Privacy Policy

Last updated: 05.01.2026

This Privacy Policy for Palli Tech LLC ("Company"), explains which personal data we collect, store, use, and share ("process") when you engage with our services ("Services") in relation to Deep Cleaner application and/or its website ("Application"). This includes instances when you:

download, install, registering with, access or use the Application, and its services, or
interact with us in other related ways, such as through sales, support, or marketing activities.

This Privacy Policy further describes how and why we collect your personal data; how we intend to use, store, protect and share your personal data, and what are your rights and how to exercise them.

Summary of Key Points

This summary outlines the key highlights of our Privacy Notice. For more detailed information on any specific topic, please refer to the table of contents below to navigate to the relevant sections.

What personal data do we process? When you use our Services, we may process your personal information based on your interactions with us, the choices you make, and the products or features that you access. The personal data of users processed by the Company, in particular, are as follows:

your name and surname, e-mail address and phone number which we may receive if you contact the Company,
your Internet Protocol Address (IP address),
e-mail account information and related information if you allow us to access your inbox,
materials, files, documents, images, photos, visual records, videos, graphics, media, contact list, choices, any content, record and other input and data which you have uploaded or transmitted to the Application,
your order information if you make a purchase,
(if you give us permission) identifier for advertisers designated in your mobile device used in accessing our services (The Identifier for Advertisers-IDFA), identifier for vendors/developers designated your mobile device (The Identifier for Vendors-IDVF), and Google Advertising ID (GAID), identifier for Firebase analytics.

Do we process sensitive personal data? No, we do not process any sensitive personal data. Please do not share with us any content that might have any sensitive personal data.

How do we process your information? We mainly process your personal data to deliver, enhance, and manage our Services, facilitate communication with you, safeguard security, prevent fraud, and comply with legal obligations. Additionally, your data may be processed for other purposes with your explicit consent. All processing activities are conducted only in accordance with valid legal bases.

When do we share personal information? We only share your personal data with third parties only when necessary to deliver our Services, comply with legal obligations, protect our rights, or prevent fraud and security threats. This may include service providers, business partners, and legal authorities. All data sharing is carried out in compliance with applicable data protection laws and is subject to stringent safeguards to ensure the security of your personal data.

How do we keep your personal data secure? We implement administrative and technical measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, ensuring its security.

What are your rights? Depending on your region, you may have specific rights concerning your personal data. These rights may include the right to access, correct, delete, restrict processing, object to processing, and data portability. Additionally, you may have the right to withdraw your consent.

How can you exercise your rights? You can simply exercise your rights by reaching out to us directly. We will diligently review and address any request in compliance with applicable data protection laws.

1. The Data Controller and the Objective

Your personal data, which you provided/will provide to the Company, (see Section 10 for contact information), and/or obtained by our Company by any external means, may be processed by our Company as "Data Controller".

The Company aims to process the personal data of users in accordance with general principles of privacy and the provisions of the applicable data protection legislation to the relevant person, particularly Law on Personal Data Protection No. 6698 of Turkish Republic, ("PDP Law") and other applicable law and regulations.

We are committed to complying with this Privacy Policy in accordance with all applicable laws in each region in which we operate. To ensure compliance with regional legal requirements, we provide additional privacy notices for specific jurisdictions. Accordingly, where applicable, this Privacy Policy includes additional information regarding the European Union's General Data Protection Regulation (GDPR) (EU Regulation 2016/679). For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California residents, please scroll down to Section 12.

In accordance with this Privacy Policy, personal data are processed by the Company as a data controller in line with the basic principles named here: (i) being in accordance with law and good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate purposes, (iv) being limited for the purpose for which they are processed and data minimization; and (v) being stored for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

Capitalized terms in this Privacy Policy shall have the meanings specified in the Terms and Conditions unless defined separately in this Privacy Policy.

2. Collection of Personal Data and Method

The Company may process your following data for the purposes specified in this Privacy Policy.

Identity and Contact Information

When you contact us, such as via e-mail or our phone number, we may process your name, surname, phone number and e-mail address, (if relevant) other contact information and the content of your communication. If you contact us by post, we may additionally process your address if entailed in the communication.

Technical Information

When you visit, use or engage our Services, we may collect the following information from such use of our Services:

Usage Data: We may collect data on how you interact with our Services. This includes information about your access to and use of our Application, such as duration of the time spent on the Application, information on time and date of access, date/time stamps of your visit, visit data, screen recordings, the features you access, contents you view, searches, and actions you take within the Application, device event information (for example error reports), in-app/web purchase history.
Log Data: We may collect your log data generated while you are using our Services/Applications (through our products or third-party products). This log data includes internet traffic data, network movements, Internet Protocol ("IP") address, device name, device information, operating system version, visit data, (when website is used) browser type, version and settings, language preference, time zone, information about your use of Services, the configuration of the Application when utilizing our Service/Application, the time/date of your use of the Service/Application, and other statistics.
Device Information: We may collect data about the device you use to interact with our Services, including the device name, device ID, its model, its manufacturer, region information, device's operating system, device identifiers, hardware model.
Location Information: Please note that we may be able to determine the general area of your device's location when it interacts with our Services, based on the information associated with your IP address and the region information of the device.
Identifiers: unique user ID; and device token ID (particularly, if you allow us to send notifications through your device).

E-mail Account Information

We may ask for your permission to access your e-mail account in order to provide our services, when you are using the Application, such as to enable you to organize your inbox. You can choose not to allow us to access your e-mail account by either rejecting our access or later disabling such access in your mobile device settings. However, you may not be able to use essential features of our services if you choose to opt out. When you give us permission to access, we can access the following data, and read, compose, send and delete your emails.

E-mail account information: Google user ID, nickname, username, profile picture, user token, Open ID, phone number, e-mail address
Information related to e-mail account: e-mails, subject and header information, lists, other metadata related to e-mails.

Please note that we do not store any of your e-mails on our servers; activities to process these will be carried out on your device or your own cloud services only.

Important note: Google Workspace APIs are not used to develop, improve or train generalized AI and/or ML models.

User Content

We process the data that you provide when interacting with our Services, such as when you provide an Input to our Services.

This data includes materials, files, documents, images, photos, videos, visual and audio records, voice recording, graphics, media, choices, contact list and any content, input, record or data that you provide, upload, transmit, create, store, use, edit or share with or through the Application.
We may ask for your permission to access your device's photo file or gallery app or your preferred cloud services in order to provide our services, when you are using the Application, such as to generate output for photos you share (e.g., determining similar photos in your gallery). You can choose not to allow us to access your contact application (thereby the full contact list) photo file or gallery app or cloud services by either rejecting our access or later disabling such access in your mobile device settings. However, you may not be able to use essential features of our services if you choose to opt out.
Please note that we do not store any of your contact list, photos and videos (or images, materials, files, documents, visual records, graphics, media) on our servers; activities to process these will be carried out on your device or your own cloud services only.

Customer Transaction

We may collect order information directly from you, our marketing vendors or our payment processors.

This information includes order date, payment date, subscription type, billing period, billing document, payment amount, due amount, payment status and any associated transaction identifiers (e.g., billing id, your e-mail address). This information is used to process your orders, manage subscriptions, and ensure the proper handling of payments and subscriptions.
Please note that we do not collect your payment method details, such as your credit card number, as we do not directly process your payment.

Marketing Data

When you give us permission, we may collect your Usage Data; and an identifier for advertisers designated in your mobile device used in accessing our services (the Identifier for Advertisers-IDFA), an identifier for vendors/developers designated to your mobile device (the Identifier for Vendors-IDFV), Google advertising ID (GAID); identifier for Firebase analytics.

Explanation on the Source of Information

We may collect your above mentioned data directly from you through electronic or physical mediums, your device, your browser, third party applications or third party sources which you can access our application through these mediums such as Apple App Store, Google Play Store (similar platforms together with "App Stores"), or payment processors such as Paddle for the purposes of operation of our product, compliance with legal obligations, enhancing our services, administering your use of our services, as well as enabling you to enjoy and easily navigate our services.

Important Note: Google and Gmail API

The Company does not reach, collect, or store any of your personal data when you use Gmail API services through the Application.

If you access any Gmail services through the Company, we will only use access to:

Read, write, modify, or control Gmail message bodies (including attachments)
Access metadata, headers, and settings
Provide functionality that allows users to compose, send, read, and process emails

Since we do not store or process this data on our servers, we will not be able to transfer this Google user data to others.

No marketing use: It is not possible for the Company to use any Google user data obtained via Google APIs for marketing purposes such as serving ads, including retargeting, personalized, or interest-based advertising.

The Company's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Google API Services Usage Disclosure

Regardless of any other provisions in this Privacy Policy, if you grant us access to your Google data, our use of that information will be subject to the following additional restrictions:

We will only use access to read or manage Gmail messages, headers, and email content to provide an application that enables users to process (delete, move, archive, or unsubscribe from) emails. We will not share this Gmail data with third parties unless required to comply with applicable law.
We only use this access to let the user select among their e-mails to delete, identify frequent senders, delete the sender's e-mails and to create a filter to automatically remove future emails from the sender.
We will not use this Gmail data for advertising purposes.
We will not allow human access to this data unless we have your explicit consent for specific messages, it is necessary for security reasons such as investigating abuse, or to comply with applicable law.

The use of raw or derived user data received from Google Workspace APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. Purposes of Processing Personal Data and Legal Bases

Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law where it is expressly permitted by the laws, the establishment of a contract or direct relation to the execution or performance of the contract and for the legitimate interests of the Company provided that your fundamental rights and freedoms are protected, and in order to fulfil our legal obligations.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11.

a) Purposes of Processing Personal Data

Your personal data is processed for the following purposes in accordance with the general principles referred to above as well as the legal bases identified below:

execution of goods/services sales processes,
execution of agreement processes,
execution of company/product/service commitment operations,
operation of our product,
creating user accounts for the service recipients/application users,
conducting storage and archive activities,
execution of communication activities,
conducting after-sales support services for goods/services,
execution of activities in compliance with legislation,
execution/auditing of business activities,
execution of information security processes,
conducting audit/ethical activities,
conducting activities to ensure business continuity,
compliance with legislation and protection of persons' rights, privacy and safety,
providing information to authorized persons, institutions and organizations,
prevention of crimes and other illegal acts,
conducting activities for customer satisfaction,
customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment using our Services and improve our users' experience.

Additionally, if you give us explicit consent, your Marketing Data may be processed for conducting marketing analysis studies and executing advertising (including personalized advertisements)/campaign/promotion processes. Please note that the GAID will be collected and processed based on your explicit consent, only if you are based in a jurisdiction where such consent is required for the processing of the GAID (e.g. where PDP Law or GDPR applies).

If you give us explicit consent, your identity and contact information may be processed for communicating with you to send information about marketing and informing about new products, services and applications and delivering you information regarding advertisements and promotions.

Besides, the purposes of processing personal data may be updated in line with our obligations arising from our Company policies and legislation; in particular:

Carrying out digital subscription and in-app purchase processes of service recipients,
Carrying out the auto-renewable subscriptions for giving users access to content, services, or premium features in our Service,
Conducting the processes of finance and accounting transactions,
Carrying out strategic planning activities,
Following up on requests and complaints.

b) Purpose of Processing and Legal Basis

Purpose of Processing	Type of Personal Data	Legal Basis
Operation of our product, for example to provide outputs in response to user inputs or provide certain features to certain type of subscription models	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
Creating user accounts for the service recipients/application users	Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
Execution of goods/services sales processes (either via in-app purchases or through web purchases)	Identity and Contact Information, Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
Execution of agreement processes	Contact and Identity Information, Technical Information, Customer Transaction, User Content, E-mail Account Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
Execution of company/product/service commitment operations (including detecting and correcting technical defects)	Identity and Contact Information, User Content, E-mail Account Information, Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
Execution of communication activities (This only entails communication for the purpose of establishment of a contract with you or communication related to the operation of our product/Services. This does not entail communication for marketing purposes which is subject to explicit consent)	Identity and Contact Information, Customer Transaction, Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
Conducting after-sales support services for goods/services (for example, to carry out refund process or resolving technical defects that a user may experience)	Identity and Contact Information, Customer Transaction, Technical Information, E-mail Account Information, User Content	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
Conducting storage and archive activities	Contact and Identity Information, User Content, Technical Information, Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
Execution/auditing of business activities	Technical Information, Customer Transaction, User Content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting audit activities	Technical Information, Customer Transaction	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting activities to ensure business continuity	Technical Information, Customer Transaction	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Conducting activities for customer satisfaction	Technical Information, Customer Transaction, E-mail Account Information, User Content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment using our Services and improve our users' experience (this does not include processing to train AI models)	Technical Information, Customer Transaction, E-mail Account Information, User Content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Execution of activities in compliance with legislation	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	Conditions that are necessary in order to fulfil our legal obligation
Compliance with legislation and protection of persons' rights, privacy and safety	Contact and Identity Information, Technical Information, Customer Transaction, E-mail Account Information, User Content	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks.
Execution of information security processes	Technical Information	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks.
Providing information to authorized persons, institutions and organizations	Contact and Identity Information, Technical Information, Customer Transaction, E-mail Account Information, User Content	Conditions that are necessary in order to fulfill our legal obligation
Prevention of crimes and other illegal acts	Contact and Identity Information, Technical Information, Customer Transaction, E-mail Account Information, User Content	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks.

In addition to the above purposes, the following personal data may be processed for the following purposes in accordance with your explicit consent.

If you give us explicit consent (acquired via Apple and/or Google and/or within the App), your Marketing Data may be processed for conducting marketing analysis studies and execution of advertising (including personalized advertisements)/campaign/promotion processes.
If you give us explicit consent (acquired when you opt-in for marketing communication), your Identity and Contact Information may be processed for communicating with you to send information about services, products, and applications and delivering you information regarding advertisements, promotions and other marketing communication.

4. Third Party Websites/Applications, Cookies and Notifications

The Application may contain links to other websites or apps that are unknown to the Company and whose content is not controlled. These linked websites or apps may contain terms and conditions other than the Company texts. The Company cannot be held responsible for the use or disclosure of information that these websites or apps may process. Likewise, the Company shall not have any responsibility for any links from other sites or apps provided to the Application owned by the Company.

We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we're collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

While using the Application, you may provide information through third party websites and apps to the Company, please be aware that your liability and obligations against third party apps or websites will continue and the Company shall not be held responsible for any terms, conditions, rules or policies determined by third parties.

Cookies

Cookies are little text files that are stored on the browser or hard drive of your computer or mobile device when you visit a webpage. Cookies allow a website to run more efficiently in addition to ensuring the presentation of personalized web pages in order to make you live a faster visit experience which is more fit for your specific personal needs and demands. Containing only data on your website visit history via the internet, cookies do not collect any information, including your personal data/files stored on your computer or mobile device. We may use cookies when it is necessary for operating our Services, to enhance our Service performance and functionality, and to deliver content, including ads relevant to your interests, on our sites, or third-party sites. You can delete cookies which are already present on your computer and prevent the recording/location of cookies on your internet explorer.

Internet browsers are predefined to automatically accept the cookies as default. As the management of cookies varies from browser to browser, you may look at the help menu of the browser or application to get detailed information. Please refer to our Cookie Policy.

Push Notifications

The Company may occasionally send you push notifications via its mobile applications or website regarding Application upgrades or notifications about our Services. You can always edit such communication and notifications through the settings on your device and stop receiving such communications and notifications.

5. Data Storage

Your data will be stored for the duration specified in the applicable legislation or until the purpose of processing ceases to exist.

The Company may continue to store your personal data, even after the expiry of the purpose of its use provided that it is required by other laws or separately a consent is granted by you in this regard.

In cases that you allow the Company to store your personal data for additional time by giving your consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such additional time or once the consent is withdrawn.

Additionally, your data may be further stored even after the fulfilment of the purpose of processing on the legal basis of the necessity of the establishment, execution and protection of our legal rights until the end of legal limitation periods (in jurisdictions where the GDPR applies, the storage is based on our legal interests).

6. Technical and Administrative Measures

The Company stores the personal data it processes in accordance with relevant legislation for periods stipulated in relevant legislation or required for the purpose of processing. The Company undertakes to take all necessary technical and administrative measures and to take the due care to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, modification or destruction of data.

Accordingly, the Company takes the following technical and administrative measures regarding the personal data it processes:

Anti-virus application. On all computers and servers in the Company's information technology infrastructure, a periodically updated anti-virus application is installed.
Firewall. The data center and disaster recovery centers hosting the Company servers are protected by periodically updated software-loaded firewalls; the relevant next generation firewalls control the internet connections of all staff and provide protection against viruses and similar threats during this control.
VPN. Suppliers can access the Company servers or systems through SSL-VPN defined on Firewalls. A separate SSL-VPN identification has been made for each supplier; with the identification made, the supplier only provides access to the systems that it should use or is authorized to use.
User identifications. The Company employees' authorization to the Company systems is limited only to the extent necessary by job descriptions; in case of any change of authority or duty, systemic authorizations are also updated.
Information security threat and event management. Events that occur on the Company servers and firewalls, are transferred to the "Information Security Threat and Event Management" system. This system alerts the responsible staff when a security threat occurs and allows them to respond immediately to the threat.
Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through environments encrypted with cryptographic methods and cryptographic keys are stored in secure and various environments.
Logging. All transaction records regarding sensitive data are securely logged.
Two-factor authentication. Remote access to sensitive data and registration/creation of an account is allowed through at least two-factor authentication.
Penetration test. Periodically, penetration tests are performed on servers in the Company system. The security gaps created as a result of this test are closed and a verification test is performed to show that the relevant security gaps have been closed. Besides, the Information Security Threat and Event Management System automatically performs penetration tests. Test results are recorded.
Information Security Management System (ISMS). At the ISMS meetings made within the Company, the topics contained in the control forum are audited monthly by the director of information technology and the director of financial operations.
Training. In order to increase the awareness of the Company employees against various information security violations and to minimize the impact of the human factor in information violation incidents, training is provided to employees at regular intervals.
Physical data security. It ensures that personal data on papers is necessarily stored in lockers and accessed only by authorized persons. Adequate security measures (for situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature of the environment where sensitive data is stored.
Backup. Company periodically backs up the data it stores. As a backup mechanism, it uses the backup facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops when deemed necessary, provided that it is in compliance with relevant legislation and provisions of this Policy.
Non-disclosure agreement. Non-disclosure agreements are concluded with employees taking part in sensitive personal data processing.
Transfer of sensitive personal data. If transfer of sensitive personal data is required through email; such transfer is done through (i) encrypted corporate email or (ii) Registered Email.

In the event that the personal data is damaged as a result of attacks on the Application or on the Company system, despite the Company taking the necessary information security measures, or the personal data is obtained by unauthorized third parties, the Company notifies this situation to Users immediately and, if necessary, to relevant data protection authority and takes necessary measures.

7. Age Limitation

We do not permit the use of our application by children under the age of 16.

We do not knowingly collect or process personal data from anyone under the age of 16. If you learn that someone under the age of 16 has provided us with personal information, please contact us via email.

Users under 18 must have permission from their parents or legal guardians to use our Services.

8. Transferring Personal Data to Third Parties

The procedures and principles to be applied for transferring of personal data are regulated in articles 8 and 9 of the PDP Law, and the personal and special categories of data of the supplier may be transferred to third parties within the country or abroad since we may use servers and cloud systems located abroad.

We implement the following mechanisms to ensure your data is transferred abroad securely and in accordance with applicable data protection laws:

We rely on the Standard Contractual Clauses as issued by the Turkish Data Protection Authority pursuant to Article 9/4)(c) of the PDP Law.

Your following personal data may be transferred abroad to our service providers on the legal bases explained above (Section 3.b.) and in the respective Standard Contractual Clauses, for the following purposes:

Your Technical Information, Identity and Contact Information, Customer Information, and User Content for the purpose of conducting storage and archive activities (including cloud services and database services) that are required to maintain our operations.
Your E-mail Account Information for the purpose of authentication of user accounts that is required to maintain our operations.
Your Technical Information for the purposes of correction of technical specifications, technical errors and defects that are required to maintain our operations.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, Adjust and Firebase Analytics, which are embedded into our service) for the purpose of conducting marketing analysis studies and execution of advertising (including personalized advertising)/campaign/promotion processes.

We may have to share personal information with authorized public institutions and organizations, and judiciary bodies for the purpose of complying with our legal obligations and requirements on the legal basis that it is necessary in order to fulfill our legal obligation.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For individuals in California please scroll down to Section 12.

9. Your Rights as the Data Subject

Pursuant to Article 11 of the PDP Law, you may request from the Company the exercise of the following rights regarding your personal data:

Learn whether or not your personal data have been processed.
Demand for information as to if your personal data have been processed.
Learn the purpose of the processing of personal data and whether data are used in accordance with their purpose.
Know the third parties in the country or abroad to whom your personal data have been transferred.
In case the personal data is processed incompletely or inaccurately, request notification of the transactions made under this scope to third parties to whom personal data have been transferred.
Request deletion, destruction or anonymization of personal data if the reasons for the processing have disappeared and request notification of the transactions made under this scope to third parties to whom personal data have been transferred.
Object to the occurrence of any result that is to your detriment by means of the analysis of personal data exclusively through automated systems.
Request compensation for the damages in case you incur damages due to unlawful processing of your personal data.
Right to withdraw explicit consent from processing data based on explicit consent at any time.

In the request where you outline your rights as a data subject and specify the rights you wish to exercise, your request must be clear and understandable. If your request pertains to your own personal data or if you are acting on behalf of another individual, you must be specifically authorized to do so, and such authorization must be properly documented. Additionally, the application must include your identity and address details, and supporting documents verifying your identity must be attached.

Our Company will enable you to file such requests via email. In accordance with Article 13 of the PDP Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest, depending on the nature of the request. In case the request is rejected, the reason or reasons for the rejection will be notified in writing or electronically along with its justification.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For individuals in California please scroll down to Section 12.

10. Contact Information

If you have any questions or comments regarding this Privacy Policy that is not covered here or if you have any request or would like to exercise your rights, you may contact us via the following email address or by post at the following Company address:

Company Title:	Palli Tech LLC
Address:	5830 E 2ND St Ste 7000, Casper Wyoming 82609-4308, USA
E-mail:	contact@palli.ai
Tel:	+16102347214

11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland

Where General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal Act on Data Protection is applicable, for a complete understanding of our data practices, please read this privacy notice together with our Privacy Policy outline above.

Purposes of Processing Personal Data and Legal Bases

Your personal data may be processed for the following purposes on the following legal bases.

Purpose of Processing	Type of Personal Data	Legal Basis
Creating and maintaining user accounts	Technical Information	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Providing, analyzing and maintaining our Services with all features and functionalities (such as to provide outputs in response to user inputs or provide certain features to certain type of subscription models and conducting archive and storage activities). This includes personalizing the features and functionalities of the service.	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Administering and operating our business including purposes such as managing subscriptions, troubleshooting the technical defects and issues.	Identity and Contact Information, Technical Information, User Content, Customer Transaction	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Communicating with you, including to send you information about your subscription, and other requests (this does not include communication for marketing purposes).	Identity and Contact Information, Customer Transaction, Technical Information	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Conducting after-sales support for goods and services, including manage refund processes, assisting you to manage a technical defect, responding to your inquiries	Identity and Contact Information, Customer Transaction, Technical Information, E-mail Account Information, User Content	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Conducting activities to ensure business continuity and user satisfaction as well as improving our services (this does not include processing to train AI model)	Customer Transaction, Technical Information, E-mail Account Information, User Content	Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
Complying with legal and regulatory obligations	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	Processing is necessary for compliance with a legal obligation to which the controller is subject.
Ensuring safety and security, preventing fraud and unlawful activities, and protect against the misuse of our Services.	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	Processing is necessary for compliance with a legal obligation to which the controller is subject; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests.
Protecting the rights, privacy, safety, or property of our users, Company, or third parties	Identity and Contact Information, Technical Information, E-mail Account Information, User Content, Customer Transaction	Processing is necessary for compliance with a legal obligation to which the controller is subject; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests.
Auditing of business activities	Technical Information, User Content, Customer Transaction	Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

In addition to the above purposes, we will only process the following personal data with your consent. You may withdraw your consent at any time by contacting us via email or as stated below. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you give us consent (acquired via Apple and/or Google and/or within the App), your Marketing Data may be processed for conducting marketing analysis studies and execution of advertising (including personalized advertising)/campaign/promotion processes. You can withdraw consent through settings of your account.
If you give us consent (acquired when you opt-in for marketing communication), your Identity and Contact Information may be processed for communicating with you to send information about services, products, and applications and delivering you information regarding advertisements, promotions and other marketing communication. You can withdraw your consent by clicking on "unsubscribe" link in the e-mail that is sent to you or by following the procedure specified in the communication.

Transferring Personal Data to Third Parties

We implement the following mechanisms to ensure compliance with applicable data protection laws when transferring Personal Data outside the European Economic Area (EEA), Switzerland, or the United Kingdom (UK):

Adequacy Decisions: We rely on adequacy decisions issued by the European Commission in accordance with Article 45(1) of the GDPR, when transferring Personal Data to countries that have been deemed to provide an adequate level of data protection.
Standard Contractual Clauses (SCCs) & Supplementary Measures: For transfers to jurisdictions not covered by an adequacy decision, we implement the Standard Contractual Clauses as adopted by the European Commission under Article 46(2)(c) of the GDPR. We also apply additional safeguards where necessary, such as: encryption of personal data in transit & at rest, data minimization & anonymization where possible, technical access controls to limit third-party access, ongoing Transfer Impact Assessments (TIA) to monitor local laws.
Binding Corporate Rules (BCRs): Where applicable, we rely on Binding Corporate Rules (BCRs) as approved by the competent supervisory authority in accordance with Article 46(2)(b) and Article 47 of the GDPR.

Your following personal data may be transferred abroad to our service providers on the legal basis explained above for the following purposes:

Your Technical Information, Contact and Identity Information, Customer Information, User Content for the purpose of conducting storage and archive activities (including cloud services and database services) that are required to maintain our operations.
Your E-mail Account Information for the purpose of authentication of user accounts that is required to maintain our operations.
Your Technical Information for the purposes of correction of technical specifications, technical errors and defects that is required to maintain our operations.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, Adjust and Firebase Analytics which are embedded into our service) for the purpose of conducting marketing analysis studies and execution of advertising (including personalized advertising)/campaign/promotion processes.

Your Rights Regarding Data Transfers

You have the right to request a copy of the safeguards applied (e.g., SCCs, BCRs) by contacting us via email.
If you believe your data has been transferred unlawfully, you can lodge a complaint with your local data protection authority or the European Data Protection Supervisor (EDPS).

Your rights as the Data Subject

Under the GDPR, you have the following rights:

Right of Access (Article 15 GDPR) - You can request a copy of your personal data and information about how we process it.
Right to Rectification (Article 16 GDPR) - You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17 GDPR) - You can request deletion of your personal data under certain circumstances.
Right to Restriction of Processing (Article 18 GDPR) - You can request that we limit how we use your data.
Right to Data Portability (Article 20 GDPR) - You can request your data in a structured, commonly used format.
Right to Object (Article 21 GDPR) - You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Article 7 GDPR) - You can withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint - You have the right to lodge a complaint with your local data protection authority.

12. For California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which the information is collected, the purpose for collecting the information, and the categories of third parties with whom we share the information.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
Right to Opt-Out: You have the right to opt-out of the sale or sharing of your personal information for cross-context behavioral advertising purposes.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, please contact us at contact@palli.ai.