Privacy Policy

Effective Date: June 2026

This Privacy Policy explains how Match Medic Saglik Yazilim ve Bilisim Hizmetleri Anonim Sirketi ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use the Tough Hair mobile application ("the App"). By using the App, you agree to the practices described in this policy.

We are committed to protecting your privacy in accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK"), the European Union General Data Protection Regulation ("GDPR") where applicable, and Apple's App Store Review Guidelines.

1. Data We Collect

We collect and process the following categories of personal data:

• Account information: name, email address, age.
• Onboarding inputs: hair loss concerns, duration of hair loss, stress level, time commitment preference, treatment method preferences, product purchase willingness.
• Health-related data: prescription medication status (tracking only), supplement usage, hair loss stage classification.
• Hair photos: taken voluntarily for analysis. Stored on your device only.
• Usage data: routine adherence, streaks, check-in frequency (anonymized for analytics).
• Subscription status: managed by Apple; we receive only your active subscription tier.

We do not collect location data, contacts, browsing history, or any data unrelated to the App's hair care functionality.

2. How We Use Your Data

We use your personal data exclusively for the following purposes:

• To generate and maintain your personalized hair care routine based on your onboarding inputs.
• To send you daily notifications and reminders for tasks in your routine.
• To display your progress on the dashboard (streaks, check-ins, routine adherence).
• To perform on-device analysis of hair photos you voluntarily submit.
• To improve App functionality, fix bugs, and understand aggregate usage patterns through anonymized analytics.
• To manage your subscription and provide customer support.

We do NOT use your health-related data for advertising, marketing, or data mining purposes. This is a firm commitment required by Apple's App Store Guideline 5.1.3 and Turkish law.

3. Health Data & KVKK Compliance

Your prescription medication status, supplement usage, and hair loss stage are classified as "special category personal data" (health data) under Article 6 of the KVKK. Because we are not a healthcare provider and this data is not processed for medical diagnosis or treatment purposes, we rely on your explicit consent as the legal basis for processing this data.

You provide this consent during onboarding when you voluntarily enter your prescription and supplement information. You may withdraw your consent at any time by deleting your account (see Section 8), which will result in the permanent deletion of all your health-related data from our systems.

We implement enhanced security measures for health data, including encryption at rest and in transit, strict access controls, and regular security audits, in accordance with KVKK requirements.

4. Third-Party Services

We use the following third-party services:

• Analytics Provider: We use a basic analytics service (such as Firebase Analytics or similar) to understand aggregate usage patterns, crash reports, and feature adoption. This data is anonymized and does not include your health information, photos, or prescription status.
• Apple: Apple processes all in-app purchase and subscription transactions. We receive only your subscription status; Apple handles all payment details.
• Cloud Infrastructure: Your encrypted account and routine data is stored on secure cloud servers. Our cloud provider processes data on our behalf under a data processing agreement.

We do not sell, rent, or share your personal data with third parties for their own marketing or advertising purposes. We do not use any advertising SDKs.

5. Data Retention

We retain your personal data for as long as your account is active and you use the App. Specifically:

• Account and routine data: Retained while your account is active. Deleted within 30 days of account deletion.
• Hair photos: Stored on your device only. Deleted when you remove them from the App or uninstall it.
• Analytics data: Retained in anonymized, aggregated form. Cannot be linked back to you after anonymization.
• After account deletion: All personal data associated with your account is permanently deleted from our servers within 30 days, except where retention is required by applicable law.

6. Data Security

We implement the following security measures to protect your data:

• All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher.
• Health-related data is encrypted at rest on our servers.
• Access to personal data is restricted to authorized personnel on a need-to-know basis.
• We do not store personal health information in iCloud, in compliance with Apple's Guideline 5.1.3.
• Hair photos are processed and stored exclusively on your device and are never transmitted to our servers.

7. International Data Transfers

Your data may be processed on servers located outside of Turkiye. Where data is transferred internationally, we ensure that adequate safeguards are in place in accordance with KVKK Article 9, including data processing agreements with our service providers that meet Turkish data protection standards.

8. Your Rights

Under the KVKK (Article 11) and, where applicable, the GDPR, you have the following rights:

• Right to know whether your personal data is being processed.
• Right to request information about the processing of your data.
• Right to know the purpose of processing and whether it is used in accordance with its purpose.
• Right to know the third parties to whom your data has been transferred.
• Right to request correction of incomplete or inaccurate data.
• Right to request deletion or destruction of your data.
• Right to object to the processing of your data.
• Right to withdraw your consent at any time.

To exercise any of these rights, contact us at support@matchmedic.com. We will respond within 30 days.

You may also delete your account and all associated data directly from the App's settings at any time.

9. Children's Privacy

The App is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18 years of age. If we learn that we have collected data from a minor, we will delete it immediately.

10. Push Notifications

The App uses push notifications to remind you of daily routine tasks. Notifications will never contain sensitive health information, prescription details, or any personally identifiable data, in compliance with Apple's Guideline 4.5.4.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the App or by email. The updated policy will take effect on the date specified in the notice. Your continued use of the App after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, contact us at:

Email: support@matchmedic.com