Privacy Policy

Version 1.0.5 · Last updated: 2026-06-03 SUMMARY (NOT LEGALLY BINDING) • SilaWay ("App") provides border wait times, maps, and community chat. • We collect only the data needed to run the service: account, location, chat. • Your data is not sold for advertising or marketing. • You can delete your account from within the app; your data is removed at the moment of deletion (technical copies within 30 days at the latest). • Questions: [email protected] The text below is the full and binding policy. 1. DATA CONTROLLER Data controller: SilaWay (the operator of the App). Contact: [email protected] SilaWay is the data controller for the purposes of Turkey's Personal Data Protection Law (KVKK No. 6698) and the EU General Data Protection Regulation 2016/679 (GDPR). 2. PERSONAL DATA WE PROCESS AND LEGAL BASIS The following categories are processed for the purposes stated, on the legal bases set out in KVKK Art. 5 and GDPR Art. 6: (a) Identity and Contact Data • Name, email, profile photo (shared by the provider when you sign in with Google or Apple) • Purpose: account creation, session continuity • Legal basis: KVKK Art. 5/2(c) performance of contract · GDPR Art. 6(1)(b) contract (b) Location Data • Device GPS coordinates (only while active border tracking is on, processed on your device) • Purpose: alerts when approaching a border crossing; wait time calculation • Legal basis: KVKK Art. 5/1 explicit consent · GDPR Art. 6(1)(a) consent • Background location is only collected when the user enables the "start border tracking" feature. • **Your raw GPS coordinates are not stored on our servers.** Only an anonymous wait-time contribution (which border + how many minutes) is sent to the server; this record cannot be linked back to your location or identity. (c) Content Data (Community Chat) • Messages you write in chat, your nickname, message timestamps • Purpose: enabling community communication • Legal basis: GDPR Art. 6(1)(b) contract + Art. 6(1)(f) legitimate interest (content moderation) • WARNING: Content posted in chat is **public** and visible to other users. Once sent, copies of messages may remain on other users' devices. (d) Device and Usage Data • Device identifier (Firebase Installation ID), screen visits, error logs • These data on their own do not identify you, but they are **not anonymous** — they are pseudonymized (linked to your account where applicable). • Purpose: service performance, error diagnosis, abuse detection • Legal basis: GDPR Art. 6(1)(f) legitimate interest (e) Guest Users • For guest sessions only an anonymous Firebase UID and device-level usage counters are stored. No personal contact information is collected. 3. THIRD-PARTY SERVICES The following data processors are used to deliver the service: • Google Firebase (Google LLC, USA) — authentication, database, notifications • Google Maps Platform (Google LLC, USA) — maps, directions • Cloudflare, Inc. (USA) — server infrastructure (API proxy) and automated content moderation of chat messages (Llama Guard); message text is processed for a safety check and is not stored • Open-Meteo (Bremen, EU) — weather; no identifiers sent • DeepSeek (Hangzhou DeepSeek Artificial Intelligence Co., China) — AI assistant (SilaAI); the chat text you send is transmitted to and processed by DeepSeek to generate the AI reply. Server/data location may include China. It is not used by us for model training; only the text you type in chat is sent to the AI (identity data such as your account/location is not sent to DeepSeek). • AMSS — Auto-Moto Asocijacija Srbije (Serbia) — border camera streams delivered to your device • Apple Inc. (USA) — only if you sign in with Apple, as an identity provider Your data is not sold or shared for advertising or marketing. 4. INTERNATIONAL DATA TRANSFERS Due to providers such as Firebase and Google Maps (USA) and DeepSeek (China), your data may be transferred **outside Turkey and the EU (including the USA and China)**. When you use the AI feature, your chat text is sent to DeepSeek (China). These transfers are protected: • Under KVKK Art. 9, by transfers to countries deemed adequate by the Turkish DPA or by contracts providing sufficient guarantees. • Under GDPR Art. 46(2)(c), by the EU Standard Contractual Clauses. For details please see the providers' own privacy policies. 5. RETENTION PERIODS • Account data: as long as your account is active • Wait-time contributions: kept as anonymous aggregated data for as long as the service runs (contains no raw GPS coordinates) • Chat messages: retained while your account is active. You can remove messages from within chat or by deleting your account. • Error logs: typically up to 90 days • When you delete your account, all personal data linked to it (including messages, profile, images) is removed **at the moment of deletion**; technical copies are cleared **within 30 days at the latest**. 6. YOUR RIGHTS Under KVKK Art. 11 and GDPR Art. 15-22 you have the right to: • Access your data • Request correction or deletion • Restrict processing • Object to processing • Data portability • Withdraw consent (for future processing) • Permanently delete your account from within the app ("Settings > Delete Account") You may send requests in writing to [email protected]. Under KVKK Art. 13, responses are provided **within 30 days at the latest**. 7. RIGHT TO LODGE A COMPLAINT If you believe processing is unlawful, you may lodge a complaint with: • Turkey: Personal Data Protection Authority (kvkk.gov.tr) • EU Member States: the supervisory authority in your country of residence (e.g. Germany BfDI, Netherlands AP, Austria DSB) 8. DATA BREACH NOTIFICATION If we detect a security breach affecting your personal data, we will notify the competent supervisory authority **within 72 hours** as required by GDPR Art. 33-34 and KVKK Art. 12/5, and we will inform affected users via in-app notification or email. 9. CHILDREN'S PRIVACY The App is **not designed for users under 16 years of age**. Under GDPR Art. 8 the minimum age in the EU is 16; in Turkey under KVKK, processing of minors' data requires parental consent. We do not knowingly collect data from users under 16; if discovered, such data is deleted. 10. SECURITY Your data is transmitted over HTTPS/TLS and stored on Google Cloud infrastructure. However, no method of transmission over the internet can be guaranteed to be 100% secure. 11. POLICY CHANGES Significant changes to this policy will be announced via in-app notification or email. The version number (1.0.5) and "Last updated" date are updated with each revision. 12. CONTACT Data controller: SilaWay Email: [email protected]