Privacy Policy

App-Specific Privacy Commitment

.optimize is a fully offline file optimization app. Photo, PDF, video, and document compression is performed using only your device's processor. None of your files are ever sent to any server. This means the privacy of your file contents is technically guaranteed.

Digital Hygiene Score and storage analysis data are also kept only on your device and are not shared with anyone, including the Developer.

1. Introduction and Data Controller

.optimize ("App") is developed and provided by Ali Kemal Akpinar ("Developer", "we", "us"). This Privacy Policy explains how your personal data is collected, processed, stored, and protected in accordance with all applicable data protection legislation, including the Turkish Personal Data Protection Law No. 6698 ("KVKK"), the European Union General Data Protection Regulation ("GDPR"), and the California Consumer Privacy Act ("CCPA").

Data Controller: Ali Kemal Akpinar
Contact: privacy@alikemalakpinar.com
Website: alikemalakpinar.com

2. Data Collected and Legal Basis

2.1 Automatically Collected Data

When you use the App, the following data may be collected automatically:

• Device identifiers (device model, operating system version, unique device identifiers)
• App usage statistics and performance metrics
• Crash reports, error logs, and diagnostic data
• IP address (anonymized and processed in aggregate)
• App version and installation source
• General location information (country-level only, not precise location)

Legal basis (KVKK Art.5/2-f, GDPR Art.6/1-f): Legitimate interest — ensuring app security, performance, and quality.

2.2 Data You Provide

• During account creation (where optional): email address
• Profile information (name, preferences you optionally provide)
• In-app settings and personal preferences
• Support requests and communication content

Legal basis (KVKK Art.5/1, GDPR Art.6/1-a): Your explicit consent.

2.3 Special Categories of Personal Data

.optimize does not collect or process special categories of personal data under KVKK Art.6 and GDPR Art.9, such as health data, biometric data, religious beliefs, race, or ethnic origin.

3. Purposes of Data Processing

• Providing and maintaining App services
• Personalizing your App experience
• Performance improvement and bug fixing
• Providing technical support
• Usage analytics and trend analysis (with anonymized data)
• Fulfilling legal obligations
• Fraud prevention and security

4. Third-Party Service Providers

We may use the following trusted third-party service providers:

• Apple App Store: App distribution and in-app purchase processing
• RevenueCat: Subscription management and purchase validation (with anonymized user ID)
• Sentry (optional): Crash reporting — enabled only with user consent, contains no file data

.optimize does not use Google Firebase, Meta (Facebook) SDK, ad networks, or marketing tools. Third-party SDK integrations can never access the files on your device.

Each third-party service provider is subject to its own privacy policy. We share only the minimum data necessary for service delivery and execute Data Processing Agreements compliant with KVKK and GDPR requirements.

5. Data Sharing and Transfer

We do not sell, rent, or commercially share your personal data with third parties.

We may share your data only in the following situations:

• With your explicit consent
• When required by law or court order (only to the extent required by law)
• With the service providers listed above (under data processing agreements)
• In situations involving imminent threat to life or public safety, and only to the extent required
• In the event of a potential merger, acquisition, or asset sale — we will notify you in advance

5.1 International Data Transfer

Our service providers may process data on servers outside the European Economic Area ("EEA") or Turkey. In such cases, we ensure appropriate safeguards are in place (Standard Contractual Clauses, EU-US Data Privacy Framework, etc.) as required by KVKK Art.9 and GDPR Art.46.

6. Data Retention

• Account data: Until you delete your account, then permanently deleted within 30 days
• Analytics data: Maximum 26 months after collection (anonymized)
• Support requests: 2 years after resolution
• Data required by legal obligation: For the period prescribed by applicable legislation
• Deletion requests: Processed within 30 days of your request

7. Your Rights

7.1 Rights Under KVKK (Art.11)

• Right to learn whether your personal data is being processed
• Right to request information if data has been processed
• Right to learn the purpose of processing and whether data is used in accordance with its purpose
• Right to know the third parties to whom data is transferred domestically or abroad
• Right to request correction if data is incomplete or inaccurate
• Right to request deletion or destruction under the conditions set forth in KVKK Art.7
• Right to object to a result arising against you through analysis of processed data exclusively by automated systems
• Right to claim compensation for damages arising from unlawful processing of data

7.2 Rights Under GDPR

• Right of access (Art.15): You may request a copy of your processed data
• Right to rectification (Art.16): You may request correction of inaccurate data
• Right to erasure / Right to be forgotten (Art.17): You may request deletion of your data under certain conditions
• Right to restriction of processing (Art.18): You may request restriction of data processing in certain situations
• Right to data portability (Art.20): You may request your data in machine-readable format
• Right to object (Art.21): You may object to processing based on legitimate interests or direct marketing
• Right not to be subject to automated decision-making (Art.22): You may reject decisions based solely on automated processing

7.3 Rights Under CCPA (California Residents)

• Right to know what personal information is collected
• Right to request deletion of personal information
• Right to opt-out of the sale or sharing of personal information (we do not sell data)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

To exercise your rights, please email privacy@alikemalakpinar.com. We will respond in writing within 30 days. Identity verification may be required.

8. Cookies and Tracking Technologies

Our mobile app does not use traditional web cookies. Device identifiers may be used through SDKs for analytics and performance monitoring. You can control this tracking through:

• iOS: Settings → Privacy & Security → Tracking
• Android: Settings → Privacy → Ads
• The in-app privacy settings page

9. Children's Privacy

.optimize does not knowingly collect personal data from children under 16 (under KVKK and GDPR) or under 13 (under COPPA). If we discover that a user in this age group has provided data, we will immediately delete the relevant data and close the account. If you believe your child has provided us with personal data, please contact us immediately at privacy@alikemalakpinar.com.

10. Data Security

We implement industry-standard security measures to protect your data:

• TLS 1.3 encryption during transmission
• AES-256 encryption server-side (where cloud storage is used)
• Access control and principle of least privilege
• Regular security assessments and vulnerability scanning
• Data Processing Agreements (DPAs) signed with all third-party providers

However, no method of data transmission or storage over the internet can be guaranteed to be 100% secure. In the event of a data breach, we will notify affected users and relevant authorities within the timeframe required by KVKK and GDPR (72 hours).

11. Policy Changes

We may update this policy from time to time. Depending on the type of change:

• Material changes: We will notify you via in-app notification and/or email at least 30 days in advance
• Minor updates: The updated policy will be published on this page

The updated policy takes effect immediately upon publication. Your continued use of the App constitutes acceptance of the updated policy.

12. Contact and Complaints

Data Controller: Ali Kemal Akpinar
Email: privacy@alikemalakpinar.com
Website: alikemalakpinar.com

Under KVKK, you have the right to apply to the Personal Data Protection Authority (kvkk.gov.tr). Under GDPR, you may lodge a complaint with the Data Protection Authority of the relevant EU member state.

Effective date: March 30, 2026