Privacy Policy

Overview

KapsulAI ("we," "us," or "our") is a Turkey-based digital health company operating the KapsulAI mobile application ("App") and related services (collectively, the "Service"). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy applies to all information collected through our App, as well as any related services, marketing, and events. It explains what data we collect, why we collect it, how it is used, and your rights in relation to it.

By using KapsulAI, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of our Services.

1. Information We Collect

We collect only the information necessary to provide you with a safe, functional, and personalized experience. We do not collect information for advertising purposes or sell your personal data.

1.1 Information You Provide Directly

• Account Information: When you register, we collect your name, email address, and password. You may optionally provide a date of birth and gender.
• Medication Data: Medications you add to your profile, including drug names, dosages, frequencies, and start/end dates.
• Health Profile Data: Chronic conditions you voluntarily enter (e.g., diabetes, hypertension), your BMI (height and weight), and allergy information — all entered at your discretion.
• User Communications: Messages or feedback you send us via in-app support or email.

1.2 Information Collected Automatically

• Device Information: Device model, operating system version, unique device identifiers, mobile network carrier.
• Usage Data: Features accessed, session duration, interaction patterns, crash reports, and error logs.
• Log Data: IP address, access timestamps, App version number.
• Installation ID: A randomly assigned identifier assigned upon App installation; used to maintain session continuity.

1.3 Location Information

We request access to your device location only to power the Duty Pharmacy Finder feature. Location data is used in real-time only, is not stored on our servers beyond the immediate request, and is never shared with third parties for advertising. You may deny this permission without affecting core App functionality.

1.4 Camera Access

We request camera access solely for our Pill Recognition feature (photo-based drug identification). Photos taken for this purpose are processed locally on your device or transmitted to our recognition engine and immediately discarded. They are not stored or used for any other purpose.

1.5 Information We Do NOT Collect

• Payment card or bank account numbers (we do not process payments directly; all in-app purchases are handled by Apple App Store or Google Play)
• Contacts, call logs, or SMS data
• Social media credentials or profiles
• Biometric identifiers (fingerprint, face data)
• HealthKit or Google Health Connect data in the current version

2. How We Use Your Information

We do not use your personal or health data for targeted advertising, profiling for commercial purposes, or sale to third parties.

3. Legal Basis for Processing (GDPR)

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary to provide the Service you have signed up for, including account management, medication tracking, and interaction analysis.
• Explicit Consent (Art. 6(1)(a) and Art. 9(2)(a)): Processing of special category health data (medications, chronic conditions, BMI) is performed solely on the basis of your freely given, specific, and informed consent. You may withdraw this consent at any time without affecting the lawfulness of prior processing.
• Legitimate Interests (Art. 6(1)(f)): Processing for security monitoring, fraud prevention, App analytics, and service improvement, where such interests are not overridden by your rights.
• Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable Turkish, EU, or other applicable laws.

For users located in Turkey, all processing is conducted in accordance with the Law on the Protection of Personal Data (KVKK, Law No. 6698), including required explicit consent for processing of special category data under Article 6.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including cloud hosting, analytics, customer support tools, and email delivery. These providers are contractually bound to process your data only as instructed by us and in compliance with this Privacy Policy and applicable data protection laws.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request), or to protect the rights, property, or safety of KapsulAI, our users, or others.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the App before your personal data becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records, litigation holds).

6. Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption of data at rest;
• TLS 1.3 encryption for data in transit;
• Regular security audits and penetration testing;
• Role-based access controls and least-privilege principles;
• Secure software development lifecycle practices;
• Incident response and breach notification procedures.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. If you have reason to believe that your account is no longer secure, please contact us immediately at security@kapsulai.com.tr.

7. International Transfers

KapsulAI is based in Turkey. Your personal data may be transferred to, stored, and processed in Turkey or other countries where we or our service providers operate.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any international data transfers comply with GDPR requirements through the use of:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• Adequacy decisions (where applicable);
• Other lawful transfer mechanisms as recognized under GDPR Article 46.

By using the Service, you consent to the transfer of your information to Turkey and other jurisdictions as described in this Privacy Policy.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 GDPR Rights (EEA, UK, Switzerland Users)

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: File a complaint with your national data protection authority.

8.2 KVKK Rights (Turkey Users)

Under Turkish Law No. 6698, you have the right to:

• Learn whether your personal data is being processed;
• Request information regarding processing if it has been processed;
• Learn the purpose of processing and whether data is used in accordance with that purpose;
• Know the third parties to whom your data is transferred domestically or abroad;
• Request correction of incomplete or inaccurate data;
• Request deletion or destruction of your data under conditions set forth in Article 7 of KVKK;
• Request notification of correction, deletion, or destruction to third parties to whom your data has been transferred;
• Object to negative consequences arising from automated processing of your data;
• Claim compensation for damages arising from unlawful processing.

8.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@kapsulai.com.tr with the subject line "Data Subject Rights Request." We will respond within 30 days (GDPR) or 30 days (KVKK) of verifying your identity. In certain cases, we may extend this period and will inform you of the reasons for the delay.

To verify your identity, we may request government-issued identification or other information. We will not charge a fee for processing your request unless it is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse the request.

9. Children's Privacy

KapsulAI is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If you are between 13 and 17 years of age, you may use the Service only with the verifiable consent and supervision of a parent or legal guardian.

If we become aware that we have inadvertently collected personal data from a child under 13 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 13, please contact us immediately at privacy@kapsulai.com.tr.

10. Analytics and Tracking Technologies

We use analytics and tracking technologies to understand how users interact with the Service, improve functionality, and diagnose technical issues. These technologies include:

10.1 Cookies and Local Storage

We do not use cookies in the mobile App. Our web-based interfaces may use essential cookies for session management and authentication. You may disable cookies through your browser settings, though this may affect functionality.

10.2 Analytics Tools

We may use third-party analytics services to collect anonymized or pseudonymized usage data, including:

• Pages/screens viewed and features used;
• Time spent in the App;
• Device type, operating system version, and App version;
• Crash reports and performance metrics.

These analytics providers operate under their own privacy policies. We configure these tools to minimize data collection and anonymize data where possible.

10.3 Opting Out

You may opt out of analytics tracking by enabling "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android) in your device settings. Note that KapsulAI does not use analytics data for advertising purposes; this setting affects system-level tracking.

11. Account Deletion

You have the right to delete your KapsulAI account at any time. To do so:

1. Open the KapsulAI App;
2. Navigate to Settings → Account;
3. Select "Delete My Account";
4. Confirm your decision.

Upon account deletion:

• All personal data, including medication lists, health profiles, and account information, will be permanently deleted within 30 days;
• Anonymized usage data may be retained for analytics purposes;
• Data required to be retained by law (e.g., billing records for tax compliance) will be retained for the minimum legally required period;
• You will receive a confirmation email once deletion is complete;
• Deletion is irreversible and you will need to create a new account to use the Service again.

If you encounter any issues deleting your account, contact us at privacy@kapsulai.com.tr and we will assist you.

12. Medical Disclaimer

This Privacy Policy relates solely to data protection and privacy practices. For important disclaimers regarding the medical and informational nature of the Service, please refer to our Terms of Use.

KapsulAI is not a medical device, does not provide medical advice, and is not a substitute for professional healthcare. All health-related decisions should be made in consultation with a qualified healthcare provider.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page;
• Notify you via email to your registered email address;
• Display a prominent in-App notification prompting you to review the updated Privacy Policy.

For changes that materially affect how we collect, use, or share your personal data, we will obtain your explicit consent where required by applicable law. Continued use of the Service after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: