Privacy Policy

This Privacy Policy explains how ONE EIGHTY DIJITAL HIZMETLER LIMITED SIRKETI ("Company", "we", "our", or "us") collects, uses, discloses, and protects your information when you use the ChatPlus mobile and web applications (the "Service"). We are committed to safeguarding your privacy and complying with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Turkey's Personal Data Protection Law (KVKK No. 6698), and other relevant regulations.

By using ChatPlus, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service. This Policy should be read in conjunction with our Terms of Use. We may update this Policy periodically; significant changes will be notified via the app, email, or our website, and continued use constitutes acceptance.

Information We Collect

We collect only the information necessary to provide, maintain, and improve the Service. Categories include:

1. Information You Provide Directly

• Account Information: Email address, display name, or other identifiers if you create or log into an account.
• User Content: Chat prompts, conversation history, uploaded images, generated outputs (e.g., text or images), and other materials you input or create.
• Location Data: Precise or approximate device location if you enable optional features (e.g., location-based recommendations), requiring your explicit consent.

2. Information Collected Automatically

• Device and Network Information: Device type, model, operating system, unique device identifiers (e.g., IDFA or Android ID), IP address, and network details.
• Usage Data: Interactions with the app (e.g., features accessed, session duration), crash reports, performance metrics, and diagnostic logs.
• Analytics Data: Anonymized, aggregated data on user behavior (e.g., feature usage frequency) to enhance the Service; this data is de-identified and cannot be linked to individuals.

3. Information from Third-Party Integrations

To deliver AI-powered features, we integrate with official APIs from third-party providers. Your inputs (e.g., prompts, images) may be transmitted securely to these providers for processing:

• Google DeepMind: Gemini 1.5 Flash for chat and reasoning tasks.
• xAI: Grok 4 for real-time, context-aware responses.
• Anthropic: Claude 3.5 Sonnet and Claude 3.7 Sonnet for ethical, advanced conversational AI.
• DeepSeek AI: Deepseek R1 and Deepseek V3 for technical and coding expertise.
• OpenAI: GPT-5, GPT-5 mini, GPT-4.1, GPT-4.1 mini, GPT-4o, GPT-4o mini, GPT-o4 mini, and related models (including vision capabilities via GPT-4o for image-related tasks) for multimodal chat and generation.
• Black Forest Labs: Flux Schnell and Flux for text-to-image and image-to-image generation.
• Internal or Licensed Models: Nano and Banana (proprietary or licensed models hosted by us, not shared externally).

These providers process data solely to fulfill your requests and in accordance with their privacy policies (e.g., OpenAI Privacy Policy, Anthropic Privacy Policy, Google Privacy Policy). We integrate solely through official APIs, comply with their terms, and do not access, store, or use data beyond what is necessary for the Service.

How We Use Your Information

We use collected information for legitimate business purposes, including:

• Providing and personalizing the Service, such as generating AI responses, creating images, and maintaining conversation continuity.
• Improving app functionality, debugging issues, and analyzing usage trends through anonymized analytics.
• Sending service-related communications (e.g., updates, security alerts) and, with your consent, optional promotional content.
• Detecting and preventing fraud, abuse, or violations of our Terms of Use.
• Complying with legal obligations, responding to regulatory requests, or enforcing our policies.
• Aggregating data for research and development to enhance AI capabilities, without identifying individuals.

We process data based on your consent, contractual necessity, legitimate interests (e.g., service improvement), or legal requirements.

Sharing and Disclosure of Information

We do not sell, rent, or trade your personal information. Disclosures are limited to:

• Service Providers: Trusted vendors (e.g., cloud hosting via AWS, analytics via Firebase) under strict confidentiality agreements ensuring data protection at least as stringent as ours.
• Third-Party AI Providers: Inputs shared only to process requests, as described above.
• Business Transfers: In mergers, acquisitions, or asset sales, data may be transferred with equivalent privacy protections.
• Legal and Safety Reasons: To comply with laws, court orders, or government requests; to protect rights, property, or safety; or to investigate illegal activity.
• Aggregated or De-Identified Data: Shared for analytics or research, ensuring it cannot be re-identified.

No sharing occurs with advertisers or unrelated third parties.

Data Retention and Deletion

We minimize data retention and do not store personal information on our servers.

• Chat History: Stored only locally on your device using Apple's Core Data. We do not collect, store, or have access to your conversations. You may delete chat history at any time via the app settings or by uninstalling the app.
• Generated or Uploaded Images: If you generate or upload an image, it is temporarily stored on our servers only to process your request. These images are automatically deleted within 48 hours (2 days).
• Analytics and Device Data: We collect only anonymized crash reports and performance metrics to improve the app. These do not identify you personally and may be retained for up to 12 months.
• Third-Party Processed Data: When you request AI features (e.g., chat or image generation), your inputs may be transmitted securely to third-party providers via their official APIs. We do not retain this data, and retention is governed by their respective policies.

You remain in full control of your content. Chat data never leaves your device, and uploaded/generated images are automatically deleted after processing.

Your Data Protection Rights

Depending on your jurisdiction (e.g., GDPR, CCPA, KVKK), you may have the right to:

• Access, correct, or update your personal data.
• Request deletion ("right to be forgotten") or restriction of processing.
• Object to processing based on legitimate interests or withdraw consent for optional features (e.g., location data, promotional emails).
• Receive your data in a portable, machine-readable format (data portability).
• Opt out of automated decision-making where it significantly affects you.
• For CCPA: Opt out of "sales" (we do not sell data) or limit sensitive data use.

Submit verifiable requests to support@oneeightapps.com. We respond within 30-45 days (extendable for complex cases). Appeals can be submitted to the same email. Turkish residents may contact the Personal Data Protection Authority (KVKK); EU residents may contact their local data protection authority.

Children's Privacy

ChatPlus is not intended for children under 13 (or the applicable minimum age, e.g., 16 under GDPR for certain processing). We do not knowingly collect or solicit data from children. If we learn of such collection, we delete it immediately. Parents/guardians may contact us to review or delete a child's data.

International Data Transfers

Data may be processed in Turkey (our primary location) or transferred to regions like the United States or European Union, where third-party providers (e.g., OpenAI, Google) operate. We ensure safeguards, including:

• Standard Contractual Clauses (SCCs) for transfers outside the EEA.
• Encryption in transit (e.g., TLS 1.3) and at rest (AES-256).
• Compliance with local laws like KVKK for Turkish residents.

Request transfer mechanism details at support@oneeightapps.com.

Analytics and Storage Technologies

For our web version, we may use analytics and local storage technologies to enhance functionality and analyze usage. These are managed via browser settings. Our mobile apps do not use web cookies or similar tracking technologies.

Data Security

We implement robust safeguards, including:

• Encryption of data at rest (AES-256) and in transit (TLS 1.3).
• Access controls (e.g., multi-factor authentication for internal systems).
• Regular security audits and employee training.

No system is fully secure; we cannot guarantee absolute protection. In case of a data incident, we will notify affected users and authorities as required (e.g., within 72 hours under GDPR).

Changes to This Policy

We may revise this Policy to reflect legal or operational changes. The updated version will be posted with a new "Effective Date." Material changes will be notified 30 days in advance via app notifications or email.

Contact Us

For questions, complaints, or rights requests: