Last Updated: February 1, 2026 | Version: 1.0 | Effective: March 1, 2026
Data Controller
Pursuant to Turkish Personal Data Protection Law No. 6698 ("KVKK"), the data controller is:
| Information | Details |
|---|---|
| Company Name | [Company Name] Software Technology Inc. |
| Address | [Address], Istanbul, Turkey |
| privacy@pediatrikgelisim.com | |
| VERBIS Registration | [XXXXXXXXXX] |
Personal Data Collected
Parent/Guardian Data
| Category | Data | Required |
|---|---|---|
| Identity | Full name | Required |
| Contact | Email address, phone number | Email required |
| Account Security | Password (hashed), session data | Required |
| Device Info | Device type, OS version, push notification token | Optional |
| Usage Data | App usage statistics, feature preferences | Optional |
Child Data
| Category | Data | Required |
|---|---|---|
| Identity | Name, date of birth, sex | Required |
| Health — Growth | Height, weight, head circumference, BMI, Z-scores | Optional |
| Health — Vaccines | Vaccination records, dates, lot numbers | Optional |
| Health — Development | Milestones, screening results (M-CHAT-R, ASQ-3) | Optional |
| Health — Sleep | Sleep duration, quality ratings, wake counts | Optional |
| Health — Nutrition | Feeding logs, allergy profile | Optional |
| Birth Info | Birth weight/length, prematurity status, gestational age | Optional |
Sensitive Health Data
Important: Under KVKK Article 6, health data is classified as "special category personal data." Processing of such data requires your explicit consent.
Sensitive data processed by our application includes:
- Growth measurements (height, weight, head circumference) and WHO Z-scores
- Vaccination records and immunization status
- Developmental screening results (M-CHAT-R, ASQ-3, EPDS scores)
- Sleep quality data
- Nutrition and allergy information
- Dental health records
- Premature birth and birth complication information
This data is processed solely with your explicit consent. You may choose not to use the related modules within the application.
Purposes of Processing
| Purpose | Description |
|---|---|
| Service Delivery | Growth tracking, vaccine scheduling, developmental screening, sleep analysis, and other app features |
| WHO Comparison | Comparing your child's growth data against World Health Organization standards and calculating percentiles |
| Reminders | Push notifications for upcoming vaccines, measurements, and age-appropriate screenings |
| Doctor Sharing | Sharing health data with your physician upon your explicit consent via time-limited reports |
| Alert System | Notifications for low Z-scores, overdue vaccines, or developmental red flags |
| Account Management | User registration, authentication, and account security |
| Improvement | Anonymous, aggregated usage statistics to improve app quality |
| Legal Compliance | Fulfillment of legal obligations under KVKK and applicable regulations |
Legal Basis
| Data Type | Legal Basis (KVKK) |
|---|---|
| Identity & contact data | Art. 5/2-c: Necessary for contract performance |
| Account security data | Art. 5/2-f: Legitimate interest (security) |
| Health data (growth, vaccines, development, sleep) | Art. 6/2: Explicit consent of the data subject |
| Device & push token | Art. 5/1: Explicit consent |
| Anonymous usage statistics | Art. 5/2-f: Legitimate interest (service improvement) |
| Doctor sharing data | Art. 5/1 & Art. 6/2: Explicit consent |
Data Transfers
Domestic Transfers
- Your Doctor: Only with your explicit consent, via time-limited sharing links
- Legal Authorities: When required by law, to competent public institutions
International Transfers
Server Location: All your data is stored on servers located within Turkey. No cross-border data transfer is performed.
Third-party services used for infrastructure:
| Service | Purpose | Data |
|---|---|---|
| Apple Push Notification Service | Notification delivery | Anonymous device token (no health data) |
| Apple CloudKit | Cross-device sync | Encrypted data (in user's iCloud account) |
| Apple HealthKit | Health data integration | With user permission only, on-device |
Data Retention Periods
| Data Category | Retention Period | End Action |
|---|---|---|
| Account information | Duration of active account + 1 year | Anonymization |
| Health data | Duration of active account | Permanent deletion |
| Shared reports | During sharing period (max 30 days) | Automatic deletion |
| Push tokens | While token is valid | Automatic cleanup |
| Usage statistics | Aggregated: 2 years | Automatic deletion |
| KVKK request records | 4 years from request date | Permanent deletion |
| Legal dispute data | Duration of statute of limitations (10 years) | Permanent deletion |
Account Deletion: You can delete your account at any time via Settings → Account → Delete Account in the app, or by emailing privacy@pediatrikgelisim.com. Deletion is completed within 30 days.
Security Measures
Technical Measures
- Transit encryption: TLS 1.2/1.3 end-to-end encrypted communication
- Storage encryption: AES-256 database encryption
- Password security: Bcrypt hashing algorithm (irreversible)
- Authentication: JWT-based token system (1-hour validity)
- Rate limiting: API request throttling (DDoS protection)
- Firewall: Web Application Firewall (WAF) protection
- Penetration testing: Annual independent security audit
- Backups: Daily encrypted backups, 30-day retention
Administrative Measures
- Staff confidentiality agreements and KVKK training
- Access authorization matrix and least-privilege principle
- Data access logs and audit trail (KVKK compliance)
- Data breach response plan with 72-hour notification procedure
- Third-party security assessments
Cookies & Tracking Technologies
Pediatrik Gelişim is a mobile application and does not use web browser cookies.
Cookies used on our website (pediatrikgelisim.com):
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| session_id | Essential | Session management | Session end |
| lang_pref | Functional | Language preference | 1 year |
We do not use advertising cookies or third-party tracking technologies.
Children's Data
Important: Our application is not designed for direct use by children. All data is entered by a parent or legal guardian.
- Data is entered solely by the parent/guardian with their consent
- Parents/guardians can view, edit, and delete all child data at any time
- Doctor sharing occurs only with parental consent
- Data of children who turn 18 can be transferred to them or deleted upon their request
- Child data is never used for advertising or marketing purposes
Your Rights Under KVKK
Under Article 11 of KVKK, you have the following rights:
| Right | Description |
|---|---|
| Right to Know | Learn whether your personal data is being processed |
| Right to Request Information | Request information about the processing of your personal data |
| Right to Learn Purpose | Learn the purposes of processing and whether data is used accordingly |
| Right to Know Recipients | Know the third parties to whom your data has been transferred domestically or abroad |
| Right to Rectification | Request correction of incomplete or inaccurate data |
| Right to Erasure | Request deletion or destruction of data under KVKK Article 7 |
| Right to Object | Object to outcomes produced by automated systems that are against your interests |
| Right to Compensation | Request compensation for damages resulting from unlawful processing |
How to Exercise Your Rights
| Method | Details |
|---|---|
| privacy@pediatrikgelisim.com (from your registered email) | |
| In-app | Settings → Privacy → KVKK Request |
| Written | [Address], Istanbul, Turkey (notarized or wet-signed) |
Response Time: Your request will be resolved within 30 days at no charge. If the process incurs additional costs, the tariff set by the Personal Data Protection Board shall apply.
Your application must include: full name, Turkish ID number (or passport number for foreign nationals), correspondence address or email, and the subject of your request.
Policy Changes
This privacy policy may be updated from time to time. For significant changes:
- You will be notified via an in-app notification
- A push notification will be sent
- The updated text will be published on this page
- For changes related to health data processing, your explicit consent will be obtained again
| Version | Date | Change |
|---|---|---|
| 1.0 | Feb 1, 2026 | Initial release |
Contact
| Subject | Contact |
|---|---|
| KVKK requests | privacy@pediatrikgelisim.com |
| General privacy inquiries | privacy@pediatrikgelisim.com |
| Technical support | support@pediatrikgelisim.com |
| Data Breach Notification | breach@pediatrikgelisim.com (urgent) |
| Personal Data Protection Authority | www.kvkk.gov.tr |
If your request is denied, the response is deemed insufficient, or no response is given within the deadline, you reserve the right to file a complaint with the Personal Data Protection Board (Kişisel Verileri Koruma Kurulu).