Privacy Policy

This Privacy Policy governs processing of personal data by Caymaz TechHealth in connection with our public website, marketing pages, business communications, and the mobile or web software products we publish or operate as identified on our site or in app stores. By accessing the website, sending us a message, or using our services where this Policy is referenced, you acknowledge that you have read this notice. If you disagree with essential processing required to provide a service, you should stop using that service. Product-specific privacy supplements may add detail for particular apps or regions.

If you download our apps from the Apple App Store or Google Play, the Apple Licensed Application End User License Agreement (EULA) (https://www.apple.com/legal/internet-services/itunes/dev/stdeula/) and the Google Play Terms of Service (https://play.google.com/intl/en_us/about/play-terms/) apply to your use of the respective platform and store services, in addition to this Policy and our Terms of Service.

The data controller is Caymaz TechHealth, with principal operations in Istanbul, Turkey. For all privacy requests, including access, correction, deletion, objection, or portability where applicable, contact: the contact form on our homepage (caymaztech.com/#contact). Please include your name, a description of your request, and the service or app involved. We verify requests to prevent unauthorized disclosure. We will respond within timelines required by applicable law (including, where relevant, the Turkish Personal Data Protection Law No. 6698 “KVKK” and, for individuals in the European Economic Area, the GDPR).

Depending on how you interact with us, we may process: identity and contact data (name, organization, email address, phone if provided); account or support identifiers; technical data such as IP address, device type, operating system, browser, language, approximate location derived from IP, and diagnostic logs; usage data such as pages viewed, timestamps, referring URL, and click patterns; communication content you voluntarily include in forms or email; and, for mobile apps, categories shown in platform privacy nutrition labels (e.g., identifiers, usage data, diagnostics) as updated from time to time. We do not intentionally collect special categories of data (e.g., health data) through the marketing website unless you voluntarily submit it in a message.

We process data to: operate, maintain, and secure our website and services; respond to inquiries and provide customer support; analyze aggregate usage to improve reliability and UX; detect, prevent, and investigate abuse, fraud, or security incidents; comply with legal obligations and enforce our Terms; manage corporate transactions where permitted; and send essential transactional notices. Where GDPR applies, we rely on legitimate interests (security, service improvement, corporate operations), performance of a contract, consent where required (for example non-essential cookies or marketing where opted-in), or legal obligation as appropriate. Where we rely on consent, you may withdraw it without affecting prior lawful processing.

We use cookies and similar technologies that are strictly necessary for core site functions (e.g., security, load balancing, language preferences where implemented). Where we deploy optional analytics or performance cookies, we will obtain consent where required by law. You can control cookies through your browser settings; disabling certain cookies may limit features. Our site may integrate third-party embeds (e.g., maps or video); those providers have their own policies.

We do not sell your personal data. We share data with infrastructure and hosting providers, email and communications vendors, analytics or error-monitoring tools (configured to minimize personal data), payment processors where purchases exist, professional advisers (lawyers, accountants), and authorities when required by law or to protect rights, safety, and integrity of users. Depending on the product, we may use subprocessors such as Sentry (error monitoring) or Firebase (Google; analytics, crash reporting, or cloud services), or similar tools, only as needed and configured to minimize personal data; the exact tools in use may vary by app version—check the product page or in-app information for updates. Subprocessors process data only on documented instructions and under confidentiality and security obligations. A current list of key categories may be provided on request where contractually required.

Your data may be processed in Turkey, the European Economic Area, the United Kingdom, the United States, or other countries where our providers maintain facilities. If we transfer personal data from the EEA/UK/Switzerland to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, plus supplementary measures where required by case law. You may request a summary of safeguards by contacting us.

We retain personal data only as long as necessary for the purposes described, unless a longer period is required by law, dispute resolution, or legitimate business needs (e.g., backups with technical deletion cycles). User inputs related to AI or simulation features may be retained for up to seven (7) days as described under “Mobile applications & product-specific notices” below, unless a product-specific notice states otherwise. Marketing inquiries are typically retained for the duration of the business relationship plus a limited grace period. Logs may be kept for shorter security windows. App-specific retention follows technical necessity and platform requirements. After retention periods expire, we delete or anonymize data where feasible.

Subject to applicable law, you may have the right to access, rectify, erase, restrict processing, data portability, object to processing based on legitimate interests, and withdraw consent. You may lodge a complaint with a supervisory authority in your country of residence. Turkish residents may apply to the Personal Data Protection Authority (KVKK). We do not use fully automated decision-making that produces legal or similarly significant effects on individuals without appropriate safeguards and notice where required.

We implement technical and organizational measures including TLS for data in transit, access controls, authentication, least-privilege policies, logging, vulnerability management, and staff training. No online service can guarantee absolute security; you should protect your credentials and devices. If we become aware of a breach likely to affect your rights, we will notify regulators and affected users as required by law.

Our general audience services are not directed to children under 16 (or a higher age where local law requires). We do not knowingly collect personal data from children for marketing. If you believe a child has provided data, contact us and we will take appropriate steps to delete it, subject to legal exceptions.

We may update this Policy to reflect legal, technical, or business changes. Material updates will be indicated by revising the “Last updated” date and, where appropriate, additional notice on the website or in-app. External links are not controlled by us; review their privacy notices before submitting data. Where translations are provided for convenience, the English version governs interpretation in case of conflict, except where mandatory local law requires the local language to prevail.

This Privacy Policy applies to our website and to the mobile or web applications we publish and operate as identified on this site and in app stores.

Some products may be health-adjacent (for example, simulation, education, and visualization tools). Where a product includes AI-assisted or simulation features, we may process information you provide (such as images or other user inputs) solely to operate those features and generate simulated or informational outputs. After the output is generated, those inputs may be retained for up to seven (7) days to support troubleshooting, abuse prevention, and service improvement; they are then deleted or anonymized unless a longer period is required by law or a product-specific notice states otherwise. We do not use your inputs to train generalized machine-learning models for other users or customers unless we tell you otherwise in writing or in-app.

If a product provides a specific privacy supplement (for example in its app or at a product page), that supplement may add product-specific details on data types, processing, retention, and user choices.

In general, we:

• Process personal data to operate and secure the website and our software services; provide support and respond to requests.

• Share data with subprocessors and infrastructure providers that assist us (for example hosting, email and communications, analytics/error monitoring such as Sentry or Firebase where enabled, and payment processors where purchases exist).

• Retain data only as long as necessary for the purposes described (including up to seven (7) days for certain AI-related inputs where applicable), unless a longer period is required by law, dispute resolution, or legitimate business needs.

• Respect privacy rights under applicable law, and provide access/contact options in this Policy.