1. Description of Service and Acceptance

By downloading or using the "A Note" application, you agree to these terms. The application is an entertainment tool designed for couples or partners to leave notes, send drawings, communicate via widgets, and listen to synchronized music.

2. User Account and Security

You must create an account to use the application. You are responsible for the security of your account. A Note cannot be held responsible for data loss resulting from sharing your password or account with others.

3. User Conduct and Prohibited Content

A Note allows users to generate content (UGC). However, sharing the following content is strictly PROHIBITED:

• Images/notes containing violence, hate speech, racism, or discrimination
• Nudity, pornography, or sexually explicit materials
• Messages that harass or threaten other users
• Spam, malware, or any malicious content
• Content that infringes on intellectual property rights
• Any content depicting minors in inappropriate contexts

Accounts of users violating these rules may be suspended or permanently closed without prior notice.

4. Premium Subscriptions

• The application may offer "Premium" features (ad-free usage, special themes, higher upload limits, etc.)
• Payments are processed through your Google Play account
• Subscriptions automatically renew unless canceled at least 24 hours before the end of the current period
• You can cancel anytime via Google Play > Subscriptions menu
• Refunds are subject to Google Play's refund policies
• No refunds for partial subscription periods

5. Intellectual Property

• The A Note application, including its design, features, and content, is protected by intellectual property laws
• User-generated content remains the property of the user, but you grant us a worldwide, non-exclusive, royalty-free license to display it to your paired partner
• You may not copy, modify, distribute, or reverse engineer any part of the application

6. Disclaimer

The application is provided "as is" and "as available" without warranties of any kind. A Note is not responsible for:

• Technical delays in widget updates
• Internet connection issues
• Interruptions in third-party services (Supabase, Firebase, Google Play)
• Data loss due to user error or device issues
• Content shared between users
• Actions taken by your paired partner

7. Limitation of Liability

To the maximum extent permitted by law, A Note and its affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of the application, including but not limited to loss of data, profits, or goodwill.

8. Indemnification

You agree to indemnify and hold harmless A Note from any claims, damages, or expenses arising from your use of the application or violation of these Terms.

9. Termination

We reserve the right to terminate or suspend your account at any time, with or without cause or notice. Upon termination, your right to use the Service will immediately cease.

10. Governing Law and Dispute Resolution

These Terms shall be governed by the laws of the Republic of Turkey. Any disputes shall be resolved in the courts of Istanbul, Turkey. For users in the European Union, this does not affect your statutory consumer rights.

11. Severability

If any provision of these Terms is found to be unenforceable, the remaining provisions will continue in full force and effect.

12. Changes to Terms

We may modify these Terms at any time. Material changes will be notified via in-app notification. Continued use after changes constitutes acceptance.

1. Information We Collect

We collect and receive personal information from various sources:

1.1 Account & Profile Data (Collected Directly from You)

• Email address (required for authentication)
• Username/Display name
• Profile avatar image
• Partner relationship data (paired account ID, couple ID)
• Account creation date and anniversary date
• Language preference
• Reminder questions and answers (for account recovery)
• Communication preferences (notification settings)

1.2 User-Generated Content (Provided by You)

• Photos: Images you upload to share with your partner
• Drawings: Digital artwork created in the drawing canvas
• Voice Recordings: Audio messages recorded when you explicitly press the record button
• Text Notes: Written messages and notes
• GIFs: GIFs selected via GIPHY integration
• Memories: Calendar entries and associated photos/notes
• Requests/Coupons: Activity requests you create (e.g., "Movie Night", "Massage")

1.3 Device & Technical Information

• Device Identifiers: Android ID, device model, operating system version
• Crash Logs: Technical data to analyze app errors and crashes (via Firebase Crashlytics)
• Advertising ID (AD_ID): Used for personalized advertisements through Google AdMob
• IP Address: Used for security, fraud prevention, and approximate location
• FCM Token: Firebase Cloud Messaging token for push notifications
• App Version, Browser Type, Device Language

1.4 Usage Data (Collected Automatically)

• Daily streak activity: Contribution dates and streak counts
• Feature interaction patterns: Drawing Canvas usage, Music Room sessions, Widget interactions
• Session duration and frequency: How often and how long you use the app
• Content viewing patterns: Interactions within the couple's feed
• Notification interaction data: Which notifications you open
• Click and navigation patterns: How you move through the app

1.5 Location Information

• Approximate Location: Derived from IP address (city/region level only)
• We do NOT collect precise GPS location

1.6 Widget Data

• Cached images: For home screen widget display
• Widget refresh timestamps
• Last received content metadata: Sender name, content type

1.7 Inferences

Using the information collected about you, we may draw inferences about your:

• Preferences: Features you use most
• Engagement patterns: Peak usage times
• Relationship milestones: Based on anniversary dates and streaks

2. Sources of Personal Information

We collect personal information about you from various sources, directly and indirectly:

2.1 We collect personal information directly from you

We collect Account Information if you sign up for our Services or contact us. We also collect any personal information you provide if you make a request, fill out your user profile or other settings, or complete a survey.

2.2 We receive personal information from your paired partner

We may receive information about you from your paired partner as part of the normal usage of the app (e.g., when they add you as their partner using a pairing code).

2.3 We collect personal information from your devices

We may use tracking tools like local storage, SharedPreferences, and secure cookies to automatically collect information about you (including Internet and Network Activity, and Location). We may collect this information when you interact with our app.

2.4 We get personal information from vendors we hire to work on our behalf

Vendors that host or maintain our services (Supabase, Firebase) and provide analytics may give us Contact Information and Internet and Network Activity Information.

3. Why We Request These Permissions

To provide the features of A Note, we use the following technical permissions:

4. How We Use Your Information

4.1 Service Delivery

• Enable core features: messaging, drawing, music room synchronization
• Display your content to your paired partner only
• Synchronize widget data between app and home screen
• Process daily streak tracking and notifications
• Authenticate your identity and maintain session security
• Match you with your partner via pairing codes

4.2 Personalization & Advertising

• Display personalized advertisements through Google AdMob (non-Premium users only)
• Measure ad performance and optimize ad delivery
• Remember your preferences (language, theme, notification settings)
• Premium subscribers see NO advertisements

4.3 Communication

• Send push notifications about new content from your partner
• Send streak reminders and achievement notifications
• Respond to support inquiries
• Send important service announcements

4.4 Service Improvement

• Analyze usage patterns to improve features
• Identify and fix bugs and technical issues
• Develop new features based on user behavior
• Optimize app performance
• Conduct aggregated analytics (non-identifying)

4.5 Security & Fraud Prevention

• Detect and prevent unauthorized access
• Monitor for Terms of Service and policy violations
• Protect against abuse, exploitation, and spam
• Rate limiting to prevent service abuse
• Verify account ownership for sensitive operations
• Investigate suspicious activities

4.6 Legal Compliance

• Respond to legal requests and court orders
• Enforce our Terms of Service
• Protect our rights and the rights of others
• Report illegal content to authorities as required by law

4.7 Verification of Privacy Requests

Verify your identity when you exercise your privacy rights (access, deletion, etc.)

5. Third Parties and Data Sharing

5.1 With Your Paired Partner

Your photos, drawings, voice messages, notes, GIFs, and profile information are shared with your paired partner as the core function of the application. This is controlled by you through the pairing process.

5.2 With Service Providers (Vendors)

We share data with trusted vendors who perform services on our behalf. These vendors are contractually bound to protect your data:

5.3 For Legal Reasons

We may disclose your information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to valid court orders, subpoenas, or government requests (including from US government authorities)
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service
• Detect and prevent fraud, abuse, or illegal activities
• Protect the safety of our users or the public

5.4 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via in-app notification or email before your information becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information for other purposes not described here with your explicit prior consent.

5.6 What We Do NOT Do

• ❌ We do NOT sell your personal data to third parties for monetary or other valuable consideration
• ❌ We do NOT share your content with anyone other than your paired partner
• ❌ We do NOT use your voice recordings for any purpose other than delivering them to your partner
• ❌ We do NOT listen to, transcribe, or analyze your voice messages
• ❌ We do NOT use your data to train AI or machine learning models
• ❌ We do NOT share your precise location with third parties
• ❌ We do NOT build advertising profiles based on your private messages

6. Cookies and Tracking Technologies

6.1 Types of Technologies We Use

Strictly Necessary (Cannot be disabled):

• Local Storage: Authentication tokens, session management
• SharedPreferences (Android): Widget data, cached content, language settings
• Secure Cookies (via Supabase): Session authentication

Functional:

• Language Preference Storage: Remember your language selection
• Theme Preference Storage: Remember dark/light mode

Analytics (Optional):

• Firebase Analytics (if enabled): Anonymous usage statistics, crash reporting
• These help us understand how the app is used and identify issues

Advertising:

• Google AdMob Cookies/Identifiers: Used to serve and measure ad effectiveness
• Only active for non-Premium users

6.2 Third-Party Tracking

6.3 Your Choices

Advertising Personalization:

• Reset your Advertising ID: Android Settings > Google > Ads > Reset Advertising ID
• Opt out of personalized ads: Android Settings > Google > Ads > Opt out of Ads Personalization
• Upgrade to Premium to completely remove all advertisements and ad-related tracking

Do Not Track: The app does not currently respond to "Do Not Track" browser signals. However, you can control tracking through the device settings described above.

7. Data Security

We implement industry-standard security measures to protect your data:

7.1 Technical Measures

• Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
• Encrypted Storage: Database and file storage encryption at rest
• Row-Level Security (RLS): Database policies ensure complete data isolation between couples
• Signed URLs: Private files accessed via time-limited signed URLs (expire within hours)
• Rate Limiting: Protection against brute force attacks and API abuse
• Secure Authentication: Industry-standard authentication via Supabase Auth with secure password hashing
• Token Rotation: Session tokens are regularly rotated for security

7.2 Access Controls

• Your content is only accessible by you and your paired partner
• Voice recordings, photos, and drawings are stored in private storage buckets
• Widget data is cached locally and protected by device security mechanisms
• FCM tokens are automatically cleared on logout

7.3 Organizational Measures

• Limited access to production data
• Regular security reviews
• Incident response procedures

7.4 Security Limitations

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at leavemenoteapp@gmail.com and change your password.

8. Data Retention

8.1 Active Accounts

• Your data is retained as long as your account remains active
• Content shared with your partner remains accessible to both of you until deleted

8.2 Deleted Content

• When you delete individual content items (photos, notes, etc.), they are removed from our active servers within 24 hours
• Cached copies may persist in widget data until the widget is refreshed
• Backup systems may retain copies for up to 30 days for disaster recovery

8.3 Account Deletion

• Upon account deletion request, all your data is permanently removed within 30 days
• This includes: profile data, all user-generated content (photos, drawings, voice messages), streak history, memories, requests, and associated metadata
• Some anonymized, aggregated data may be retained indefinitely for analytics purposes (cannot be linked back to you)

8.4 Unpaired State

• When you unpair from a partner, your shared content history is retained for your personal records
• Your ex-partner immediately loses access to your future content
• Previously shared content remains visible to both parties unless individually deleted

8.5 Legal Retention

We may retain certain data longer if required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes)

9. Your Privacy Rights

All users, regardless of location, have the following rights:

To exercise these rights, email us at: leavemenoteapp@gmail.com

We will respond to your request within 30 days. We may need to verify your identity before processing your request to protect your data from unauthorized access.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

10.1 Right to Know

You have the right to request:

• The categories of personal information we have collected about you
• The specific pieces of personal information we have collected about you
• The categories of sources from which personal information is collected
• The business or commercial purpose for collecting or selling personal information
• The categories of third parties with whom we share personal information

10.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations).

10.3 Right to Opt-Out of Sale/Sharing

You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.

Note: We do NOT sell your personal information. We do share limited data with advertising partners (AdMob) for targeted advertising purposes, which may constitute "sharing" under CPRA. You can opt out by upgrading to Premium (removes all advertising) or adjusting your device's advertising settings.

10.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

10.5 Right to Correct

You have the right to request correction of inaccurate personal information.

10.6 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes beyond what is necessary to provide the services.

10.7 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require written authorization and verify your identity directly.

10.8 California "Shine the Light" Law

California residents may, once per year, request information about the categories of personal information shared with third parties for direct marketing purposes and the names and addresses of those third parties. To make this request, email us at leavemenoteapp@gmail.com.

10.9 Contact for California Requests

Email: leavemenoteapp@gmail.com
Response time: Within 45 days (may be extended by an additional 45 days if necessary)

11. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

11.1 Legal Bases for Processing

We process your personal data based on the following legal grounds:

11.2 Your GDPR Rights

In addition to the general rights listed in Section 9, EU users have:

• Right to Object: Object to processing based on legitimate interests
• Right to Restrict Processing: Restrict processing in certain circumstances
• Right to Lodge a Complaint: Contact your local Data Protection Authority (DPA)
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)

11.3 Data Transfers Outside EEA

Your data is transferred to and processed in the United States through our service providers. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Service provider certifications: Our providers maintain appropriate security certifications

11.4 Data Protection Officer

For GDPR-related inquiries, contact us at: leavemenoteapp@gmail.com

11.5 Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe your rights have been violated.

12. Turkish Users (KVKK)

If you are located in Turkey, you have rights under the Personal Data Protection Law No. 6698 (Kişisel Verilerin Korunması Kanunu - KVKK):

12.1 Your KVKK Rights

Under Article 11 of KVKK, you have the right to:

• Learn whether your personal data is processed
• Request information about data processing if your data has been processed
• Learn the purpose of data processing and whether it is used appropriately
• Know the third parties to whom your data is transferred domestically or abroad
• Request correction of incomplete or inaccurate data
• Request deletion or destruction of personal data under conditions specified in Article 7
• Request notification of corrections, deletions, or destructions to third parties
• Object to any result that is against you arising from the analysis of processed data exclusively through automated systems
• Request compensation for damages arising from unlawful processing of personal data

12.2 Data Controller

Independent Developer Publisher: Lozan Studio
Elmalı Kent Mah. Eşref Bitlis Cad.
Ümraniye - 34764
İstanbul, Türkiye

12.3 How to Exercise Your Rights

You can exercise your KVKK rights by:

• Sending an email to: leavemenoteapp@gmail.com
• Sending a written request to our address above

We will respond to your request within 30 days as required by KVKK.

12.4 Data Transfer Abroad

Your data is transferred to servers in Germany (AWS eu-central-1) and the United States through our service providers (Supabase, Firebase, Google). By using this application, you explicitly consent to this international transfer as permitted under KVKK Article 9.

13. Voice Recording Specifics

To be completely transparent about voice features:

• Voice recordings are created ONLY when you explicitly press and hold the record button
• Recordings are transmitted to your partner's device via our secure servers
• We do NOT perform speech-to-text conversion or transcription
• We do NOT analyze voice content for any purpose (including sentiment analysis)
• We do NOT use voice data to train AI, machine learning, or voice recognition models
• Recordings are stored encrypted and accessible only to you and your partner
• No background listening: The app never records audio without your explicit action
• You can delete voice recordings at any time

14. Music Room Feature

The Music Room feature allows synchronized music listening with your partner:

• We do NOT provide, host, or stream music content - you upload files from your device
• You are responsible for ensuring you have the rights to use and share the music you upload
• Uploaded music files are stored in your private storage bucket
• Only you and your paired partner can access uploaded music files
• Playback position and controls are synchronized in real-time between devices
• Music metadata (title, artist) is extracted locally on your device
• Leaders can control playback; partners listen in sync
• We do not share your music files with any third parties

15. GIPHY Integration

A Note integrates GIPHY for GIF searches:

• When you search for GIFs, your search queries are sent to GIPHY's servers
• GIPHY may collect usage data in accordance with their privacy policy: https://giphy.com/privacy
• GIF selections are shared with your partner as part of the message
• We display "Powered by GIPHY" as required by their terms
• GIPHY's data practices are governed by their own privacy policy

16. Children's Privacy

Our application is NOT directed to children under the age of 13 (or 16 in certain jurisdictions).

• We do NOT knowingly collect personal data from children under 13
• If we discover that a child under 13 has provided us with personal information, we will delete it immediately
• If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at: leavemenoteapp@gmail.com

17. Child Safety Standards (CSAE)

A Note has a zero-tolerance policy against Child Sexual Abuse and Exploitation (CSAM/CSAE):

• We do NOT allow any content that depicts child sexual abuse or exploitation
• We do NOT allow content that sexualizes minors in any way
• We do NOT allow grooming behavior or content
• When such content is detected or reported:
  • It is immediately removed
  • The user account is permanently banned without warning
  • Evidence is preserved for law enforcement
• We are committed to reporting detected CSAM cases to relevant authorities including:
  • National Center for Missing & Exploited Children (NCMEC)
  • Local law enforcement agencies
  • Other relevant authorities as required by law
• Users can report inappropriate content via email: leavemenoteapp@gmail.com

18. Account Deletion

You can permanently delete your account and all data:

Method 1: In-App Deletion (Recommended)

1. Open the A Note app on your device
2. Go to your Profile page
3. Scroll down and find the "Delete Account" button
4. Tap the "Delete Account" button
5. Read the warning and confirm your decision
6. All your data will be permanently deleted from our servers within 30 business days

Method 2: Email Request (Web Deletion Option)

If you cannot access the application or have uninstalled it, you can request remote account deletion via email in accordance with Google Play Data Security standards.

Email us at leavemenoteapp@gmail.com:

• Subject line: Account Deletion Request
• Include: The email address associated with your account
• State clearly: That you want to permanently delete your account and all associated data
• Response time: We will process your request within 30 business days
• We may contact you to verify your identity

19. International Data Transfers

A Note is operated from Turkey. Your data is processed and stored on servers located in Germany (AWS eu-central-1) (Supabase) and the United States (Firebase, Google, RevenueCat) through our service providers.

If you are accessing our service from outside these regions:

• Your data will be transferred to and processed in Germany and/or the United States
• Privacy laws in the United States may differ from those in your country of residence
• By using our service, you consent to this transfer

For EU/EEA Users: We ensure appropriate safeguards through Standard Contractual Clauses as approved by the European Commission.

20. Third-Party Links and Services

If you click on a link to a third party site or service (e.g., GIPHY, Google Play, RevenueCat), you will be taken to a website or service we do not control. This Policy does not apply to the privacy practices of that website or service, which may collect information from you. Read the privacy policy of other websites and services carefully. We are not responsible for these third party websites, services, or their policies.

21. Automated Decision Making

• We do NOT use your personal data for automated decision-making that produces legal or similarly significant effects on you
• We do NOT use profiling to make decisions about your access to services
• Ad personalization decisions made by Google AdMob are subject to Google's privacy policy

22. Changes to This Policy

We may update this Privacy Policy from time to time:

• Continued Use: Your continued use of the app after changes constitutes acceptance of the updated policy
• Right to Decline: If you disagree with changes, you have the right to delete your account before the changes take effect
• Review Period: For material changes, we will provide at least 30 days notice before the changes become effective

23. Contact Us

For questions, feedback, to exercise your privacy rights, or to report concerns:

24. Disclaimer

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. While we strive to keep the information accurate and up-to-date, we make no warranties or representations about the completeness, accuracy, or reliability of this policy. The developer is an independent individual, not a registered company. Use of this application and reliance on this policy is at your own risk.

Summary of Key Points