Privacy Policy

1.1 Data Controller

The data controller for this application is UpWatch Developer. Contact: support@upwatch.app

1.2 Global Applicability

This Privacy Policy applies to all users worldwide, regardless of location. We primarily aim to comply with Turkey's Personal Data Protection Law (KVKK). We also strive to comply with other data protection laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). If local laws require different practices, we will comply to the minimum extent necessary. We do NOT guarantee compliance with all local laws in all jurisdictions.

1.3 Purpose and Disclaimer

This policy explains how we collect, use, and protect your personal data. IMPORTANT: This application is a personal status sharing tool, NOT an emergency service. In ANY emergency or life-threatening situation, ALWAYS contact your local emergency services first. We may change this policy at any time as described in Section 13.

1.4 Our Current Practices and Future Changes

Currently, we handle your data as described in this policy. However, we reserve the right to change our data practices at any time, including but not limited to: selling, renting, or licensing your data to third parties; sharing data with advertisers and marketing partners; using data for advertising and marketing purposes; monetizing data in any lawful manner. If we make material changes to data practices, we will update this policy and notify you. If you disagree with changes, you may delete your account. Continued use after changes constitutes acceptance. We make NO guarantees about future data practices. We will be transparent about data practices in effect at any given time. We implement reasonable security measures but cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and deciding whether to continue using the service.

Profile Data

Name, surname, email, phone number, username, profile photo

Location Data

GPS coordinates, accuracy, timestamp (only when sharing)

Contacts Data

Names and contact information of your connections

Usage Data

Alarm history, notification history, status update records

Device Data

Device ID, OS version, app version, push notification tokens

Authentication Data

Password hash, biometric authentication settings

Service Provision

Alarm management, notifications, status sharing

Application Features

Status notifications, location sharing, network connections

Communication

Service updates, security alerts, support responses

Improvement

Analytics, bug fixes, feature development

Legal Compliance

Responding to legal requests, preventing fraud

Consent

Location sharing, contacts access

Contract Performance

Account management, service delivery

Legitimate Interest

Security, fraud prevention, service improvement

Legal Obligation

Compliance with Turkish and international laws

5.1 Current Data Sharing

We currently share data with: Cloud hosting providers (e.g., AWS, Google Cloud, Azure), Push notification services (FCM, APNs), Analytics services (if any), Other service providers necessary for app functionality

5.2 Current and Future Data Usage

Current Status: We currently do NOT sell your personal data to third parties. Future Rights: As our business model and market conditions change, we reserve the right to use and monetize data in lawful ways. This may include: Sharing anonymous or aggregate data, Using data for analytics and research purposes, Marketing partnerships, Working with advertising networks, Partnering with data analytics companies, Using and sharing data for any lawful purpose. Policy Updates: When we change our data usage practices, we will update this policy. We will attempt to provide reasonable notice of updates but cannot guarantee this. It is your responsibility to check the policy regularly. Your Options: If you do not accept changes, you may delete your account. Continued use of the service means you accept the current policy.

5.3 Legal and Business Transfers

We may disclose data to comply with: Law enforcement requests, Court orders, Legal processes, Government regulations. In case of merger, acquisition, bankruptcy, or sale of assets, your data may be transferred to the acquiring entity. We have no control over how third parties use your data after transfer.

Your Acceptance

By using the service, you consent to international data transfers

No Control

We do NOT control the exact physical location of data at all times

No Guarantee

We CANNOT guarantee data will remain in a specific geographic location

Safeguards

Encryption, access controls, contractual protections

Server Locations

Your data may be stored and processed in various locations including but not limited to: European Union (EU) countries, United States of America, Other countries where our cloud service providers operate

Third-Party Providers

We use reputable cloud service providers (e.g., AWS, Google Cloud, Azure) who comply with international data protection standards

Transfer Mechanisms

We use appropriate safeguards such as: Standard Contractual Clauses (SCCs) approved by the European Commission, Adequacy decisions where applicable, Other legally recognized transfer mechanisms

7.1 Our Data Protection Measures

7.2 Technical Limitations and Disclaimers

7.3 Data Breach Notification

We will notify relevant authorities within 72 hours as required by law. We will notify affected users promptly. We will make reasonable efforts to mitigate breach impacts. However, we are NOT liable for damages resulting from data breaches beyond our reasonable control.

Active Accounts

Data retained while account is active

Deleted Accounts

30-day grace period, then permanent deletion

Legal Requirements

Certain data retained for legal compliance (e.g., 6 years for financial records)

Backups

Backup deletion within 90 days

9.1 Your Data Protection Rights

Under KVKK Article 11 and GDPR, you have the following rights. These rights are not absolute and are subject to legal exceptions:

9.2 Response Time and Limitations

We will respond to requests within 30 days. We may request identity verification before processing requests. We may reject requests that are: Clearly unfounded or excessive, Prohibited by law, Would adversely affect others' rights, Technically impossible to fulfill. Some data must be retained for legal compliance. Backup data may take up to 90 days to delete. We cannot guarantee complete data removal from all systems. We are not responsible for data held by third parties after sharing.

Age Requirement

18+ or parental consent required

No Intentional Collection

No knowingly collecting data from children under 13

Parental Rights

Parents can request deletion of child's data

No Cookies

Mobile app doesn't use cookies

Analytics

Minimal analytics for crash reporting and performance

Opt-Out

How to disable analytics

Categories of Data

List all categories

Business Purposes

Detailed purposes

Current Status: No Sale (Subject to Change)

We currently do NOT sell your personal data to third parties. However, if our business model changes, we reserve the right to monetize data in lawful ways. We will update the policy but do not guarantee advance notice. It is your responsibility to check the policy regularly

Rights

Access, deletion, opt-out rights

Non-Discrimination

No discrimination for exercising rights

Right to Modify

We reserve the right to modify this Privacy Policy at any time

Notification Methods

Email notification for material changes, In-app notification, Updated 'Last Modified' date at the top of this policy

Material Changes

For significant changes (e.g., new data collection, new third parties, advertising), we will provide 30-day advance notice

Effective Date

Changes become effective immediately upon posting, unless otherwise stated

Review Responsibility

You are responsible for reviewing this policy periodically

Your Options

If you disagree with changes, you may delete your account before changes take effect. Continued use after changes constitutes acceptance

No Liability

We are NOT liable if you fail to review updated policies

Data Controller Contact

support@upwatch.app

Response Time

30 days maximum

Supervisory Authority

Kişisel Verileri Koruma Kurumu (KVKK) for Turkish users

EU Users

Right to lodge complaint with local DPA

Note

Contact information will be updated if developer status changes to company