1. Who we are
This site (theglycode.com) and the apps listed above are owned and operated by Ahmet Vural, a sole developer based in Türkiye. You can reach us at avural79@hotmail.com.
For users in the European Union / European Economic Area, we are the data controller under GDPR. For users in California, we are the business under CCPA / CPRA. For users in Türkiye, we are the Veri Sorumlusu under KVKK (Law No. 6698).
2. Our privacy principles
- Local-first. Your stories, biographies, choices and notes live on your device. We do not run a backend that stores them.
- No advertising trackers. Our apps contain no ad SDKs (no AppLovin, IronSource, Google Ads, Meta SDK, etc.). We do not perform cross-app tracking.
- Pseudonymous AI requests. Content sent to AI providers is not tied to your name, email, Apple ID or any persistent personal identifier on our side.
- No sale of personal data. We do not sell, rent or trade personal information.
- Minimum data. We collect only what is necessary to run the app, process purchases and keep things stable.
3. Information we collect
3.1 Information you provide directly
- Biography input (Elsewhere). During onboarding you may provide a short biography (name, age, occupation, a few life priorities and optional notes). Stored on your device in a local database; sent to our AI provider in pseudonymous form when you generate events.
- App content. Events, choices, drawings, photos or notes you create in any of our apps. Stored locally; sent to AI providers only as conversation context when generating output.
- Support correspondence. If you email us, we keep your email and message until the issue is resolved, then for up to 24 months for audit.
3.2 Information collected automatically
- Crash and diagnostic data. We use Sentry for anonymised crash reports, performance metrics and breadcrumbs. These are linked to a random installation identifier, not to you personally.
- Purchase identifiers. We use RevenueCat for in-app purchases. RevenueCat assigns each installation a pseudonymous App User ID (random UUID).
- Approximate locale. The device locale (e.g.
tr-TR) is read to pick UI language. We do not collect precise location. - Device metadata. Device model, OS version, app version — attached to crash reports for debugging.
- Website analytics. theglycode.com runs without third-party analytics SDKs. Static hosting (Netlify) keeps standard access logs for security and abuse prevention.
3.3 Information we do NOT collect
- Precise location / GPS
- Contacts, calendar, microphone, health data
- Camera and photos beyond what you actively pick within the app session
- Browsing history outside the app
- Financial information (card numbers go through Apple / Google / Stripe — never through us)
- Advertising identifiers (IDFA / GAID)
4. How we use information
| Purpose | Legal basis (GDPR) | Data used |
|---|---|---|
| Run the core app on your device | Performance of contract (Art. 6(1)(b)) | Biography, choices, local DB |
| Generate AI content (events, art, summaries) | Performance of contract | Pseudonymous prompts |
| Process in-app purchases | Performance of contract | Apple/Google tokens, RC App User ID |
| Diagnose crashes | Legitimate interest (Art. 6(1)(f)) | Crash logs, device metadata |
| Respond to support | Legitimate interest | Email content |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | Transaction records (tax) |
We do not use your data for targeted advertising, profile sale, training third-party AI models on your content, or automated decision-making with legal effect.
5. Third-party services
The following processors handle data on our behalf:
| Service | Purpose | Data shared | Region |
|---|---|---|---|
| Google (Gemini API) | AI text generation | Pseudonymous prompts | USA |
| Replicate | AI image generation | Pseudonymous prompts | USA |
| RevenueCat, Inc. | IAP management | Pseudonymous App User ID | USA |
| Sentry | Crash reporting | Anonymous crash logs | USA / EU |
| Apple Inc. | Payment, delivery | Transaction data | USA |
| Netlify | Website hosting | Standard server logs | USA |
We do not share your data with advertisers, data brokers or social networks.
5.1 AI provider specifics (Elsewhere)
When you generate an event or interact with the AI Narrator in Elsewhere, a prompt is sent to Google's Gemini API. The prompt contains your biography (without name or email), up to the last 20 choices in your current universe, and a system prompt defining the app's tone.
Google states that data sent to the paid Gemini API is not used to train their models. See: ai.google.dev/gemini-api/terms. We do not store the prompt or response on our servers — the response is returned to your device and saved locally.
6. International data transfers
Our processors are primarily located in the United States. When data is transferred from the EU/EEA, UK or Türkiye to the US, transfer is covered by Standard Contractual Clauses, the EU–US Data Privacy Framework, and/or your explicit consent at the moment of use.
7. How long we keep data
| Data | Retention |
|---|---|
| App content on your device | Until you delete the app or hit "Delete All Data" in Settings |
| Crash logs (Sentry) | 90 days, then aggregated and anonymised |
| Purchase records (RevenueCat) | Lifetime of account, then 24 months after last activity |
| Support emails | 24 months after the issue is closed |
| Tax / accounting records | 10 years (Turkish Tax Procedure Law) |
8. Your rights
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete data we hold
- Restriction — ask us to stop processing while a dispute is resolved
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — at any time, without affecting prior lawful processing
- Complaint to a supervisory authority — your national DPA in the EU; KVKK Kurulu (kvkk.gov.tr) in Türkiye; ICO in the UK
8.1 How to exercise these rights
- In-app: Settings → Privacy → Delete All Data wipes your local database immediately.
- Email: avural79@hotmail.com — we respond within 30 days.
- Purchases: Subscription cancellation and refund requests must go through Apple (App Store) or Google (Play Store) — we cannot process refunds on their behalf.
9. Children's privacy
Elsewhere and our other apps are rated 12+ on the App Store. They are not directed at children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, email avural79@hotmail.com and we will delete it.
For users between 13 and the age of digital consent in their country (16 in some EU states), parental consent is required by law. By using the apps, you represent that you meet the applicable age threshold or have parental consent.
10. Security
- HTTPS (TLS 1.2+) for all network calls
- Local encryption-at-rest via iOS Data Protection
- No plaintext API keys shipped in the binary
- Processors that publish current SOC 2 / ISO 27001 certifications
No system is perfectly secure. If you discover a vulnerability, please email avural79@hotmail.com — responsible disclosure is appreciated.
11. App Store Privacy Nutrition Labels (Elsewhere)
- Data Used to Track You: None.
- Data Linked to You: Purchases (Purchase History), User ID (pseudonymous RC App User ID).
- Data Not Linked to You: Diagnostics (Crash Data, Performance), Usage Data, User Content (biography sent to AI).
12. Jurisdiction-specific notices
12.1 California (CCPA / CPRA)
You have the right to know, delete, correct and opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as defined by the CCPA. To exercise your rights, email avural79@hotmail.com. We will not discriminate against you for doing so.
12.2 Türkiye (KVKK)
Bu uygulama, 6698 sayılı Kişisel Verilerin Korunması Kanunu kapsamında "Veri Sorumlusu" sıfatıyla Ahmet Vural tarafından yürütülmektedir. KVKK madde 11'deki haklarınızı kullanmak için avural79@hotmail.com adresine yazabilirsiniz.
Verilerinizin bir kısmı (anonim çökme kayıtları, abonelik token'ları, AI istemleri) ABD'de bulunan Google, RevenueCat, Sentry ve Netlify sunucularına aktarılır. Aktarım, Standart Sözleşme Maddeleri veya açık rıza dayanağıyla yapılır.
Tatmin olmadıysanız: Kişisel Verileri Koruma Kurulu — kvkk.gov.tr
12.3 Brazil (LGPD)
You have rights equivalent to those above under Lei Geral de Proteção de Dados. Our DPO contact is avural79@hotmail.com.
13. Changes to this policy
We may update this Privacy Policy when a new feature changes what data is collected, a processor changes, or the law changes. The "Last updated" date at the top reflects the most recent change. Material changes will be announced via an in-app notice the first time you open the app after the update.
14. Contact
Email: avural79@hotmail.com
Website: theglycode.com
Response time: within 30 days of receipt, usually faster.