PRIVACY POLICY

Last Updated: April 13, 2025

Bigoen Bilişim Teknolojileri Anonim Şirketi, registered in Türkiye and whose head office is located at Adalet Mahallesi Manas Bulvari No: 47 B Daire: 3509 Izmir/Türkiye. (“GramAI”, “we”, “our” or “us”) provides the GramAI mobile app to users (“you”).

While providing our services, we recognize the importance of your privacy and carry out our activities in line with the applicable data protection regulation including the EU General Data Protection Regulation (“GDPR”) and other related laws.

This Privacy Policy aims to specify how we collect, use and disclose your personal data to provide you with the best level of our service.

Personal Data We Collect

We collect and process your personal data such as:
* identity information including your Instagram username, user ID,
* contact information including your e-mail address (we may request upon our support services),
* online identifiers including Identifier for Vendors (IDFV), Identifier for Advertisers (IDFA) and IP address,
* customer transaction information including your purchase history, payment details, subscription ID, transaction ID, subscription start and end date, receipt of subscription, version of GramAI.

The data that we may collect from our partners could include;
* internet or network activity information including your usage activity, language preference, how much time you have spent and your last active time in the GramAI,
* marketing information including your push notification device token, information about the campaign (advertisement, Instagram phenomenon etc.) you come from, the ads you see in GramAI,
* Data for advertising and analytics purposes, so we can optimise the Services we deliver to you,
* Data we receive if you link a third-party tool with our Services (such as Apple, Google etc.).

As GramAI, we generally aim to minimize data storage on our servers. For instance, certain personal data related to your direct interactions within the app may be stored primarily on your own mobile device (client-side) and isolated from our central servers where feasible.

We do not collect any special categories of personal data or sensitive data such as any information on your health, religious beliefs, political opinions, sexual preferences or orientation.

Collection Method of Your Personal Data

We collect your personal data in a number of ways, including:
* directly from you via e-mail, mobile application,
* from publicly available sources of information (as accessed via the app's functionality),
* from our own records of how you use GramAI services (e.g., transaction history, support interactions).

Use of Your Personal Data

We may use your personal data to:
* provide you with a better and more personalized level of service;
* review your requests, suggestions and complaints regarding our service;
* fulfil contractual obligations to you and anyone involved in the process;
* send you marketing communications and promotional offers (including push notifications), where permitted;
* monitor metrics such as total number of visitors, traffic and demographic patterns (using aggregated or anonymized data where possible);
* show you ads that are more tailored to your interests;
* identify and resolve errors, problems or bugs in our products and services;
* provide AI-driven insights and analysis features as described in the "AI Analysis Feature" section below;
* meet legal and regulatory requirements including compliance with applicable law; respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements.

We collect and process your personal data on the following bases under the GDPR:
* to comply with our contractual obligation (for example, providing you with our service),
* to comply with our legal obligations,
* because of our company’s legitimate interests which include the provision of our mobile application and/or relevant services, provided always that our legitimate interests are not outweighed by any prejudice or harm your rights and freedoms,
* to establish, exercise or defend our legal claims before the courts, arbitrations, authorized data protection authorities or similar legal proceedings,
* because you have explicitly given us your consent to process your personal data in that manner.

We will only provide you with marketing related information after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time.

AI Analysis Feature

GramAI includes features that utilize Artificial Intelligence (AI) to provide you with data analysis based on information accessible through the application and your interactions within it.
* Local Processing and Storage: All processing for this AI analysis occurs directly on your mobile device. The underlying data used for analysis and the resulting insights are stored *solely* on your device and are *not* transmitted to, stored on, or accessed by GramAI's servers or any external parties. No one else has access to this specific analysis data.
* AI Interpretation: The interpretations and results provided by the AI analysis are generated automatically by the AI algorithms. These results are intended for informational or entertainment purposes only and should be considered as suggestions or possibilities. They do not represent definitive facts, carry no guarantee of absolute accuracy or certainty, and should not be solely relied upon for making decisions.

Disclosure of Your Personal Data

We disclose your personal data:
* with our employees, other GramAI users (only as necessary for app functionality, e.g., displaying usernames), company executives, representatives, suppliers, service providers, business partners, group/linked companies and solution partners *only for the purposes specified in Section 3 (Use of Your Personal Data)* and consistent with this policy.
* with government and regulatory authorities and other organizations to meet legal and regulatory requirements, or to protect or defend our rights or property in accordance with applicable laws.

* Crucially, any data or results generated by the AI analysis feature, which are stored locally on your device as described in the "AI Analysis Feature" section, are not disclosed by us to any party.

For compliance with the GDPR, we ensure that our suppliers and business or solution partners, whether they are located outside the EEA or not, take appropriate technical and organizational security measures in accordance with applicable data protection laws and use it solely for the purposes specified by us.

Your Rights

If you are from the European Economic Area or in certain countries, you are also entitled (with some exceptions and restrictions) to:
* Access: You have the right to request information about how we process your personal data and to obtain a copy of that personal data we hold *on our servers*.
* Rectification: You have the right to request the rectification of inaccurate personal data about you and for any incomplete personal information about you to be completed *in our records*.
* Objection: You have the right to object to the processing of your personal information, which is based on our legitimate interests (as described above).
* Deletion: You can delete your account by using the corresponding functionality directly on the service. This will typically remove data associated with your account from our active servers according to our retention policies. Data stored locally on your device (like AI analysis data) is under your control and can be deleted by clearing app data or uninstalling the app.
* Automated decision-making: You have the right to object a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
* Restriction: You have the right to ask us to restrict our processing of your personal data *held by us*, so that we no longer process that personal data until the restriction is lifted.
* Portability: You have the right to receive your personal data *that you have provided to us and that we hold*, in a structured, commonly used and machine-readable format and to have that personal data transmitted to another organization in certain circumstances.
* Complaint: You have a right to lodge a complaint with the authorized data protection authority if you have concerns about how we process your personal data. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.

You may, at any time, exercise any of the above rights pertinent to data held by GramAI, by contacting us via info@gramai.app together with a proof of your identity, i.e. a copy of your ID card, or passport, or any other valid identifying document.

In some cases, we may not be able to give you access to certain personal data, if making such a disclosure would breach our legal obligations to our other customers or if prevented by any applicable law or regulation.

Residents of the State of California (USA)

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), California residents have certain rights in relation to their personal information, subject to limited exceptions. For personal information collected by us *and held on our servers* during the preceding 12 months that is not otherwise subject to an exception, California residents have the right to access and delete their personal information.

We will not discriminate against any customer that asserts their rights under the CCPA. We will not: (1) deny you goods or services; (2) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (3) provide you a different level of quality of goods or services; or (4) suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services.

If you are a California resident, you have the right to request certain information from us regarding our information-sharing practices with third parties for direct marketing purposes. To the extent that we share your personal information for direct marketing purposes, you may receive the following information: (1) the categories of information and sources of information that we disclosed to third parties for direct marketing purposes during the preceding year; and (2) the names and address information of third parties that received such information, or if the nature of their business cannot be determined from the name, the examples of the products or services marketed.

To the extent that we sell your personal information to third parties, you also have the right to request that we disclose to you: (i) the categories of your personal information that we sold, and (ii) the categories of third parties to whom your personal information was sold. You also have the right to direct us not to sell your personal information. *(Note: Based on this policy, especially regarding AI data, GramAI does not appear to "sell" personal information in the CCPA sense, but this clause is standard.)*

California residents may also designate an authorized agent to make a request to access or delete on your behalf. Your authorized agent must submit proof that you have provided them with power of attorney pursuant to Probate Code sections 4000 through 4465. We may deny a request from a purported authorized agent who does not provide proof of authorization to act on your behalf.

Right to withdraw consent

If you have provided your consent to the collection, processing and transfer of your personal data *held by us*, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any marketing message sent to you or contact us via info@gramai.app
Once we have received notification that you have withdrawn your consent, we will no longer process your information *held by us* for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Collection of Children’s Personal Data

We attach great importance of protecting children’s privacy. Therefore, we make an effort not to knowingly collect personal data of any children under the age of 13 (or a higher age threshold depending on the jurisdiction). If you have any concerns about your child’s privacy with respect to our services, or if you believe that your child may have provided his/her personal data to us, please contact us using the details provided below. We ensure to delete such personal data from our records immediately upon verification.

Security of Your Personal Data

We take appropriate and reasonable technical and organizational measures to protect your personal data *that we hold* from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal data. Such technical and organizational measures include:
* Protecting our data servers with state-of-the-art security measures including firewalls, anti-virus programs and similar software.
* Implementing access controls for data held on our systems.
* Utilizing encryption where appropriate.
* For features like the AI Analysis, security is enhanced by processing and storing the relevant data *only* on your local device, thereby preventing external access.

Retention of Your Personal Data

We will only retain your personal data *on our servers* for as long as necessary to fulfil our collection purposes, including for the purposes of satisfying any legal, accounting, or reporting requirements, and where required for our company to provide services, until the end of the relevant retention period.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Upon expiry of the applicable retention period, we will securely delete, destroy or anonymize your personal data in accordance with applicable laws and regulations.
Data stored locally on your device (such as AI analysis data) remains on your device until you choose to delete it (e.g., by clearing app data or uninstalling the app).

Links to Third Party Sites

Our mobile application includes links to other websites or apps whose privacy practices may differ from those of our companies. If you submit personal information to any of those sites, your information is governed by their Privacy Policies. We encourage you to carefully read the Privacy Policy of any website or app you visit.

Changes to our Privacy Policy

We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail or push notification. Please check back frequently to see any updates or changes to our Policy. The "Last Updated" date at the top indicates when the policy was last revised.

Contact us

If you have any questions or concerns about our privacy practices or would like to exercise any of the rights mentioned in this Privacy Policy regarding data held by GramAI, please contact us via info@gramai.app. You may also contact us by postal mail at our address stated above.