1. Data Controller
Data Controller: Berid Tracker
Contact: iletisim@beridtracker.app
App: Berid Tracker
Website: beridtracker.app
Full legal name, registered address, and other identification details of the Data Controller are provided within 30 days upon a formal request submitted under KVKK Article 11 or GDPR Article 15.
2. Data We Collect
2.1 Account Information
- Name, email address, profile photo (optional)
- User ID (UUID), creation date
- Identity data from Apple Sign-In or Google Sign-In
2.2 Location Data
- GPS coordinates (only during active rides)
- Speed, direction, altitude information
- Ride start/end times
- Last known location during SOS triggers (sent to emergency contacts)
2.3 Horse and Health Data
- Horse profiles (name, breed, age, gender, photos)
- Vaccination and veterinary records, medication info
- Weight and care schedule
- Heart rate from Apple Watch (only during rides, with permission)
2.4 Content Data
- Your social posts (text, photos, ride summaries)
- Your marketplace listings and messages
- Comments, likes, follow relationships
2.5 Device and Usage Data
- Device model, OS version, app version
- Crash reports (via Sentry — anonymous)
- Push notification tokens (APNS / FCM)
2.6 Emergency Data
- Emergency contact info (name, phone)
- SOS trigger time, location, sent SMS content
3. Purposes of Processing
| Purpose | Data Type | Legal Basis |
|---|---|---|
| Ride tracking | Location, sensor | Performance of contract |
| Account management | Identity, contact | Performance of contract |
| Push notifications | Device token | Consent |
| SOS / Emergency | Location, contacts | Vital interest |
| Debugging | Crash report | Legitimate interest |
| Social interaction | Content, identity | Consent |
4. Third-Party Service Providers
The following providers' privacy policies apply to processed data:
- Self-hosted Supabase — Database and authentication (Turkey datacenter)
- Apple (Sign in with Apple, APNS, App Store) — apple.com/legal/privacy
- Google (Sign-in, Maps) — policies.google.com/privacy
- Mapbox / MapTiler — Map services
- NetGSM — SOS SMS delivery (Turkish telco)
- OpenWeatherMap — Weather data
- Sentry — Crash and error tracking (anonymous)
- Cloudflare — CDN and DDoS protection
5. Data Retention
- Active accounts: All data retained
- After account deletion: Fully deleted within 30 days
- Legal obligation: Financial records retained for 10 years
- Anonymous crash reports: 90 days
6. Data Security
- All traffic encrypted with HTTPS/TLS 1.2+
- Sensitive local data encrypted with MMKV + AES-256
- Passwords hashed with bcrypt
- Supabase Row Level Security (RLS) prevents unauthorized data access
- Regular security audits and penetration testing
7. GDPR Rights
If you are an EU resident, under GDPR Articles 15-22 you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Not be subject to automated decision-making
To exercise these rights, contact iletisim@beridtracker.app. We respond within 30 days.
8. KVKK Compliance (Turkish Users)
Turkish users have additional rights under Law No. 6698 (KVKK), Article 11. See our Turkish version for full details.
9. Children's Privacy
Berid Tracker is not intended for children under 13. We do not knowingly collect data from users under 13. Contact us if you believe a child's data has been collected.
10. Policy Changes
This policy may be updated. We notify users of significant changes via registered email 30 days in advance. The last update date is shown above.
11. Contact
Questions about this policy:
Email: iletisim@beridtracker.app