Privacy Policy and Personal Data Notice

Last Updated: 12 / 12 / 2025

Privacy Policy And Personal Data Notice

PURPOSE

Folds Dijital Hizmetler Anonim Sirketi ("Folds" or "Company") aims to process users' personal data within the scope of the mobile application named Healyn and all related digital services ("Healyn" or "Application") in accordance with applicable data protection legislation, general principles regarding the protection of personal data, and data protection law provisions.

This notice regulates obligations under the European Union General Data Protection Regulation (GDPR 2016/679) and additional rights granted to data subjects, where applicable.

Personal data you have provided to our Company or obtained by our Company through any external method may be processed by Folds, as the data controller:

In compliance with the law and the principle of good faith,
Accurately and, where necessary, kept up to date,
For specified, explicit, and legitimate purposes,
In a manner that is relevant, limited, and proportionate to the purposes for which they are processed,
For the period stipulated in the relevant legislation or required for the purpose for which they are processed

through automated or non-automated means.

In this context, your personal data may be recorded, stored, preserved, reorganized, transferred to third parties domestically or abroad to the extent permitted by law, and subjected to other processing activities stipulated by legislation.

This Privacy Policy has been prepared to explain which personal data is collected, how and for what purposes this data is processed, how it is protected, with whom and under what conditions it is shared, and the rights of data subjects.

Terms written in capital letters in this document and not otherwise defined have the meanings attributed to them in the Healyn Terms of Use.

COLLECTION OF PERSONAL DATA AND METHODS

Folds may collect your personal data when you use the Healyn application, contact us through the application, create an account, make in-app purchases, or use our services; electronically, through mobile devices, by automated or non-automated methods, directly from you or through third-party platforms.

The collected personal data is classified under the following data categories:

Data Categories and Data Types

Profile Information

User ID, username (nickname), profile picture, user token, Open ID, email address

Authentication Information

User identity information provided through Google or Apple authentication services via Firebase (user ID, profile information, email address)

Transaction Security and Application Data

IP address, device name, device model, operating system and version, application version, log records, usage durations, date and time information, token ID, IDFA / IDFV (if explicit consent is given)

User-Generated Content

Texts, messages, questions, answers, audio recordings, images, videos, and other digital content that you provide, upload, create, or share through Healyn

For certain functions of Healyn to work, access permission to the camera, microphone, or gallery applications of your mobile device may be requested. These permissions are entirely optional and can be revoked at any time through device settings. However, if permissions are not granted, some services may function with limitations.

Audio content is automatically deleted from our systems within 24 (twenty-four) hours after the text conversion process is completed.

Users should not share financial information, health data, information about children, or content considered as special category personal data under legislation through Healyn.

PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

Your personal data is processed in accordance with the purposes and legal bases specified below.

Processing Purposes

Provision, operation, and improvement of Healyn services
Creation and management of user accounts
Personalization and improvement of user experience
Conducting customer support, request, and complaint processes
Management of subscription and in-app purchase processes
Ensuring information security, system security, and business continuity
Fulfilling legal obligations and responding to requests from authorized institutions
Provision and improvement of AI-powered services (with explicit consent)
Conducting marketing, analysis, and reporting activities (with explicit consent)

Legal Bases

Processing is necessary for the performance of a contract or to take steps prior to entering into a contract
Processing is necessary for compliance with a legal obligation
Processing is necessary for the establishment, exercise, or defense of legal claims
Processing is necessary for the legitimate interests of the Company (provided it does not harm fundamental rights and freedoms)
Explicit consent (where required by legislation)

COOKIES AND SIMILAR TECHNOLOGIES

Healyn may use cookie-like mobile technologies and identifiers to improve application performance, enhance user experience, and conduct analysis activities. These technologies can be managed or disabled through device settings.

PUSH NOTIFICATIONS

Healyn may send push notifications for application updates, security notifications, and information about services. Users can turn off these notifications at any time through device settings.

STORAGE OF PERSONAL DATA

Your personal data is stored for the periods stipulated in the applicable legislation or for as long as required for the processing purpose. When the storage period expires, personal data is deleted, destroyed, or anonymized.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES AND ABROAD

The procedures and principles regarding the transfer of personal data to third parties are regulated in accordance with applicable data protection legislation. Folds Dijital Hizmetler Anonim Sirketi acts in compliance with data protection legislation and regulatory decisions in personal data transfer processes.

Within the scope of the Healyn application, servers, data centers, and cloud computing systems located domestically and abroad may be used in accordance with technical infrastructure requirements. In this context, your personal data may be transferred to third-party service providers located domestically or abroad, subject to necessary technical and administrative measures.

Purposes for Transferring Personal Data Abroad

Your personal data may be transferred abroad for the following purposes:

Conducting storage and archiving activities,
Providing and operating information technology infrastructure,
Conducting business activities and ensuring continuity,
Conducting after-sales support services for goods and services,
Conducting customer relationship management (CRM) processes,
Developing technical infrastructure, resolving technical errors and malfunctions,
Measuring, analyzing, and reporting application performance.

Transfer of data abroad is carried out in accordance with applicable data protection laws, including where the data subject has provided explicit consent or where adequate safeguards are in place as required by law.

Third-Party Service Providers and Transfer Purposes

Folds may transfer your personal data to the third-party service providers specified below, in a limited and proportionate manner, for the purpose of providing the Healyn application safely, effectively, and without interruption:

a) Firebase Analytics

Firebase Analytics service is used within the scope of the Healyn application.

b) AppsFlyer

AppsFlyer service is used within the scope of the Healyn application.

Transfer to Third-Party Service Providers and Authorized Institutions

Folds may also transfer your personal data to our Company's service providers and third-party services embedded in the Healyn service (such as Firebase Analytics and AppsFlyer) for the following purposes:

Sharing identity, communication, and transaction security information with authorized public institutions and organizations for conducting activities in compliance with legislation, monitoring and conducting legal affairs, and informing authorized persons, institutions, and organizations,
Sharing identity and communication information for conducting after-sales support services, carrying out business activities, and managing customer relationship management processes.

Security Measures Taken in Transfers

During the transfer of personal data to third parties and abroad:

The principle of data minimization is followed,
Transferred data is kept limited to the processing purpose,
Data processing and confidentiality agreements are concluded with relevant service providers,
Necessary technical and administrative security measures are taken.

TECHNICAL AND ADMINISTRATIVE MEASURES

Folds takes all necessary technical and administrative measures to ensure the confidentiality and security of personal data, including encryption, access authorization, logging, backup, penetration testing, information security incident management, and employee training.

AGE RESTRICTION

Healyn is not intended for use by persons under the age of 16. Users under the age of 18 require the consent of their legal representatives to use the application.

YOUR RIGHTS AS A DATA SUBJECT

As a data subject, you have the following rights regarding your personal data by applying to Folds Dijital Hizmetler Anonim Sirketi:

To learn whether your personal data is being processed,
To request information about the processing if your personal data has been processed,
To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
To know the third parties to whom your personal data is transferred domestically or abroad,
To request correction of your personal data if it has been processed incompletely or inaccurately and to request that this correction be notified to third parties to whom personal data has been transferred,
To request deletion, destruction, or anonymization of your personal data if the reasons for processing have ceased to exist in accordance with applicable legislation and to request that these operations be notified to third parties to whom personal data has been transferred,
To object to any result that is against you arising from the analysis of processed data exclusively by automated systems,
To claim compensation for damages if you suffer damage due to unlawful processing of your personal data.

Data Subject Rights Under GDPR

Where the General Data Protection Regulation (GDPR) applies, data subjects also have the following rights in addition to the above:

Right of access: To learn whether your personal data is being processed, and if so, to access your personal data and detailed information about its processing,
Right to rectification: To request rectification or completion of your personal data that you believe is incorrect or incomplete,
Right to erasure (Right to be forgotten): To request erasure of your personal data where the conditions stipulated in the GDPR are met,
Right to restriction of processing: To request restriction of processing of your personal data under the conditions stipulated in the GDPR,
Right to object to processing: To object to data processing activities based on legitimate interests,
Right to data portability: To request that your personal data processed by us be transmitted to you in a structured, commonly used, and machine-readable format, or to request transfer to another data controller where technically feasible,
Right to object to profiling and automated decision-making: To object to any result against you arising from data processing activities carried out exclusively through automated systems, including profiling.

Application Procedure

If you wish to exercise your rights as a data subject specified above:

Your request should be clear, understandable, and clearly express the requested right,
If the request relates to you or if you are acting on behalf of another person, you should document this,
You should attach information and documents verifying your identity

and submit it to us.

Applications can be made via the email address support@folds.co or through the "Data Subject Application Form" to be provided by our Company. Your applications will be concluded free of charge within 30 (thirty) days at the latest, depending on the nature of the request. If the request is rejected, the reason for rejection will be communicated to you in writing or electronically.

If you believe that your rights regarding the processing of your personal data have been violated, you have the right to lodge a complaint with the relevant data protection supervisory authority.

SCOPE AND LIMITATIONS OF THE PRIVACY POLICY

This Privacy Policy and Personal Data Notice regulates only the procedures and principles regarding the collection, processing, storage, transfer, and protection of personal data within the scope of the Healyn application.

This document does not regulate:

General terms regarding the use of the Healyn application,
The scope of services provided,
The liability regime regarding outputs generated by artificial intelligence,
Legal, medical, psychological, or similar advisory provisions,
Mutual obligations of the parties

and these matters are addressed in a separate "User Agreement / Terms of Use" document.

All activities related to the processing of personal data shall be evaluated only within the framework of applicable data protection legislation and the provisions of this Privacy Policy.

UPDATES

This Privacy Policy may be unilaterally updated by Folds Dijital Hizmetler Anonim Sirketi when deemed necessary due to legislative changes, application updates, or Company policies. The updated text shall enter into force on the date it is published through the Healyn application. The User's continued use of Healyn after the update means acceptance of the updated text.