Privacy Policy
This Privacy Policy explains how [COMPANY NAME], a company organised under the laws of Turkey (“CrossIQ”, “we”, “us”), collects, uses, shares, and protects your personal data when you use the CrossIQ app and website (the “Service”). We act as the data controller for the personal data described here.
We comply with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and, where applicable, the EU General Data Protection Regulation (“GDPR”) and other data-protection laws.
Contents
1. Data We Collect
| Category | Examples |
|---|---|
| Account & identity | A unique user ID, your sign-in method (including anonymous guest sessions and, where used, Sign in with Apple), and email address if you provide one. |
| Profile | Your display handle, any bio or editor details, and titles/achievements you earn. |
| Content you create | Topics you submit, puzzles you generate and choose to publish, and your solving attempts. |
| Gameplay & progress | Puzzle attempts, completion stats, streaks, achievements, and your hint-credit (“✦”) balance and ledger. |
| Community & safety | Reports you file, users you block, and account-deletion feedback you choose to share. |
| Notifications | If you enable reminders, a device push token and your reminder preferences. |
| Technical & usage | Device and app information, log data, approximate region inferred from IP, and diagnostic information needed to operate and secure the Service. |
| Purchases | Records of in-app purchases. Payment is processed by Apple; we do not receive your full payment-card details. |
2. Topics & AI Processing
When you create a puzzle, the topic text you enter is sent to one or more third-party artificial-intelligence providers to generate the words and clues. The specific provider or model used may change over time. We send only the topic text and the technical information required to generate a puzzle; we do not send your identity to the AI provider for this purpose beyond what is necessary to operate the feature.
Please avoid entering personal or sensitive information in topic fields, as generated content may be stored and, if you publish it, shown to other users.
3. How We Use Data
- To provide the Service: create and store your account, generate puzzles, save progress, run streaks, achievements, and hints.
- To enable community features: publishing, browsing, leaderboards, reporting, and blocking.
- To send notifications you have enabled, such as daily reminders.
- To moderate content and keep the community safe.
- To maintain, secure, debug, and improve the Service.
- To comply with legal obligations and enforce our Terms.
4. Legal Bases (KVKK / GDPR)
- Performance of a contract — to provide the Service you request.
- Legitimate interests — to secure, debug, improve, and protect the Service and our community, balanced against your rights.
- Consent — for optional features such as push notifications; you can withdraw consent at any time.
- Legal obligation — where we must process data to comply with applicable law.
5. Sharing & Service Providers
We do not sell your personal data. We share data only with service providers (processors) who help us run the Service, under appropriate agreements. We engage providers in the following categories:
| Category | Purpose |
|---|---|
| Cloud hosting & database | Storing your account and content, authentication, and running our backend. |
| Content delivery & security | Serving the website and app traffic securely and reliably. |
| Artificial-intelligence providers | Generating puzzles and clues from the topics you submit. |
| App platform (Apple) | App distribution, Sign in with Apple, push notifications, and in-app purchases. |
We may also disclose data where required by law, to protect our rights or users’ safety, or in connection with a merger, acquisition, or asset sale (with continued protection of your data).
6. International Transfers
Some of our providers are located outside Turkey and the EU/EEA, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards permitted under KVKK and the GDPR (such as standard contractual clauses and, under KVKK, explicit consent or other lawful transfer conditions).
7. Data Retention
We keep personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain data to comply with legal obligations, resolve disputes, or enforce our agreements. Content you published and that others have interacted with may persist in anonymised form.
8. Your Rights
Subject to applicable law, you have the right to: access your data; correct inaccurate data; delete your data; restrict or object to certain processing; data portability; and withdraw consent. Under KVKK, you also have the right to learn whether your data is processed, request information about processing, and request that third parties to whom data was transferred be notified of corrections or deletion.
You can delete your account and associated data directly in the app under Settings → Delete account. To exercise any other right, contact us at contact@crossiq.app. You also have the right to lodge a complaint with your local data-protection authority (in Turkey, the Kişisel Verileri Koruma Kurumu; in the EU, your national supervisory authority).
9. Children’s Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will take steps to delete it. Where a higher age of digital consent applies, that age governs.
10. Security
We use technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and database-level security rules. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the “Last updated” date and, for material changes, provide additional notice where appropriate.
12. Contact
Data controller: [COMPANY NAME], Turkey
Privacy contact: contact@crossiq.app