Privacy Policy

1. Data Controller

Pursuant to the Law on the Protection of Personal Data No. 6698 ("KVKK"), your personal data is processed by Habita Teknoloji A.Ş. ("Habita" or "Company") acting as the data controller.

2. Personal Data We Collect

When you register and use the Platform Services, the following categories of personal data are processed:

• Identity & Account Data: Full name, e-mail address, registration date
• Usage & Transaction Data: Saved items, product photos, wardrobe data, outfit combinations, packing/travel data, in-app interactions
• Visual Content: Clothing photographs uploaded by the user for wardrobe management purposes. No facial recognition or biometric processing is performed on these images. Photos are stored solely to provide wardrobe and outfit features.
• Travel & Event Document Data: Images (.png, .jpg) or documents (.pdf) such as flight tickets, museum, restaurant, and event tickets optionally uploaded by the user as part of trip/packing planning. These files are stored as-is. Any personal data contained within them (e.g. full name, passport number, reservation code, travel dates) is not separately extracted, analysed, or shared with third parties by the Company.
• Security & Transaction Data: IP address, device information, access and transaction logs
• Communication Data: Support requests and feedback content
• Cookie Data: Session information, platform usage preferences, navigation and interaction data. Non-essential cookies are used only with your explicit consent.

3. Purposes of Processing and Legal Basis

3.1 Membership and Platform Services

Purposes:

• Creating and managing user accounts
• Providing platform features and functionality
• Delivering wardrobe management, outfit creation, and packing services

3.2 Document and Visual Storage

Purposes:

• Storing images and PDF documents (flight tickets, museum/restaurant/event tickets) uploaded by the user as part of trip planning
• Storing clothing photographs for wardrobe management and related features

3.3 Platform Security and Technical Operations

Purposes:

• Ensuring information and system security
• Preventing unauthorised access
• Diagnosing and resolving technical errors

3.4 Customer Support and Communication

Purposes:

• Responding to support requests
• Managing complaints and feedback

3.5 Personalisation and Service Improvement via Cookies

Purposes:

• Improving user experience
• Delivering content and features tailored to usage habits
• Analysing platform performance

3.6 Google Sign-In

We use Google Sign-In to allow users to create accounts and log in quickly and securely. When you choose this method, Google may share basic account information such as your first name, last name, e-mail address, and profile photo (if available) with us.

This information is used solely for account creation, identity verification, and account management purposes and is never shared with third parties for marketing.

You may revoke access at any time via your Google account's Security or Account Permissions settings, or by using the in-app account deletion feature.

3.7 Advertising Services (Google AdMob) and Advertising ID

We use Google Mobile Ads (AdMob) to display ads, measure ad performance, and deliver rewarded ad experiences. In this context, your device's advertising identifier (Advertising ID / AD_ID) and certain technical signals may be processed and shared with Google and its advertising partners.

For details on how Google processes data: Google Privacy Policy.

4. Transfer of Personal Data

Your personal data may be transferred to:

• Server and infrastructure service providers (including file storage infrastructure)
• Authorised public institutions and organisations within the scope of legal obligations

All transfers are carried out in compliance with Articles 8 and 9 of KVKK, with appropriate technical and administrative safeguards in place.

Where non-essential cookies involve data transfers outside Turkey, such transfers are carried out only with your explicit consent in accordance with applicable legislation.

5. Retention Periods

Data Category	Retention Period
Account and membership data	For as long as the membership is active
Clothing photos and outfit data	For as long as the account is active; permanently deleted within 30 days of account deletion
Flight tickets, museum/restaurant ticket images and PDFs	Deleted permanently within 30 days of user deletion or account closure
Security and access logs	2 years
Cookie data	Varies by cookie type (see Cookie Policy for details)
Upon membership termination (general)	Up to 6 months, subject to statutory obligations

6. Account Deletion and Data Erasure Process

Users may request account deletion via the Delete Account option on the Settings screen within the app. Upon receiving the request, your account is deactivated, all sessions are terminated, and your personal data is permanently deleted or anonymised within 30 days, to the extent technically and operationally feasible.

If you sign in again with the same identity (e.g. the same Google or Apple account) during this period, the deletion request is cancelled and your account may be reactivated.

• Once the waiting period expires, all account-linked data — including your wardrobe, outfit combinations, travel plans, clothing photos, and any uploaded ticket images or PDF files — will be removed from our systems.
• Data that must be retained under statutory obligations will continue to be stored for the periods prescribed by applicable law.

Alternatively, you may request deletion of your account and data by sending an e-mail to lifehabita@gmail.com.

7. Third-Party Service Providers

• Google LLC – Google Sign-In: Used for identity verification and fast login. Basic account data (name, surname, e-mail, profile photo) may be shared by Google; used solely for authentication and account management.
• Google LLC – Google Mobile Ads (AdMob): Used for ad display, performance measurement, and rewarded ad flows. Advertising ID (AD_ID) and technical signals may be shared with Google and its advertising partners.

These providers process only the data necessary for the relevant service. Your data is not shared with them for marketing purposes beyond what is described above.

Google Privacy Policy: https://policies.google.com/privacy.

8. Technical Security Measures

The following technical measures are applied to protect your personal data and uploaded documents:

• At-Rest Encryption: All user data — including clothing photos, flight tickets, museum/restaurant ticket images, and PDF files — is stored with AES-256 encryption.
• Access Controls: Access to servers and storage infrastructure is restricted to authorised personnel only; access logs are retained for 2 years.
• Isolated Storage: User files are stored in isolated storage spaces; one user cannot access another user's data.
• Secure Transmission: All data communication between the app and servers is encrypted via TLS/HTTPS.
• Network Security: The storage service is accessible only from the application server and is not exposed to direct external access.

9. Your Rights Under KVKK

Pursuant to Article 11 of KVKK, you have the following rights:

• To learn whether your personal data is being processed
• To request information if your data has been processed
• To learn the purpose of processing and whether data is used in accordance with that purpose
• To know the third parties to whom data has been transferred domestically or abroad
• To request correction of incomplete or inaccurate data
• To request deletion or destruction of data under the conditions set out in the Law
• To request that correction/deletion be notified to third parties
• To object to a result arising against you through automated systems
• To claim compensation for damages arising from unlawful processing

This policy was last updated in May 2026. In the event of material changes, users will be notified via in-app notification or e-mail.