Privacy Policy and Information Notice

Last updated: 01.07.2026

İGUANA REKLAM VE YAZILIM ANONİM ŞİRKETİ (“the Company” or “Data Controller”), registered at Maslak Mah. Sanatkarlar Sk. Eclipse Maslak Sitesi No: 2E-9 Sarıyer / İstanbul, attaches the utmost importance to the security and lawful processing of the personal data you share through the Zikry application (“the Application”). This notice is prepared under Article 10 of Law No. 6698 on the Protection of Personal Data (“KVKK”) to inform you transparently about our data processing activities, their purposes, legal bases and your rights.

1. Categories of Personal Data Processed, Purposes and Legal Bases

Data CategoryData ProcessedPurposesLegal Basis (KVKK Art. 5)
Identity and ContactIf you register: name, surname and e-mail address.Creating and verifying the user account, conducting membership processes and providing support.Directly related to the conclusion or performance of a contract (Art. 5/2-c).
User Inputs (Creative Content)Ideas, topics, editing instructions and text requests entered into prompt/text fields.Generating user-specific audio, music, lyrics, visual and media content via AI models.Performance of a contract (Art. 5/2-c).
Transaction Security and Technical DataIP address, device identifiers (Device ID), OS version, device model, error logs (masked) and usage statistics.Ensuring system security and integrity, preventing misuse/fraud, performance optimization and detecting technical errors.Expressly provided by law (Art. 5/2-a), legal obligation (Art. 5/2-ç) and legitimate interest (Art. 5/2-f).
Customer Transaction and Financial DataSubscription plan, purchase history, digital credit balance and in-app purchase tokens (credit-card data is not stored by us).Finance and accounting, payment verification and defining subscription entitlements.Performance of a contract (Art. 5/2-c) and legal obligation (Art. 5/2-ç).

2. International Data Transfers

Owing to the Application's cloud-based architecture and AI infrastructure, personal data and technical logs are transferred to global service providers located abroad pursuant to Article 9 of the KVKK. The Company treats these providers' Data Processing Agreements (DPAs) and international security-standard commitments (ISO 27001, SOC 2, etc.) as supporting elements of its legal-safeguard processes.

No account identifier (name, e-mail or user ID) is attached to the requests sent to AI providers; only the creative text entered by the user is processed by those providers to generate the content. However, content the user voluntarily includes in free prompt fields, and technical identifiers required for the infrastructure to function (Device ID, IP, etc.), are transferred by generic recipient category:

Generic Recipient CategoryData TransferredPurpose and Scope
AI and Media Generation Service ProvidersWithout any account identifier; only the free-text inputs, lyrics, titles and generation parameters entered by the user.Generating audio, lyrics, music and cover-art via AI models. As providers may use dynamic routing, data may, under onward transfer, also reach their sub-infrastructure and alternative model providers.
Cloud Infrastructure, Hosting, Storage and Render ProvidersApplication database records, generated audio/music/visual media, titles, UUID object keys and technical server logs.Hosting data on secure servers, storing content, serving via CDN and running video-render on global cloud infrastructure.
Subscription, Payment and Revenue Management ProvidersUser ID, device identifiers, subscription status, billing periods and purchase history.Integration, tracking and management of in-app purchases, premium memberships and digital-credit systems.
Analytics, Attribution and Error-Monitoring ProvidersDevice identifiers, error records, performance metrics and masked usage logs.Performance monitoring, crash/error detection, marketing attribution (MMP) and experience analysis.
Identity/Security Verification and Notification ProvidersDevice and app-integrity tokens, push-notification tokens.Blocking bot/malicious attempts, verifying device security and delivering push notifications.

Legal basis for transfers abroad: These continuous cross-border data flows are carried out on the basis of the Standard Contracts published by the Personal Data Protection Board under Article 9 of the KVKK.

3. Data Retention, Erasure and Account Deletion

  • Account and Identity Data: Retained while membership continues; following a deletion request, permanently deleted within 30 days at the latest, subject to legal retention obligations.
  • Prompt and Creative-Content Inputs: Retained throughout active membership for performance of the contract and model optimization/monitoring. Upon account deletion, outputs whose ownership passes to the Company and which are rendered anonymous (not attributable to the creator on visible surfaces) may remain in the system.
  • Technical Logs and IP Records: Retained for at least 1 to 2 years from the transaction date for security and legal reasons (e.g., Law No. 5651).

Users may submit deletion requests through the in-app settings menu or via our account deletion page.

4. Data Security

The Company applies industry-standard technical and administrative measures (data minimization, backend masking, SSL/TLS encryption and secure cloud architectures) to protect personal data against unauthorized access, alteration, disclosure or destruction. However, no data transmission over the internet is 100% secure and cyber-attack risks cannot be entirely eliminated.

5. Your Rights under KVKK Article 11 and How to Apply

Under Article 11 of the KVKK you have the right to: learn whether your personal data is processed; request information if it is; learn the purpose of processing and whether it is used accordingly; know the third parties to whom it is transferred at home or abroad; request correction if it is incomplete or incorrect; request its erasure or destruction; request that such actions be notified to third parties to whom the data was transferred; and request compensation if you suffer damage due to unlawful processing.

You may submit your requests to [email protected] from the e-mail address registered in our systems. Requests are concluded free of charge within 30 (thirty) days at the latest.

6. Contact

For general questions about our privacy practices, contact us at [email protected]. For formal KVKK requests, please use [email protected].