Styvora
SPACE AI LABS

Türkçe

Privacy Policy

Last updated: June 1, 2026 Effective version: v1.0

This policy explains the personal data we collect, store, and process when you use Styvora (the "App"). It is compliant with the Turkish Personal Data Protection Law (KVKK) and the EU General Data Protection Regulation (GDPR).

1. Data we collect

1.1 Account data

• Email address (required — for sign-in and OTP verification)
• Password (irreversibly hashed with bcrypt)
• Name (optional — for your profile)
• Preferred language (default: device locale)

1.2 Style profile data

• Style quiz answers (10–12 multiple-choice questions)
• Body measurements (height, weight, wardrobe size — optional)
• Computed Style DNA scores (simplicity, era, practicality axes)

1.3 Wardrobe data

• Clothing photos you upload
• Tags extracted from AI vision analysis (category, color, brand)
• Favorite and wear markers

1.4 Usage data

• Crash reports (Sentry — contains no personal data)
• Anonymous performance metrics (Grafana — no user ID)
• Device type + OS (User-Agent header)

1.5 Data we do not collect automatically

Styvora does not collect:

• Your location
• Contacts / address book
• Advertising identifier (IDFA / GAID)
• Your browsing history
• Data from other apps

2. Where we store data

• Primary database: PostgreSQL, AWS EC2 Frankfurt (eu-central-1) region
• Photos: AWS S3, eu-central-1 region (optimal for Turkish + EU residents)
• Backups: AWS S3 cross-region snapshot (disaster recovery only)
• Cache: Redis on EC2 (short-lived session data)

Data never leaves EU borders.

3. Third-party sharing

Styvora does not share your personal data with anyone for advertising, sale, or marketing.

Our limited service providers (all KVKK / GDPR compliant):

• OpenAI / Anthropic — vision analysis and LLM inference (photos sent temporarily; OpenAI deletes within 30 days, Anthropic does not retain per-request)
• AWS — server infrastructure provider
• AWS SES — OTP and notification emails
• Sentry — crash reporting (no personal data; stack traces only)
• RevenueCat — premium subscription management (transaction ID only)

4. Your rights (KVKK Article 11)

At any time you can:

• Learn which of your data we store (data export)
• Request correction of incorrect data (rectification)
• Request deletion of data (right to be forgotten)
• Object to data processing

All requests can be made via support@spaceailabs.ai. A response is guaranteed within 30 days.

5. Retention period

• Active account: As long as the account is active
• Dormant account (no sign-in for 12 months): Automatic anonymization + optional deletion notice
• After deletion request: Full deletion within 30 days (some logs such as IP addresses may be kept for 6 more months under legal obligation)
• Backups: 90-day rotation, then automatic deletion

6. Children's privacy

Styvora does not provide services to users under the age of 13. If we discover we have accidentally collected data from a child, we delete it immediately.

7. Cookies / tracking

The mobile app does not use browser cookies. Only local SharedPreferences (stays on device — never sent to the server):

• Onboarding completion flag
• Quiz answers (for editing answers)
• Language preference
• Premium subscription status (RevenueCat cache)

8. Security

• All connections encrypted over TLS 1.2+
• Passwords hashed with bcrypt cost=12
• JWT tokens short-lived (access 15 min, refresh 30 days)
• Server access via IAM-roled SSH only
• Daily encrypted backups via pgBackRest

9. Breach notification

Under KVKK Article 12, in the event of a security breach we notify the KVKK Authority and affected users within 72 hours.

10. Contact

For privacy questions and KVKK requests:

Email: support@spaceailabs.ai Data Controller: SPACE AI LABS YAZILIM HİZMETLERİ LİMİTED ŞİRKETİ ("SPACE AI LABS"; app brand "Styvora")

---

*This document is prepared to cover the minimum content required for Apple App Store and Google Play Store review processes.*