها أو حذف حسابك
صور فنجان القهوة	لا تُخزن بشكل دائم
بيانات الاستخدام	٢٤ شهراً
سجلات الدفع	١٠ سنوات

٩. حقوقك

٩.١ حقوق GDPR (مستخدمو الاتحاد الأوروبي/المنطقة الاقتصادية الأوروبية)

الوصول إلى بياناتك الشخصية (المادة ١٥)
تصحيح البيانات غير الدقيقة (المادة ١٦)
المحو — "الحق في النسيان" (المادة ١٧)
تقييد المعالجة (المادة ١٨)
نقل البيانات (المادة ٢٠)
الاعتراض على المعالجة (المادة ٢١)
سحب الموافقة في أي وقت (المادة ٧(٣))
تقديم شكوى إلى السلطة الإشرافية المحلية

٩.٢ حقوق PDPL (مستخدمو الإمارات/السعودية)

الحق في الوصول إلى بياناتك الشخصية
الحق في تصحيح البيانات غير الدقيقة أو غير المكتملة
الحق في طلب حذف بياناتك
الحق في تقييد معالجة بياناتك

١٠. كيفية ممارسة حقوقك

البريد الإلكتروني: privacy@gravitilabs.com أو dpo@gravitilabs.com. سنرد خلال ٣٠ يوماً.

١١. خصوصية الأطفال

Kismet غير موجه للأطفال. لا نجمع عن علم بيانات شخصية من الأطفال دون سن ١٣ عاماً (الولايات المتحدة - COPPA) ودون سن ١٦ عاماً في المنطقة الاقتصادية الأوروبية وتركيا.

١٢. أمن البيانات

ننفذ تدابير تقنية وتنظيمية مناسبة: تشفير TLS 1.2+ أثناء النقل، تشفير أثناء التخزين، ضوابط الوصول. في حالة خرق البيانات، نُخطر السلطة الإشرافية خلال ٧٢ ساعة (المادة ٣٣ من GDPR).

١٣. التغييرات على هذه السياسة

قد نقوم بتحديث سياسة الخصوصية هذه. سنُخطرك بالتغييرات الجوهرية من خلال إشعار داخل التطبيق.

١٤. الاتصال والسلطات الإشرافية

السلطات الإشرافية

تركيا: هيئة حماية البيانات الشخصية (KVKK) — kvkk.gov.tr

اليونان: هيئة حماية البيانات اليونانية (HDPA) — dpa.gr

الاتحاد الأوروبي: يمكنك الاتصال بالسلطة الإشرافية في دولة عضو في الاتحاد الأوروبي حيث تقيم