BBoon AI Türkçe sürüm →

Privacy Policy

Last updated: July 7, 2026

This Privacy Policy explains how your personal data is handled when you use the Boon AI mobile application (the "App"). Boon AI is a habit and routine tracker with an AI-powered coach. This policy is written to meet our transparency obligations under the EU General Data Protection Regulation ("GDPR") and the Turkish Personal Data Protection Law ("KVKK").

1. Data Controller

The data controller is Dode Yazılım.
Contact: iletisim@dodeyazilim.com

2. Data We Collect

No ads, no ad tracking: The App shows no advertising, performs no behavioral or advertising tracking, and does not collect the IDFA (advertising identifier).

3. Service Providers

We rely on the following infrastructure providers to deliver the service:

Supabase Database & Authentication

Your account information and user content (routines, check-ins, journal, mood) are stored on Supabase infrastructure. The servers are located in Australia (ap-southeast-2), which means your data is transferred internationally (see Section 6). Data is protected with TLS in transit and encryption at rest.

OpenAI AI Coach

AI coach responses are generated using the OpenAI API. Your messages are relayed through a secure server-side proxy (Supabase Edge Function) — the API key is never present on your device. Under OpenAI's API defaults, content submitted via the API is not used to train their models.

RevenueCat Subscription Management

Used to validate and track your premium subscription. RevenueCat only receives your internal user ID and store purchase information — never your payment card details.

Sentry Crash Reporting

Used to detect app crashes and technical errors. No personal content (email, journal entries, etc.) is sent; only technical diagnostics and an internal user ID are processed.

PostHog Product Analytics (EU Region)

We collect anonymous usage statistics to understand how the App's features are used. Data is processed on PostHog's servers in the European Union. It is never used for advertising purposes.

4. Purposes of Processing

5. Legal Bases

We process your personal data on the basis of performance of a contract (delivering the service), legitimate interests (crash reporting, security, product improvement), and, where required, your consent — in particular for international data transfers under KVKK Article 9 — in accordance with GDPR Article 6 and KVKK Article 5.

6. International Data Transfers

The service providers listed above operate servers outside your country (Supabase: Australia; OpenAI, RevenueCat, Sentry: United States; PostHog: European Union). Transfers are carried out under data processing agreements with these providers and appropriate safeguards such as Standard Contractual Clauses (SCCs) under the GDPR, and in accordance with KVKK Article 9.

7. Data Retention

8. Your Rights

Under GDPR Articles 15–22 and KVKK Article 11, you have the right to access, rectify, and erase your data, to object to or restrict processing, and to data portability.

You also have the right to lodge a complaint with your local supervisory authority (or, in Türkiye, with the Personal Data Protection Board).

9. Children's Privacy

Boon AI is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If we become aware that we have processed data belonging to a child under 13, we will delete it promptly.

10. Security

Your data is encrypted with TLS in transit, and protected with encryption at rest and access controls. While no system is 100% secure, we apply industry-standard technical and organizational measures to protect your data.

11. Changes to This Policy

We may update this policy from time to time. The current version is always published on this page, and the "Last updated" date is revised accordingly.

12. Contact

For any privacy-related question or request:
Dode Yazılımiletisim@dodeyazilim.com