← anice

Privacy Policy & KVKK Disclosure

Last updated: 25 June 2026

This text is in effect; it is reviewed periodically by our legal counsel in line with updates to applicable legislation.

1. Data Controller

This disclosure has been prepared by anice (the "Company"), acting as data controller under the Turkish Personal Data Protection Law No. 6698 ("KVKK"), regarding personal data processed through the anice application and the anice.io website (the "Service"). Contact: contact@anice.io

2. Personal Data Processed

The following personal data is processed within the scope of the Service:

  • Identity and contact: full name (display name), phone number, email address (optional), profile photo.
  • Data relating to your child: name, date of birth or estimated due date, gender, profile photo, and the memory content you add (photo, video, audio, text). This data is processed only with your (parent/guardian) explicit consent and upload.
  • Family sharing: the family members you invite and their access roles (Owner/Contributor/Viewer), and content access records.
  • Order data: for printed memory book orders, the delivery name, phone, and address.
  • Transaction security: session logs, device/push notification tokens, IP address (security logs), service usage records.
  • Location (optional only): if you explicitly choose to share your device location when adding a memory, an approximate coordinate (latitude/longitude) and/or a coarse place label (e.g. province/district) is attached to the memory. This feature is off by default and works only for the memories you permit at that moment; you can turn it off at any time. Coordinates are private to you, stored encrypted separately from other fields on the server, and are never included in anonymous link shares. In an anonymous share, only the coarse place label you chose to share may be visible.

Location data embedded in photos (EXIF GPS) is removed before being saved to our servers. Your device location is accessed only when you explicitly enable this feature while adding a memory and grant the device/operating-system permission; otherwise your location is not read.

3. Purposes of Processing and Legal Grounds

  • Creating your account and authenticating you (KVKK art. 5/2-c: establishment and performance of a contract).
  • Providing memory storage, family sharing, and reminder features (art. 5/2-c, and for children's data art. 5/1: explicit consent).
  • If you choose to add location to a memory, processing the location data (coordinate and/or coarse place label) (art. 5/1: explicit consent; off by default, you may withdraw it at any time).
  • Preparing and delivering printed book orders (art. 5/2-c).
  • Ensuring service security, preventing misuse, and meeting legal obligations (art. 5/2-a, 5/2-ç, 5/2-f).
  • Promotional/informational messages subject to your explicit consent (art. 5/1; you may withdraw it at any time).

4. Parties to Whom Data Is Transferred

Your data is not sold or shared with third parties for advertising purposes. The following limited transfers are made to provide the Service:

  • Hosting and storage: Amazon Web Services (AWS) — servers are in the Frankfurt, Germany (eu-central-1) region. Data is encrypted in transit (TLS) and at rest (AES-256).
  • Notifications: Expo (USA) for push notifications; Meta Platforms (WhatsApp Business API) if you use the WhatsApp notification/reply feature.
  • Error tracking: Sentry (technical error logs only; no personal content is sent).
  • Print service: for printed book orders, only the content subject to the order and the delivery information are transmitted to the contracted print provider.
  • Social sign-in: if you choose to sign in with Apple or Google, authentication information is shared with the relevant provider (USA).
  • Authorized public authorities: only where legally required.

Because the servers are located abroad, your personal data is transferred abroad within the scope of KVKK art. 9. This transfer relies on the explicit consent obtained at registration and/or the safeguards (standard contract) provided under KVKK art. 9.

5. Retention Periods

  • Account and content data: retained for as long as your account is active. After your deletion request is processed, your data is removed from all systems, including automatic backups, within 30 days at the latest (production database backups are kept on a 14-day cycle; once that period elapses, deleted data is also purged from backups).
  • One-time login codes (OTP): deleted within 24 hours at the latest after verification.
  • Notification and content access records: up to 12 months; admin audit logs up to 24 months.
  • Expired/revoked session records: deleted 30 days after expiry.
  • Temporary (signed) links generated for downloading your data (KVKK export) and for the printed book: valid for 7 days; inaccessible after expiry.
  • Order/invoice records: retained for 10 years as required by tax legislation (VUK/TTK); upon a deletion request, only the delivery personal information is anonymized.

6. Your Rights (KVKK art. 11)

Under KVKK art. 11 you have the right to: learn whether your data is being processed, request information, request correction or deletion, learn the third parties to whom it has been transferred, and claim compensation if you suffer damage.

You can exercise these rights from within the app under Settings → My Data (downloading your data and deleting your account) or by contacting contact@anice.io. Requests are answered within 30 days at the latest.

7. Children's Data

anice is designed for parents to keep memories of their own children. The account holder must be over 18. Data relating to a child is processed only with the parent's/guardian's upload and explicit consent; by default it is open only to the family members invited by the account holder. The other parent who holds custody may request the removal of content relating to the child through the support channel.

8. Security

Your data is encrypted in transit with TLS and at rest with AES-256. Access to media files is possible only through short-lived signed links; no publicly open URLs are used. Access to content is logged. If a data breach is detected, notification is made to the Personal Data Protection Board and the affected users as soon as possible, in accordance with KVKK.

9. Cookies

For the cookies used and how to manage your preferences, see the Cookie Policy.

10. Changes

When this text is updated it is published on this page; for significant changes you are also notified from within the app.