Last updated: July 7, 2026
This Privacy Policy explains how your personal data is handled when you use the Boon AI mobile application (the "App"). Boon AI is a habit and routine tracker with an AI-powered coach. This policy is written to meet our transparency obligations under the EU General Data Protection Regulation ("GDPR") and the Turkish Personal Data Protection Law ("KVKK").
The data controller is Dode Yazılım.
Contact: [email protected]
We rely on the following infrastructure providers to deliver the service:
Your account information and user content (routines, check-ins, journal, mood) are stored on Supabase infrastructure. The servers are located in Australia (ap-southeast-2), which means your data is transferred internationally (see Section 6). Data is protected with TLS in transit and encryption at rest.
AI coach responses are generated using the OpenAI API. Your messages are relayed through a secure server-side proxy (Supabase Edge Function) — the API key is never present on your device. Under OpenAI's API defaults, content submitted via the API is not used to train their models.
Used to validate and track your premium subscription. RevenueCat only receives your internal user ID and store purchase information — never your payment card details.
Used to detect app crashes and technical errors. No personal content (email, journal entries, etc.) is sent; only technical diagnostics and an internal user ID are processed.
We collect anonymous usage statistics to understand how the App's features are used. Data is processed on PostHog's servers in the European Union. It is never used for advertising purposes.
We process your personal data on the basis of performance of a contract (delivering the service), legitimate interests (crash reporting, security, product improvement), and, where required, your consent — in particular for international data transfers under KVKK Article 9 — in accordance with GDPR Article 6 and KVKK Article 5.
The service providers listed above operate servers outside your country (Supabase: Australia; OpenAI, RevenueCat, Sentry: United States; PostHog: European Union). Transfers are carried out under data processing agreements with these providers and appropriate safeguards such as Standard Contractual Clauses (SCCs) under the GDPR, and in accordance with KVKK Article 9.
Under GDPR Articles 15–22 and KVKK Article 11, you have the right to access, rectify, and erase your data, to object to or restrict processing, and to data portability.
You also have the right to lodge a complaint with your local supervisory authority (or, in Türkiye, with the Personal Data Protection Board).
Boon AI is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If we become aware that we have processed data belonging to a child under 13, we will delete it promptly.
Your data is encrypted with TLS in transit, and protected with encryption at rest and access controls. While no system is 100% secure, we apply industry-standard technical and organizational measures to protect your data.
We may update this policy from time to time. The current version is always published on this page, and the "Last updated" date is revised accordingly.
For any privacy-related question or request:
Dode Yazılım — [email protected]