Polityka prywatności
Ostatnia aktualizacja: February 8, 2026 · Data wejścia w życie: February 8, 2026
Ten dokument jest dostępny tylko w języku angielskim
Aby zapewnić dokładność prawną, ten dokument nie jest dostępny w innych językach.
Key Points (Summary)
This is a non-binding summary for convenience only. Please read the full Privacy Policy below.
- We collect information you provide (profile, voice during Sessions, messages) and information generated automatically (usage data, device info, analytics).
- Your voice during live Sessions may be processed for subtitles, translation, and AI-generated session analytics (e.g., topic summaries, speaking metrics).
- We use your data to operate, improve, and secure the Service, and to communicate with you.
- We share data with third-party service providers (authentication, voice infrastructure, analytics, payment platforms) only as necessary to operate the Service.
- We apply automated data retention rules: read notifications are deleted after 1 day, unread after 15 days; group and session messages after 30 days.
- You have rights over your personal data, including access, correction, deletion, and data portability. You can delete your Account at any time from Settings.
- We do not knowingly collect data from anyone under 18 years of age.
- Data may be processed in Turkey and other countries where our service providers operate.
- This Policy is governed by the laws of the Republic of Turkey, including KVKK (Law No. 6698). For EEA users, GDPR also applies.
1. Introduction
This Privacy Policy (“Policy”) explains how Volosoft Bilisim Anonim Sirketi (“Volosoft”, “we”, “us”, “our”), a company incorporated under the laws of the Republic of Turkey, collects, uses, stores, shares, and protects your personal data when you access or use the Daily Talking mobile application and all related services (collectively, the “Service”).
This Policy is incorporated into and forms part of our Terms and Conditions (“Terms”). Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms.
By creating an Account, accessing, or using the Service, you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data as described herein. If you do not agree with this Policy, you must not use the Service.
2. Data Controller
The data controller responsible for your personal data is:
Volosoft Bilisim Anonim Sirketi
- Email: [email protected]
- Website: https://www.volosoft.com
- Address: Yesilkoy Serbest Bolge mh. E Blok sk. E1 Blok, No: 2, Bakirkoy, Istanbul, Turkey
For any questions, requests, or complaints regarding this Policy or your personal data, please contact us using the details above.
3. Information We Collect
We collect information in three ways: information you provide directly, information generated through your use of the Service, and information from third-party sources.
3.1 Information You Provide
| Category | Data | When Collected |
|---|---|---|
| Account and Profile | Username, display name, email address (optional), phone number (if phone auth), avatar image, country, timezone, birth year, gender (optional), biography (optional), occupation (optional) | Account creation, onboarding, profile editing |
| Language Preferences | Native language, spoken languages with CEFR proficiency levels (A1–C2), app display language | Onboarding, profile editing, settings |
| Interests and Referral | Selected interest categories (up to 20), referral source (how you heard about us) | Onboarding, profile editing |
| Voice Data | Audio of your speech during live Sessions | During live Sessions |
| Messages | Direct messages to other Users, Group message board posts, in-Session chat messages | When you send messages |
| Group and Session Data | Group names, descriptions, Session topics, scheduling details, attendance preferences | When you create/manage Groups or Sessions |
| Reports | Reports you submit about other Users or Groups, including the category and any description | When you file a report |
| Support Communications | Messages, emails, or other communications you send to us | When you contact us |
| Payment Information | We do not directly collect payment card details. Payments are processed by Apple App Store and Google Play Store. We receive transaction confirmations, Subscription status, and purchase identifiers from these platforms and from RevenueCat (our subscription management provider). | When you make a purchase |
3.2 Information Generated Automatically
| Category | Data | How Collected |
|---|---|---|
| Device Information | Device type, operating system and version, app version, unique device identifiers | Automatically by the app |
| Usage Data | Features used, screens visited, Session participation (join/leave times, speaking duration), Group activity, search queries | Automatically during use |
| Transcripts and Analytics | Speech-to-text transcripts of Session audio, AI-generated topic summaries, individual speaking time metrics | Generated by our STT and AI services after Sessions |
| Push Notification Tokens | Device tokens for delivering push notifications | Automatically by Firebase |
| Online Presence | Whether you are currently online within the app | Automatically tracked, with a 60-second timeout |
| Connection Data | IP address, general geographic location inferred from IP, connection timestamps | Automatically during use |
3.3 Information from Third Parties
| Source | Data |
|---|---|
| Authentication Providers (Apple, Google, Microsoft) | Name, email address, and unique identifier provided by the OAuth provider when you sign in |
| RevenueCat | Subscription status, purchase history, transaction identifiers, entitlements |
| Apple App Store / Google Play Store | Purchase receipts, refund status |
4. How We Use Your Information
We process your personal data for the following purposes:
4.1 Providing and Operating the Service
- Creating and managing your Account and profile.
- Enabling you to create and join Groups, schedule and participate in Sessions, and interact with other Users.
- Transmitting your voice audio to other Session participants in real time via voice infrastructure.
- Processing your voice audio through speech-to-text services to provide real-time subtitles and translation to Session participants (when enabled).
- Generating post-Session analytics, including AI-generated topic summaries and individual speaking time metrics.
- Delivering direct messages, Group messages, and in-Session chat messages.
- Managing your Subscription, Credits, and In-App Purchases.
- Sending push notifications and in-app notifications for Session reminders, Group activity, messages, friendship events, and other Service-related alerts.
- Enforcing Subscription limits and usage quotas.
4.2 Personalization and Recommendations
- Matching you with Groups based on your language preferences, proficiency levels, and interests (“Best Match” algorithm).
- Displaying relevant search results based on your query.
4.3 Safety, Security, and Enforcement
- Reviewing reports and moderating Content to enforce our Terms and protect Users.
- Detecting, preventing, and addressing fraud, abuse, and security incidents.
- Moderating new members’ messages in Groups where moderation is enabled.
- Blocking and restricting Users who violate our Terms.
4.4 Communication
- Sending transactional notifications (Session reminders, join request updates, friendship requests, Account-related alerts).
- Responding to your support inquiries and communications.
- Notifying you of material changes to the Terms or this Policy.
4.5 Analytics and Improvement
- Understanding how Users interact with the Service to identify issues, trends, and areas for improvement.
- Measuring feature adoption and Service performance.
- Tracking and resolving technical errors and crashes.
- We use PostHog as our analytics platform. PostHog receives anonymized and pseudonymized event data, user properties (such as Subscription type, country, language, and aggregated usage counts), and technical exception data. We have disabled autocapture and app lifecycle event capture to minimize unnecessary data collection.
4.6 Legal Compliance
- Complying with applicable laws, regulations, and legal processes.
- Establishing, exercising, or defending legal claims.
- Responding to lawful requests from public authorities.
5. Legal Basis for Processing
Depending on your jurisdiction, we rely on one or more of the following legal bases for processing your personal data:
| Legal Basis | Applicable Processing |
|---|---|
| Consent | Processing voice data for STT subtitles and translation; sending optional marketing communications; use of analytics cookies/identifiers (where required by law) |
| Performance of a Contract | Account creation and management; providing core Service features (Groups, Sessions, messaging); processing Subscriptions and payments; delivering transactional notifications |
| Legitimate Interests | Improving and personalizing the Service; analytics and usage monitoring; detecting fraud and enforcing Terms; ensuring Service security and integrity |
| Legal Obligation | Complying with applicable laws and regulations; responding to lawful data requests from authorities; tax and accounting record-keeping |
For Users in the European Economic Area (EEA), processing is based on the legal bases set out in Articles 6 and 9 of the GDPR. For Users in Turkey, processing is based on the conditions set out in Articles 5 and 6 of KVKK (Law No. 6698).
You may withdraw your consent at any time where consent is the legal basis for processing. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
6. How We Share Your Information
We do not sell your personal data. We share your information only in the following circumstances:
6.1 With Other Users
Certain information is visible to other Users as part of the Service’s functionality:
| Data | Visibility |
|---|---|
| Display name, username, avatar, country, native language, spoken languages and levels, interests, biography, occupation, status | Visible on your public profile to other Users |
| Voice audio | Heard by other participants during live Sessions |
| Direct messages | Visible to the message recipient |
| Group messages | Visible to Group members (subject to moderation) |
| In-Session chat messages | Visible to Session participants |
| Session attendance and speaking metrics | Visible to Session participants (post-Session) |
You can control some visibility through privacy settings, such as direct message permissions (Everyone, Friends & Common Groups, Friends Only, Nobody).
6.2 With Third-Party Service Providers
We share data with the following categories of service providers, who process data on our behalf and under our instructions:
| Provider Category | Examples | Data Shared | Purpose |
|---|---|---|---|
| Authentication | Apple, Google, Microsoft (OAuth); Firebase (phone auth) | Authentication tokens, phone number, email | Account sign-in and verification |
| Voice Infrastructure | LiveKit | Audio streams, session metadata | Real-time voice communication during Sessions |
| AI and Speech Processing | OpenAI | Session transcripts, conversation text | Speech-to-text, translation, topic analysis, speaking metrics |
| Push Notifications | Firebase Cloud Messaging (FCM) | Device tokens, notification payloads | Delivering push notifications |
| Subscription Management | RevenueCat | User identifiers, purchase data | Managing Subscriptions and In-App Purchases |
| Payment Platforms | Apple App Store, Google Play Store | Transaction data | Processing payments (we do not receive card details) |
| Analytics | PostHog | Pseudonymized usage events, user properties, exceptions | Understanding usage patterns and improving the Service |
| Hosting and Infrastructure | Cloud hosting providers | All Service data (encrypted) | Hosting and operating the Service infrastructure |
We require our service providers to process personal data only as instructed and to implement appropriate security measures. We do not permit service providers to use your data for their own purposes beyond providing services to us, except where required by their own legal obligations.
6.3 For Legal Reasons
We may disclose your information if we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, or legal process (e.g., court order, subpoena).
- Protect the rights, property, or safety of Volosoft, our Users, or the public.
- Detect, prevent, or address fraud, security issues, or technical problems.
- Enforce our Terms, including investigating potential violations.
6.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of Volosoft’s assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Policy via in-app notice or email.
6.5 Volosoft Personnel
Access to personal data, including session transcripts and analytics, is limited to authorized Volosoft personnel who require such access for service operation, maintenance, security, compliance, or legal obligations. All access is logged and subject to internal controls.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
7.1 Retention Periods
| Data Category | Retention Period | Details |
|---|---|---|
| Account and Profile Data | Duration of Account | Retained while your Account is active; deleted upon Account deletion (subject to legal retention obligations) |
| Voice Audio (Live Sessions) | Not stored after processing | Voice audio is transmitted in real time and processed for STT/translation. Raw audio is not permanently stored by Volosoft. |
| Session Transcripts | Account Lifetime | Compiled transcripts and AI-generated analytics are retained as part of Session history for as long as the associated Account exists. Access is restricted to authorized personnel on a need-to-know basis. |
| Direct Messages | Subscription-dependent | Trial/Core: accessible for 7 days; Plus: accessible for 30 days from message date. Messages beyond the accessible window are not displayed but may be retained for a limited period for legal/safety purposes. |
| Group Messages | 30 days | Automatically deleted 30 days after posting |
| Session Chat Messages | 30 days after Session ends | Automatically deleted 30 days after the Session concludes |
| Read Notifications | 1 day | Automatically deleted 1 day after being marked as read |
| Unread Notifications | 15 days | Automatically deleted 15 days after creation |
| Reports | As needed | Retained for as long as necessary for investigation and enforcement |
| Subscription and Purchase History | Duration of Account + legal requirements | Retained for Account lifetime and as required by tax/accounting laws |
| Analytics Data (PostHog) | Per PostHog retention settings | Pseudonymized event data; retention governed by our PostHog configuration |
| Online Presence | 60 seconds | Automatically cleared after 60 seconds of inactivity |
7.2 Deletion After Account Termination
When you delete your Account or when your Account is terminated by Volosoft:
- Your profile data, messages, and associated Content are queued for deletion.
- Some data may be retained for a limited period to comply with legal obligations (e.g., tax records, fraud prevention), to resolve disputes, or to enforce our Terms.
- Aggregated or anonymized data that can no longer identify you may be retained indefinitely for analytical and statistical purposes.
- Backup copies may take up to 30 days to be fully purged from our systems.
8. Data Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption: Data is encrypted in transit (TLS/HTTPS) and at rest where technically feasible.
- Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
- Authentication: The Service uses secure authentication protocols (OAuth 2.0, Firebase Phone Auth) and does not store plaintext passwords.
- Infrastructure Security: Our hosting infrastructure employs firewalls, intrusion detection, and regular security updates.
- Distributed Locking: Background data cleanup processes use distributed locking to ensure consistency in multi-instance deployments.
- Monitoring: We use error tracking and monitoring to detect and respond to security incidents.
Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data. If you become aware of a security vulnerability or breach, please notify us immediately at [email protected].
9. International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence, including Turkey (where Volosoft is incorporated) and other countries where our service providers operate (e.g., the United States for certain cloud and AI services).
These countries may have data protection laws that differ from those in your country. When we transfer personal data internationally, we take appropriate safeguards to ensure your data remains protected in accordance with this Policy and applicable law, including:
- Standard Contractual Clauses (SCCs): For transfers from the EEA to countries without an adequate level of data protection, we rely on EU Standard Contractual Clauses or other approved transfer mechanisms.
- KVKK Compliance: For transfers from Turkey, we comply with the requirements of KVKK, including obtaining consent or relying on permitted exceptions as set out in Articles 5 and 9 of the law.
- Contractual Protections: We require our service providers to implement appropriate security and confidentiality obligations.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us at [email protected] or use the in-app features where available.
10.1 Rights for All Users
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | Contact us at [email protected] |
| Correction | Request correction of inaccurate or incomplete data | Edit your profile in the app, or contact us |
| Deletion | Request deletion of your personal data | Delete your Account via Settings in the app, or contact us |
| Withdraw Consent | Withdraw consent previously given for specific processing activities | Contact us or adjust settings in the app (e.g., disable STT, adjust notification preferences) |
10.2 Additional Rights for EEA Users (GDPR)
If you are located in the European Economic Area, you have the following additional rights under the General Data Protection Regulation:
| Right | Description |
|---|---|
| Data Portability | Request your data in a structured, commonly used, machine-readable format and transmit it to another controller |
| Restriction of Processing | Request that we restrict the processing of your data in certain circumstances (e.g., while we verify accuracy) |
| Object to Processing | Object to processing based on legitimate interests, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds. |
| Automated Decision-Making | You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our Service does not make such decisions. |
| Lodge a Complaint | File a complaint with a supervisory authority in your EU member state of residence |
10.3 Additional Rights for Turkish Users (KVKK)
If you are located in Turkey, you have the following rights under the Turkish Personal Data Protection Law (KVKK, Law No. 6698, Article 11):
| Right | Description |
|---|---|
| Information | Learn whether your personal data is processed |
| Access | Request information about the purposes and whether data is used in accordance with its purpose |
| Correction | Request correction of incomplete or inaccurate data |
| Deletion/Destruction | Request deletion or destruction of your data under the conditions set forth in Article 7 of KVKK |
| Notification | Request that corrections, deletions, or destruction be notified to third parties to whom data has been transferred |
| Object | Object to any result that is to your detriment arising from the analysis of your data exclusively by automated means |
| Compensation | Request compensation for damages arising from unlawful processing of your data |
| Complaint | File a complaint with the Turkish Personal Data Protection Authority (KVKK Kurulu) |
10.4 Response Time
We will respond to your requests within thirty (30) days of receipt, or within the timeframe required by applicable law. In complex cases, we may extend this period by an additional 30 days, and we will inform you of such extension and the reasons for it. We may ask you to verify your identity before processing your request.
11. Children’s Privacy
The Service is not intended for and is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal data from children under 18. Our onboarding process requires Users to provide their birth year, and we deny Account creation to individuals under 18.
If we become aware that we have inadvertently collected personal data from a child under 18, we will take prompt steps to delete such data from our systems and terminate the associated Account. If you believe that a child under 18 has provided us with personal data, please contact us immediately at [email protected].
12. Push Notifications
We use push notifications to deliver important Service-related information, including:
- Session reminders: Notifications before a scheduled Session starts (10 minutes before, and 1 minute after start for those who expressed intent to attend).
- Attendance reminders: Reminders 24 hours before a Session to express attendance intent.
- Group activity: New join requests, join request decisions, new members, member departures, new Group messages.
- Social activity: Friend requests, friend request acceptances, direct messages.
- Role changes: Moderator assignments and removals, Group ownership transfers.
- Session events: Being kicked from a Session, Session analysis ready.
- Account and Subscription: Subscription expiry and other Account-related alerts.
12.1 Managing Push Notifications
You can manage your push notification preferences at any time through:
- In-app notification preferences: Toggle individual notification categories on or off (Session reminders, Group messages, join requests, direct messages, friendship events, role changes).
- Device settings: Disable push notifications for Daily Talking entirely through your device’s notification settings (iOS Settings or Android system settings).
Disabling push notifications does not affect in-app notifications, which will continue to appear within the Service.
13. Cookies and Similar Technologies
13.1 Mobile Application
The Daily Talking mobile application does not use browser cookies. However, we use similar technologies, including:
- Local storage: To store your authentication tokens, app preferences (language, theme), and cached data for offline access and performance.
- Device identifiers: To identify your device for push notification delivery and Subscription management.
- Analytics identifiers: Pseudonymized identifiers used by our analytics platform (PostHog) to track usage events. These identifiers do not contain personally identifiable information.
13.2 Website
If you visit our website (e.g., dailytalking.com), we may use cookies and similar tracking technologies for essential website functionality, analytics, and performance monitoring. Details about website cookies, if applicable, will be provided via a cookie banner or cookie policy on the website.
14. Third-Party Links and Services
The Service may contain links to or integrations with third-party websites, applications, or services that are not operated by Volosoft. This Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.
We are not responsible for the privacy practices, content, or security of any third-party websites or services, even if they are accessed through the Service.
15. Changes to This Policy
15.1 Right to Update
Volosoft reserves the right to modify, amend, or replace this Policy at any time. The updated Policy will be posted within the app and, where applicable, on our website, with the “Last Updated” date revised accordingly.
15.2 Notification of Material Changes
For material changes to this Policy, we will provide advance notice through one or more of the following methods:
- An in-app notification or prominent banner.
- An email to the address associated with your Account (if provided).
- A push notification.
Material changes will take effect no earlier than thirty (30) days after notice is provided, unless the change is required to address a legal obligation, safety issue, or security concern, in which case it may take effect immediately.
15.3 Acceptance of Changes
Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop using the Service and may delete your Account as described in our Terms.
16. Governing Law
This Policy is governed by and construed in accordance with the laws of the Republic of Turkey, including the Turkish Personal Data Protection Law (KVKK, Law No. 6698). For Users in the European Economic Area, the provisions of the General Data Protection Regulation (GDPR) apply in addition to Turkish law where relevant.
Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of Istanbul, Republic of Turkey, without prejudice to mandatory consumer protection provisions that may apply in your jurisdiction.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:
Volosoft Bilisim Anonim Sirketi
- Email: [email protected]
- Website: https://www.volosoft.com
- Address: Yesilkoy Serbest Bolge mh. E Blok sk. E1 Blok, No: 2, Bakirkoy, Istanbul, Turkey
For Turkish Users, you may also contact the Turkish Personal Data Protection Authority (Kisisel Verileri Koruma Kurumu) at https://www.kvkk.gov.tr.
For EEA Users, you may lodge a complaint with the supervisory authority in your EU member state of residence. A list of supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
This Privacy Policy was last updated on February 8, 2026.