Last updated: May 2026 TETRAI YAPAY ZEKA TEKNOLOJI BILISIM VE ILETISIM TICARET LIMITED SIRKETI ("Company", "we", "us", or "our") operates the Tootem mobile application ("App"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use Tootem. By using Tootem, you consent to the practices described in this policy. 1. INFORMATION WE COLLECT 1.1 Account Information When you sign in with Apple, Google, or email and password, we collect: • Your email address • Your display name • Your profile picture URL (if provided by the social authentication provider) • A hashed password (only for email accounts; we never store plaintext passwords) • Your preferred language (one of: English, Turkish, Portuguese, Spanish) 1.2 Astrology Profile To generate personalized astrology content, you may optionally provide: • Birth date (required for birth chart, year-ahead, and compatibility features) • Birth time (optional, used for rising sign and house calculations) • Birth place (optional, free-text city name for future ephemeris support) This birth data is considered sensitive and is used solely for astrology calculations and AI-generated readings. It is never shared with advertisers and never used to identify your physical location. 1.3 Subscription and Purchase Information • Subscription tier (Mistik, Astrolog, or Kâhin) and expiration date • One-time report ownership (birth chart, compatibility, year-ahead, name numerology) • In-app purchase transaction identifiers (Apple originalTransactionId, Google orderId or purchaseToken) • We do not store credit card numbers, billing addresses, or any payment method details. All payments are handled by Apple or Google. 1.4 Usage Data We automatically collect: • Items collected and box opening history • Key balance and transaction records • Lucky wheel spin history • AI chat usage counts and daily limits • Daily reading views and feature interactions • Last seen timestamp for re-engagement notifications 1.5 AI Interaction Data When you use the AI Astrologer chat or generate AI-driven insights (compatibility reports, numerology readings, birth chart interpretations, year-ahead readings, monthly transits), we store: • Your chat messages and the AI's responses, associated with your account • The destiny number, zodiac pair, or other parameter used to generate the reading AI chat history older than 90 days is automatically deleted by our backend. 1.6 Device and Technical Information • Device type, model, and operating system version • Unique device identifiers (vendor identifier on iOS, advertising identifier when permitted via ATT) • Push notification token (only if you grant notification permission) • IP address (used solely for rate limiting and abuse prevention, never for geolocation) • Approximate locale and language settings 1.7 Communications Preferences • Per-type notification preferences (daily morning push, report ready, comeback) 2. HOW WE USE YOUR INFORMATION We use your information to: • Provide, maintain, and improve the Tootem service • Generate personalized astrology content based on your birth profile • Process AI chat queries and pre-generate monthly transit readings for premium subscribers • Track your collection progress, key balance, and subscription state • Send push notifications such as daily reminders and "report ready" alerts, only with your permission • Verify in-app purchases and maintain transaction records for accounting and dispute resolution • Prevent fraud, abuse, and unauthorized access (rate limiting, IAP receipt verification) • Diagnose crashes and performance issues • Comply with applicable legal obligations 3. DATA STORAGE AND SECURITY All data is stored on managed PostgreSQL infrastructure operated by Railway. Data is encrypted in transit (TLS 1.2 or higher) and at rest. Access to production data is restricted to authorized engineers acting under contractual confidentiality obligations. We rotate credentials periodically and review access logs. 4. DATA SHARING AND THIRD-PARTY PROCESSORS We do not sell, rent, or trade your personal information to third parties. We share limited information strictly as necessary with the following service providers, each of whom acts as a data processor under contractual confidentiality and security obligations: • Apple and Google: authentication, in-app purchase verification, subscription receipt validation, and webhook notifications for purchase events. • Anthropic, PBC ("Claude"): we send the prompt for each AI chat message, horoscope, compatibility reading, numerology report, birth chart interpretation, year-ahead report, or monthly transit to Anthropic's API to generate the response. Prompts include the zodiac sign or destiny number being analyzed but do not include your email, full name, or any directly identifying information. Anthropic processes the prompt and returns the generated text; we then cache the response so identical future requests do not re-query the API. • Sentry: crash reports, application errors, and performance traces. Authorization headers and personal identifiers are stripped before transmission. • Mixpanel: anonymous product analytics events (sign-in, box opened, IAP initiated, error shown) keyed by your user identifier. We do not transmit your email, birth data, or chat content to Mixpanel. • Expo: push notification delivery via Expo Push Service. • Railway: cloud hosting and managed PostgreSQL database. We may also disclose information when required by law, court order, or to protect the rights, property, or safety of Tootem, our users, or others. 5. IN-APP PURCHASES AND SUBSCRIPTIONS Tootem offers three types of in-app purchases, all processed exclusively through the Apple App Store or Google Play Store: • Consumable Key Packs: virtual keys used to open mystery boxes • Auto-Renewable Subscriptions: three tiers (Mistik, Astrolog, Kâhin) offered in monthly and yearly intervals. Subscriptions automatically renew unless cancelled at least 24 hours before the end of the current period through your Apple ID or Google Play account settings. A 7-day free trial may be available to new subscribers. • Non-Consumable Reports: one-time purchases of PDF readings (birth chart, compatibility, year-ahead, name numerology) which remain available on your account permanently. We receive only the receipt and product identifier from Apple or Google. We do not have access to your payment method, billing address, or any financial information. 6. CHILDREN'S PRIVACY Tootem is not directed at children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact contact@tetrai.tech and we will promptly delete the information. 7. YOUR RIGHTS You have the right to: • Access the personal data stored in our systems • Delete your account and all associated personal data via Profile > Delete Account (an in-app, one-tap action that triggers a full cascade delete on our backend) • Cancel any active subscription through your Apple ID or Google Play account settings (Tootem cannot cancel store-managed subscriptions on your behalf) • Withdraw consent for push notifications via your device settings or Profile > Notification Preferences • Export the data we hold about you by contacting contact@tetrai.tech • Object to or restrict certain processing activities For users in the European Union and the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) and the UK GDPR, including the right to data portability, the right to rectification, and the right to lodge a complaint with a supervisory authority. For users in Turkey, your rights under the Personal Data Protection Law (KVKK, Law No. 6698) are fully respected. For users in California, you have rights under the California Consumer Privacy Act (CCPA). 8. DATA RETENTION • Active accounts: data is retained for the duration of your account's activity. • Deleted accounts: all personal data is cascaded and permanently deleted from our primary database within 72 hours. Aggregated and anonymized records may be retained for accounting and legal compliance. • AI chat messages: automatically deleted 90 days after creation. • Password reset codes: deleted automatically after expiration (15 minutes). • Backups: encrypted backups are retained for up to 30 days for disaster recovery. 9. COOKIES AND TRACKING The Tootem mobile app does not use browser cookies. We use device identifiers and analytics SDKs (Mixpanel, Sentry) only to improve app performance and reliability. We do not use any advertising tracking SDKs. 10. INTERNATIONAL DATA TRANSFERS Our backend infrastructure is hosted in the United States and the European Union. By using Tootem, you consent to the transfer of your data to these regions. We rely on standard contractual clauses and the GDPR adequacy framework where applicable. 11. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time. Material changes will be highlighted within the App. Your continued use of Tootem after a policy update constitutes acceptance of the revised version. 12. CONTACT US Email: contact@tetrai.tech Company: TETRAI YAPAY ZEKA TEKNOLOJI BILISIM VE ILETISIM TICARET LIMITED SIRKETI