Relate Privacy Policy

This Privacy Policy explains how Epinko Teknoloji Limited Şirketi

("Epinko", "we", "us", or "our") collects, uses, stores, and shares

information when you use the mobile application "Relate AI" (the "App"),

distributed on the Apple App Store under the bundle identifier

com.toxiccheck.apps.

Relate AI is an AI-assisted communication analysis tool. It allows

adult users to analyze chat conversations they own, in order to receive

insights about communication patterns. We have designed the App with a

privacy-first approach: we do not require an account, we do not ask

for your name, email address, phone number, or any other identifying

information, and we do not sell or rent your data.

By using the App, you agree to the practices described in this

2. WHO WE ARE (DATA CONTROLLER)

Legal Entity: Epinko Teknoloji Limited Şirketi

Trading Name: Epinko

App Brand: Relate AI

Contact Email: iletisim@epinko.com

Country: Republic of Türkiye

For any privacy-related question, request, or complaint, please

of receipt.

3. INFORMATION WE COLLECT

The App is intentionally minimal in data collection. The categories

below describe everything we collect.

3.1 INFORMATION YOU PROVIDE TO US

a) Conversation Content. When you request an analysis, you may:

- Paste text into the App;

- Import a .txt chat export (for example a WhatsApp or iMessage

export) via the iOS Files share sheet;

- Select a screenshot from your Photo Library through the iOS

system PhotosPicker. The App uses Apple's on-device Vision

framework to extract text from the screenshot. The original

image file is NOT uploaded to our servers; only the

extracted text is processed.

The conversation text you submit is sent over an encrypted

HTTPS connection to our backend (Firebase Cloud Functions in

the europe-west1 region) and from there to Anthropic, PBC for

AI analysis (see Section 6). The conversation text itself is

NOT stored in our database. After the AI returns a result,

the conversation text is no longer retained on our servers.

b) Purchase Information. If you subscribe to Relate AI Pro, your

transaction is processed by Apple via StoreKit and managed by

RevenueCat, Inc. We do not see or store your payment card

details. We only receive subscription metadata (product

identifier, status, expiration date, trial flag).

c) App Language Preference. If you change the in-app language,

this preference is stored on your device only.

3.2 INFORMATION COLLECTED AUTOMATICALLY

a) Anonymous User Identifier. The App uses Firebase Anonymous

Authentication to assign a random, device-bound user ID

("UID") to each installation. This UID:

- Is generated automatically at first launch;

- Is not linked to your name, email, phone, or any other

personally identifying information;

- Is stored locally in the iOS Keychain and on our backend

to enforce subscription entitlement and abuse-prevention

quotas;

- Resets if you delete the App and reinstall it.

b) Usage Events. Each time you submit an analysis, we record a

usage event in our database that contains: the anonymous UID,

the timestamp, AI input/output token counts, the computed

risk score, and an error code (if any). We do NOT log the

conversation text or the analysis content itself.

c) Diagnostic and Crash Data. The App uses Firebase Crashlytics

to capture stack traces and device information (model, iOS

version, locale, app version) when the App crashes. This

helps us fix bugs. Crashlytics data is anonymous and does

not include the contents of your conversations.

d) Aggregated Analytics. The App includes Firebase Analytics,

which automatically collects standard mobile-app metrics

(session count, app version, OS version, country derived

from IP address). We do not log any custom analytics events

that include personal or conversation content.

3.3 INFORMATION WE DO NOT COLLECT

We have made deliberate choices to NOT collect:

- Your real name, email, phone number, or postal address;

- Your contacts, calendar, location, or microphone data;

- Your camera roll beyond the single screenshot you choose to

share via the system PhotosPicker;

- The Identifier for Advertisers (IDFA);

- Any data for cross-app or cross-website tracking.

Because the App does not track you across other apps or

websites, we do not present an App Tracking Transparency (ATT)

prompt.

4. PERMISSIONS THE APP USES

Relate AI does NOT request runtime permissions for the camera,

microphone, photo library, contacts, calendar, location, or

notifications.

The only system-mediated access points are:

a) PhotosPicker (iOS 16+). When you tap the "Screenshot" button,

iOS shows you the system photo picker. iOS shows you the

thumbnails; we receive only the single image you tap. Your

library remains private.

b) Files / Documents. When you import a .txt chat export, iOS

shows you a document picker. We only receive the file you

pick.

c) Share Sheet. When the App is invoked from another app's

"Share" menu (for example, sharing a WhatsApp .txt export to

Relate AI), iOS hands the file to the App.

5. HOW WE USE YOUR INFORMATION

We use the information described above only for the following

purposes:

- To produce the requested AI analysis and return it to you;

- To verify your subscription status and enforce daily abuse

caps (currently 10 analyses per day for Pro subscribers);

- To diagnose and fix crashes and technical errors;

- To understand aggregated usage so we can improve the App;

- To comply with legal obligations and respond to lawful

requests.

We do NOT use your information to build advertising profiles.

We do NOT sell your information to third parties.

We do NOT use your conversation content to train AI models;

we instruct Anthropic to do the same (see Section 6).

6. AI PROCESSING (ANTHROPIC)

To produce an analysis, we send your conversation text to

Anthropic, PBC ("Anthropic"), the provider of the Claude AI

model, via Anthropic's commercial API. The request is made

server-to-server from our Firebase Cloud Function over HTTPS

using a secret API key that is never exposed to your device.

- Provider: Anthropic, PBC, San Francisco, California, USA

- Model: Claude Opus 4.x (and related Claude models)

- Endpoint: https://api.anthropic.com/v1/messages

- Retention: Anthropic's commercial API does not use

inputs or outputs to train its models. Inputs

may be retained by Anthropic for a limited

period to operate the service, detect abuse,

and meet legal obligations, in accordance with

Anthropic's commercial Usage Policy and Privacy

Policy.

We send only the conversation text and a language code. We do

not send your Firebase UID, your IP address, or any device

identifier to Anthropic. For details on Anthropic's data

practices, please see Anthropic's Privacy Policy at

https://www.anthropic.com/legal/privacy.

7. WHERE YOUR DATA IS STORED

7.1 ON YOUR DEVICE

- Analysis History: Up to 50 of your most recent analyses are

saved as JSON files in the App's Documents directory on your

device. You can delete any item from history at any time. If

you delete the App, this data is deleted with it.

- Local Preferences: Your language preference is stored in the

App's UserDefaults on your device.

- Authentication Token: Your Firebase Anonymous Auth credential

is stored in the iOS Keychain.

7.2 ON OUR SERVERS

We use Firebase (operated by Google LLC) as our backend

infrastructure. Production data is stored in the europe-west1

(Belgium) region.

Our Firestore database contains the following collections:

- users/{uid}

Fields: created_at, last_seen_at, updated_at.

Purpose: track an anonymous user's last activity.

- subscriptions/{uid}

Fields: status, product_id, expires_at, is_in_trial,

last_event_id, updated_at.

Purpose: subscription entitlement enforcement.

Source: written by RevenueCat webhook events.

- usage_events/{auto-id}

Fields: user_id, input_tokens, output_tokens,

cache_read_tokens, cache_creation_tokens,

risk_score, error, created_at.

Purpose: rate limiting, cost monitoring, error

diagnostics. Contains NO conversation text.

Direct client access to Firestore is denied; all writes occur

through our Cloud Functions, which authenticate with a

short-lived (1-hour) Firebase ID token.

8. THIRD-PARTY SERVICE PROVIDERS (SUB-PROCESSORS)

We use the following third parties to operate the App. Each

processes data on our behalf under appropriate contractual

safeguards.

Provider Purpose Region

---------------------- ----------------------------- -------------

Google LLC (Firebase) Auth, Cloud Functions, EU

Firestore, Crashlytics,

Analytics, Cloud Messaging

Anthropic, PBC AI analysis (Claude) USA

RevenueCat, Inc. Subscription management USA

Apple Inc. In-app purchases (StoreKit) Apple region

We have signed Data Processing Agreements with these providers

where required by applicable law.

9. SUBSCRIPTIONS AND PAYMENTS

Relate AI offers a Pro subscription with weekly and monthly

billing periods. Payments are handled exclusively by Apple via

StoreKit; we never see your payment instrument. RevenueCat

synchronizes Apple's purchase events to our backend so we can

confirm whether your subscription is active.

You can cancel your subscription at any time in iOS Settings >

Apple ID > Subscriptions. Cancellation takes effect at the end

of the current billing cycle. Refund requests must be submitted

to Apple at https://reportaproblem.apple.com.

10. DATA RETENTION

- Conversation Text submitted for analysis:

Not retained on our servers after the response is

returned. Retained by Anthropic per their commercial

retention policy (see Section 6).

- users/{uid} record:

Retained while the App is in use. May be deleted on

request (see Section 11).

- subscriptions/{uid} record:

Retained for the lifetime of the subscription plus a

reasonable period required for accounting, tax, and

dispute-resolution purposes (typically up to 10 years

under Turkish tax law).

- usage_events records:

Retained for up to 24 months, then deleted or

aggregated.

- Crashlytics data:

Retained for 90 days by default per Firebase policy.

- Analytics data:

Retained for 14 months by default per Firebase policy.

- On-device history:

Stored only on your device until you delete the entry,

clear history, or uninstall the App. Limited to the

most recent 50 analyses.

11. YOUR PRIVACY RIGHTS

Depending on where you live, you may have the following rights

under applicable data-protection laws (including the EU/UK GDPR,

the Turkish Personal Data Protection Law (KVKK), and the

California Consumer Privacy Act (CCPA)):

- Right of access: receive a copy of the data we hold

about you.

- Right to rectification: correct inaccurate data.

- Right to erasure ("right to be forgotten"): request that

we delete your data.

- Right to restrict or object to processing.

- Right to data portability.

- Right to withdraw consent at any time, where processing

is based on consent.

- Right to lodge a complaint with your local data

protection authority.

- California residents: right to opt out of the "sale" or

"sharing" of personal information. We do not sell or

share your personal information as defined by the CCPA.

To exercise any of these rights, email iletisim@epinko.com from

the device where you use the App, and include the anonymous

Firebase UID shown in the App's Settings > About screen so we

can locate the relevant records. Because we do not collect

identifying information, we may need additional verification

to confirm your identity before fulfilling certain requests.

You can also delete your data at any time without contacting us

by uninstalling the App, which removes all on-device data, and

asking us to delete the corresponding server-side records by

emailing the request above.

12. CHILDREN'S PRIVACY

Relate AI is intended for adults (17 years of age or older). It

is not directed to, and we do not knowingly collect personal

information from, children under the age of 13 (or under the

age that triggers parental consent in your jurisdiction).

If you are a parent or guardian and you believe your child has

provided us with personal information, please contact us at

iletisim@epinko.com and we will delete that information.

13. SECURITY

We take security seriously. Our safeguards include:

- All client-server communication uses HTTPS / TLS.

- Anthropic and RevenueCat API keys are stored in Google

Cloud Secret Manager and never embedded in the iOS App.

- Firestore access is denied at the Security Rules layer for

direct client connections; all writes are gated through

authenticated Cloud Functions.

- Firebase ID tokens used for backend authentication expire

after 60 minutes and are auto-refreshed.

- We do not export non-exempt encryption (Apple

ITSAppUsesNonExemptEncryption is set to false).

No method of transmission or storage is 100% secure. While we

strive to protect your information, we cannot guarantee absolute

security.

14. INTERNATIONAL DATA TRANSFERS

Our primary backend region is europe-west1 (Belgium). Some

sub-processors (Anthropic, RevenueCat) operate from the United

States. By using the App, you understand that your information

may be transferred to and processed in countries outside your

country of residence, which may have data protection laws

different from those of your country.

For users in the European Economic Area, the United Kingdom,

and Türkiye, we rely on Standard Contractual Clauses or

equivalent legal mechanisms to protect cross-border transfers.

15. APPLE APP PRIVACY DISCLOSURES

In line with Apple's App Privacy framework, the data we collect

maps to Apple's categories as follows:

Category Data Type Linked Tracking

----------------------- ------------------- -------- ----------

User Content Conversation text No No

Identifiers Anonymous user ID No No

Purchases Subscription status No No

Usage Data Product interaction No No

Diagnostics Crash data, perf No No

- "Linked" means linked to your identity. None of the data

we collect is linked to a real-world identity, because we

do not collect any.

- "Tracking" means used to track you across apps and

websites owned by other companies. We do not engage in

any such tracking.

16. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we

make material changes, we will update the "Last Updated" date

at the top of this document and, where appropriate, notify you

in the App. Your continued use of the App after such notice

constitutes acceptance of the revised policy.

17. CONTACT

If you have questions, requests, or complaints about this

Epinko Teknoloji Limited Şirketi

App: Relate AI

Email: iletisim@epinko.com

We will do our best to address your concerns and, where

applicable, cooperate with your local data protection

authority.