Privacy Policy and Personal Data Notice

TourismGO

Last Updated: November 29, 2025

1. Purpose

Zerone Labs Teknoloji Anonim Şirketi ("Zerone Labs" or "Company") processes users' personal data in accordance with Law No. 6698 on the Protection of Personal Data ("KVKK") and other applicable legislation, as well as general privacy principles. These principles also regulate the additional rights of individuals when the General Data Protection Regulation (EU) 2016/679 applies.

Personal data you provide/will provide to our Company and/or obtained by our Company through any external means may be processed by our Company as the "Data Controller" in the following ways:

• Within the scope of the purpose of processing your personal data and in a limited and proportionate manner related to this purpose,
• While maintaining the accuracy and current state of personal data as reported or notified to our Company,
• Such personal data may be recorded, stored, preserved, reorganized and transferred to institutions authorized to request such personal data by law; shared with third parties domestically or abroad with your explicit consent within the scope of the provisions of the legislation and when necessary, and may be processed in other ways listed in the legislation and subjected to other transactions specified in the legislation.

This Privacy Policy is used to ensure that activities carried out by Zerone Labs are conducted and improved in accordance with the principles specified in the KVKK.

This Privacy Policy explains what data we collect, how we plan to use, store, protect and share the data we collect, how you can withdraw your consent for the processing of this data, and how you can correct and revise data.

2. Collection and Method of Personal Data

Zerone Labs may process your personal data for the purposes specified in this Privacy Policy.

Personal data of users collected and used by Zerone Labs include: your name and surname, email address and phone number when you contact Zerone Labs, your order information if you make a purchase through in-app purchases, messages, sentences, texts, information, photos, images, videos, visual and audio recordings, voice recordings and other data you upload or transfer to the TourismGO application (TourismGO); if you choose to register, profile information or social media information, identifier for advertisers (IDFA) specified on your mobile device used to access our services, identifier for vendors/developers, identifier for vendors/developers (IDFV) specified on your mobile device, Internet Protocol Address-IP Address, and (if you have given permission) geographical location information.

Data Categories and Data Types

Category	Data Type
Identity and Contact Information	Name, surname, phone number, email address
User Transaction Information	In-app messages, chat history, search queries, AI conversations, voice commands
Visual and Audio Records	Profile photo, photos uploaded in-app, voice recordings
Location Information	GPS coordinates, city/country information, visited places
Transaction Security Information	IP address, device ID (IDFA, IDFV), session information, security logs
Financial Information	Purchase history, subscription information, payment method (processed via RevenueCat)
Profile and Social Media Information	Username, preferred language, social media account information (Google/Apple Sign-In)

Methods of Data Collection

• In-app registration form
• Google and Apple Sign-In (OAuth)
• Automatically collected data during app usage
• Customer support communications
• RevenueCat integration (subscription management)
• Google Maps API (location and place information)
• OpenAI API (AI chat and text-to-speech)

3. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

• Providing services offered by the TourismGO application
• Creating and managing user accounts
• Providing personalized travel recommendations
• Providing AI-based tour guide services
• Location-based cultural and historical place recommendations
• Managing subscription and payment transactions
• Providing customer support services
• Ensuring application security
• Fulfilling legal obligations
• Statistical analysis and service improvement
• Troubleshooting technical issues

4. Storage and Security of Personal Data

Zerone Labs takes the following measures to ensure the security of your personal data:

Technical Security Measures

• Encryption: Personal data is encrypted during transmission using SSL/TLS protocols
• Secure storage: Data is securely stored on AWS (Amazon Web Services) servers
• Access control: Access to personal data is limited to authorized personnel
• Password policies: User passwords are stored in hashed format
• Regular backups: Regular backups are performed to prevent data loss
• Security testing: Regular security tests and updates

Data Retention Periods

• User account information: While account is active + 1 year
• Chat history: Until deleted by user
• Transaction logs: 2 years
• Financial records: Legal retention periods (10 years)
• Customer support records: 3 years

Despite Zerone Labs taking necessary information security measures, in case of damage to your personal data or unauthorized access to such personal data as a result of attacks on TourismGO or Zerone Labs systems, Zerone Labs will immediately notify Users and, if necessary, the relevant data protection authority and take necessary measures.

5. Age Restriction

We do not allow our application to be used by children under the age of 16.

We do not knowingly collect or process personal data from anyone under the age of 16. If you become aware that someone under the age of 16 has provided us with personal information, please contact us at support@tourismgo.app. Users under 18 years of age must obtain consent from their parents or legal representatives to use our Services.

6. Transfer of Personal Data to Third Parties

The procedures and principles to be applied for the transfer of personal data are regulated in Articles 8 and 9 of the KVKK. Since we may use servers and cloud systems located abroad, personal and special categories of data may be transferred to third parties domestically or abroad.

Your personal data may be transferred abroad for the following reasons:

• Conducting storage and archiving activities
• Conducting business activities
• Providing after-sales support services
• Conducting customer relationship management processes
• Correcting technical features, technical errors and malfunctions
• Providing AI-based services (OpenAI API)
• Providing map and location services (Google Maps API)

Third Parties with Whom Data is Shared

Zerone Labs may transfer your personal data to our Company's service providers and the following third parties integrated into our service:

• OpenAI: AI chat, text generation and voice assistant services
• Google Maps Platform: Location services, place search and map services
• RevenueCat: Subscription management and in-app purchases
• Firebase (Google): Authentication, notifications and analytics
• Apple Sign-In: Login service for iOS users
• AWS (Amazon Web Services): Server and data storage

Compliance activities:

• Sharing identity, communication and transaction security information with authorized public institutions and organizations to conduct compliance activities
• Monitoring and conducting legal affairs
• Informing authorized persons, institutions and organizations
• Sharing identity and communication information to manage after-sales support services, conduct business activities and manage customer relationship management processes

7. Your Rights as a Data Subject

In accordance with Article 11 of the KVKK, you can request the following regarding your personal data by applying to Zerone Labs:

• Learn whether your personal data is being processed
• If your personal data has been processed, request information about it
• Learn the purpose of processing your personal data and whether they are used in accordance with this purpose
• Learn the third parties to whom your personal data is transferred domestically or abroad
• In case personal data is processed incompletely or incorrectly, request that the operations carried out in this scope be notified to third parties to whom personal data is transferred
• Request deletion, destruction or anonymization of personal data when the reasons for processing cease to exist, and request that the operations carried out in this scope be notified to third parties to whom personal data is transferred
• Object to a result against yourself arising solely through the analysis of processed data by automated systems
• Request compensation for damages if you suffer damage due to unlawful processing of your personal data

GDPR Rights (For EU Citizens)

When the General Data Protection Regulation (GDPR) applies, data subjects have the following rights:

• Right of access: Learn whether personal data is being processed and, if so, access your personal data and information about the processing of your personal data
• Right to rectification: Request correction of information you believe is incorrect or completion of information you believe is incomplete by Zerone Labs
• Right to erasure: Request deletion of personal data within the conditions stipulated in GDPR
• Right to restriction of processing: Request restriction of processing of personal data within the conditions stipulated in GDPR
• Right to object to processing: Object to the processing of personal data within the conditions stipulated in GDPR
• Right to data portability: Request transfer of data collected by Zerone Labs directly to another organization or under certain conditions
• Object to a result against yourself arising from the analysis of processed data, including profiling, exclusively through automated systems

How Can You Exercise Your Rights?

In your application containing statements regarding the rights mentioned above that you have and wish to exercise as a data subject:

• Your request must be clear and understandable
• If the subject of your request concerns you or if you are acting on behalf of someone else, you must have special authority on this matter and your authority must be documented
• The application must include identity and address information and documents proving your identity must be attached to the application

Our Company will enable you to submit such requests via the "Data Subject Application Form" at support@tourismgo.app.

Our Company will finalize your requests free of charge within a maximum of 30 (thirty) days depending on the nature of your request, in accordance with Article 13 of the KVKK. In case of rejection of the request, the reason(s) for rejection will be notified in writing or electronically together with the justification.

If you believe that we or anyone to whom we have transferred your data has violated your rights, you may file a complaint with the data protection authority in your country and other competent supervisory authorities.

8. Cookies and Tracking Technologies

The TourismGO application may use cookies and similar technologies for the following purposes:

• Session management: Maintaining user sessions
• Preferences: Remembering language, theme and other application preferences
• Analytics: Collecting application usage statistics (Firebase Analytics)
• Performance: Monitoring and improving application performance

9. Third Party Service Privacy Policies

TourismGO uses the following third-party services. These services have their own privacy policies:

• OpenAI: https://openai.com/privacy
• Google Maps Platform: https://policies.google.com/privacy
• RevenueCat: https://www.revenuecat.com/privacy
• Firebase (Google): https://firebase.google.com/support/privacy
• Apple: https://www.apple.com/legal/privacy

10. Changes to Privacy Policy

This Privacy Policy may be revised by our Company when deemed necessary. If you continue to access TourismGO and use TourismGO without benefiting from the Services provided by Zerone Labs after the notice period, you will be deemed to have consented to changes in this Privacy Policy.

When significant changes are made, users will be notified via in-app notification or email.

11. Contact and Application

For questions about the Privacy Policy or your personal data, you can contact us:

---

© 2025 Zerone Labs Teknoloji Anonim Şirketi. All rights reserved.
Last updated: November 29, 2025