Privacy Policy

1. Introduction

At Terra, we take your privacy seriously. This privacy policy explains how we collect, use, and protect your personal data.

Terra operates in compliance with KVKK (Turkish Personal Data Protection Law) and GDPR requirements.

2. Data Collected

We collect the following information:

Account Information: First and last name, email address; phone number (optional); profile photo (optional).

Location Information: Real-time location data (with your permission); saved addresses and assembly areas.

Usage Data: In-app activity; device information (model, operating system); crash reports and performance data.

Advertising Data (Free Plan): Advertising ID (Advertising ID / IDFA — when permitted); ad impression and interaction data; device and app information (for ad delivery).

Premium subscribers are not shown ads; this data is processed only for free plan users.

3. Use of Data

We use the data we collect for the following purposes:

To provide and improve our services

To deliver earthquake and disaster notifications

To share your location with designated contacts in emergencies

To improve app performance

For security and fraud prevention

To serve in-app ads to free plan users (Premium subscribers are not shown ads)

4. Data Sharing

We do not share your data with third parties except in the following cases:

Legal obligations (court orders, etc.)

Designated contacts in emergencies (when you have given permission)

4.1 Service Providers: The following third-party service providers are used to operate our app:

Supabase (Cloud Database and Backend Services): Used to securely store your user accounts, profile information, location data, network memberships, and app data. Your data is stored on servers in Turkey. Supabase uses industry-standard encryption and security measures to protect your data. Only data necessary for app functionality is shared. KVKK and GDPR compliant agreements have been signed.

Apple Authentication (Apple Sign In): Used to enable you to sign in with your Apple account. During authentication, Apple shares only the minimum required information (email, name). This information is used solely for account creation and sign-in. Subject to Apple's privacy policies.

Push Notification Services: Apple Push Notification Service (APNS) — for iOS devices; Firebase Cloud Messaging (FCM) — for Android devices. Used to deliver important notifications such as earthquake alerts, emergency notifications, and app updates. These services are used only to send notifications and do not store your personal data. Only device tokens and notification content are shared.

Payment Processors: Apple App Store — for Premium subscription payments on iOS devices; Google Play Store — for Premium subscription payments on Android devices. Used for Premium subscription payments. Your payment information is processed directly by Apple or Google and is not stored by us. Only payment status and subscription information (active/inactive, expiration date) is transferred to our system. Payment transactions are conducted entirely through Apple and Google's secure payment infrastructure.

RevenueCat: Used for subscription and in-app purchase management. Purchase status, subscription information, and transaction verification are processed. Your payment information is handled by Apple/Google; RevenueCat is used only for transaction verification and subscription management. Privacy Policy: revenuecat.com/privacy

Google AdMob: To display in-app ads to free plan users. Device identifiers, advertising ID (Advertising ID / IDFA), IP address, ad interactions, app usage data. Purpose: Ad delivery, measurement, fraud prevention. iOS App Tracking Transparency and Android advertising ID preferences are respected. Premium subscribers do not see ads. Privacy Policy: policies.google.com/privacy

All Our Service Providers: Take necessary security measures to protect your data; have signed KVKK and GDPR compliant agreements; use your data only for specified purposes; do not share your data with third parties.

5. Data Security

We take various security measures to protect your data:

Data transmission with SSL/TLS encryption

Database encryption

Regular security audits

Two-factor authentication support

6. User Rights

Your rights under KVKK:

Right to access your data

Right to request correction of your data

Right to request deletion of your data — Visit the /deleteuserdata page to submit a request and learn about the process

Right to data portability

Right to object

7. Data Retention

We retain your personal data only for as long as necessary:

Account information: Until the account is deleted or after 2 years of inactivity

Location history: 30 days (emergency location shares: 90 days)

Usage data: 90 days

Payment information: For the legally required retention period (10 years)

Background Location Usage: Our app may perform background location updates to share your location in emergencies and keep your location information up to date.

Update Frequency: Location updates occur at 30-minute intervals.

Activity Status: These updates are active only when the app is open or running in the background.

Optional: Background location access is entirely optional. You can disable it at any time in app settings.

Purpose of Use: To share your location with designated contacts in emergencies; to automatically keep your location information current; to enable fast location sharing during earthquakes and disasters.

Data Retention: Background location data is subject to the same retention periods as regular location history (30 days; emergency shares 90 days).

When the retention period ends, your data is securely deleted or anonymized.

8. Cookies and Tracking

We use cookies and tracking technologies at a minimal level to improve your app experience. These include:

Essential cookies for session management

Performance analytics (anonymous)

Preference storage

9. Data Breach Notification

If a breach affecting the security of your personal data is detected:

The breach will be reported to the Personal Data Protection Authority within 72 hours in accordance with KVKK.

In breaches posing a high risk, affected users will be notified within 72 hours at the latest.

10. Children's Privacy

Our app is not intended for children under 18. We do not knowingly collect data from children under 18. Users under 18 may use the app with parental or legal guardian consent.

11. Changes

We may update this privacy policy from time to time. You will be notified of significant changes.

12. Contact

For privacy-related questions or requests:

Email: info@terraapp.io

Data Controller: Terra Development Team