Privacy Policy

Last updated: December 22, 2025

1. Company Information

Company Name: Marsby Teknoloji A.Ş.

Location: Ankara / Türkiye

Email: info@themarsby.com

2. Purpose and Scope

Marsby Teknoloji A.Ş. ("Marsby," "Company," "we," "us," or "our") is dedicated to handling user personal data in alignment with fundamental privacy principles and relevant data protection regulations, including but not limited to Turkish Personal Data Protection Law No. 6698 ("PDP Law") and other applicable statutes. Where the General Data Protection Regulation (EU) 2016/679 applies, this policy also outlines the additional rights afforded to individuals under that framework.

Personal information that you share with our Company or that we acquire through external channels may be handled by our Company as "Data Controller" in the following manner:

  • Within the context of the data processing objective and in a manner that is relevant, limited, and proportionate to that purpose
  • By preserving the accuracy and currency of personal data as communicated or reported to our Company
  • May be recorded, retained, preserved, reorganized, and disclosed to legally authorized requesting institutions, and may be shared with domestic or international third parties under conditions prescribed by law and, where required, with your explicit permission

This Privacy Policy has been established to maintain and enhance the Company's operations in accordance with PDP Law principles. It explains what data we gather, how we plan to utilize, retain, safeguard, and distribute the collected data, how you can revoke your consent for data processing, and how you can amend and update your information.

Terms written in capitals in this Policy carry the definitions provided in the Terms of Use unless separately defined within this Policy.

3. Age Restrictions

Our application is not available for use by individuals younger than 16 years of age.

We do not intentionally gather or handle personal information from anyone below 16 years old. Should you discover that someone under 16 has shared personal details with us, please reach out to us at info@themarsby.com. Individuals under 18 must obtain authorization from their parents or legal guardians before using our Services.

4. Data Collection Methods

The Company may handle your personal data for the objectives outlined in this Privacy Policy. We gather information through fair and lawful methods, with your awareness and permission. We inform you about why we collect information and how it will be utilized. You may decline our request for information, understanding that we might be unable to deliver certain desired services without it.

We may obtain the aforementioned data directly from you via electronic or physical channels, your mobile device, web browser, webpage, third-party applications, or third-party sources through which you can access our application, including the Apple App Store, Google Play Store (collectively "App Stores"), for purposes of legal compliance, service enhancement, administration of your service usage, and enabling you to enjoy and navigate our services with ease.

We may gather log data produced during your use of our services/applications (through our products or third-party products). This log data may encompass information such as your device's Internet Protocol ("IP") address, device name, operating system version, application configuration during service use, the time/date of your service usage, and additional statistics.

5. Categories of Personal Data

The personal information of users that the Company gathers and utilizes includes the following categories:

Data Category Types of Data
Identity and Contact Details Full name, telephone number, and email address (when you reach out to us)
Profile Details User ID, username, user token, Open ID, email address, password (when registering with email)
Social Media Details When registering via social networks: Google user ID, Apple user ID, or Facebook user ID along with username, user token, Open ID, and email address
Process Security Data Network traffic data (IP address, visit information, timestamps, access and usage details, browser type and version, pages visited, time on pages, operating system, screen dimensions, time in Application), device name, purchase records, Token ID (for notifications), IDFA (with permission), IDFV
User Generated Content Messages, posts, communications, statements, information, phrases, entries, text, questions, responses, answers, choices, files, documents, links, images, photos, visual recordings, screenshots, graphics, media, and any content you voluntarily provide, upload, transmit, create, store, use, edit, or share through Talkera or the AI Chatbot
Transaction Records Order information and purchase history
Marketing Information IDFA, IDFV

6. Onboarding Information

Prior to using Talkera, we may present you with introductory questions regarding your gender, native language, foreign language proficiency, interests, preferred usage times, or desired time commitment within the Talkera application. Should you choose to respond to these questions, we may gather and process your answers primarily to personalize our services (for instance, recommending conversation topics with the AI chatbot or, with your consent, sending reminder notifications at your preferred times).

Whether or not to answer these questions or share any information with us is entirely your decision. You may use the application without responding to these introductory questions or providing such information if you prefer.

7. Camera and Audio Permissions

We may request access to your device's camera and audio recording capabilities to deliver certain services while you use Talkera, such as enabling voice or video calls with an AI-generated chatbot. You may choose to deny us access to your camera and audio recording functions either by rejecting our access request or by subsequently disabling such access in your mobile device settings. However, certain aspects of our services may be unavailable if you choose to opt out.

We do not retain your voice calls and video calls made through Talkera on our servers; rather, they are stored on your devices. Nevertheless, we do temporarily retain your voice calls until we process them for you. Your voice call recordings are removed from our servers within 24 hours of transcription.

Please refrain from sharing any content that might contain sensitive personal information. Additionally, be advised that providing financial details, social security numbers, health information, images of other individuals, information about children, or any other sensitive or confidential information through Talkera is strictly forbidden.

Please note that we do retain your user content in accordance with this Privacy Policy and applicable legislation, particularly to provide services. You may request deletion of this information at any time. Your additional rights concerning this information are detailed throughout this Privacy Policy.

8. Payment Processing

The Company may provide paid products and/or services within the Application. In such cases, the Company may employ third-party services for payment handling (e.g., payment processors). Your payment information will not be retained or gathered by the Company. Such details are supplied directly to third-party payment processors. The handling of such personal information will be subject to the privacy policy of the third-party payment processors.

Our online ordering process is managed by our online reseller (such as Paddle). The payment platform serves as the Merchant of Record for our online orders. Your relationship with payment platforms is governed by their respective Terms and Conditions and Privacy Policy. The payment platform's Privacy Policy applies whenever you make purchases using their service.

9. Fundamental Principles of Data Processing

In accordance with this Privacy Policy, personal data is processed by the Company as data controller following these fundamental principles:

  • Compliance with law and principles of good faith
  • Accuracy and, where necessary, currency of data
  • Processing for specific, explicit, and legitimate purposes
  • Limitation to the purpose for which data is processed and data minimization
  • Retention for the period stipulated in relevant legislation or required for the processing purpose

10. Purposes of Data Processing

Your personal data will be processed through automatic or non-automatic means for the purposes outlined below, in accordance with applicable legislation and articles 5 and 6 of the PDP Law where explicitly permitted by laws, for contract establishment or direct relation to contract execution or performance, and for the Company's legitimate interests provided your fundamental rights and freedoms are protected.

10.1 Identity, Contact, Profile, and Social Media Information

  • Conducting activities in compliance with legislation
  • Compliance with legislation and protection of persons' rights, privacy, and safety
  • Execution of company/product/service commitment operations
  • Execution of communication activities
  • Execution and auditing of business activities
  • Conducting after-sales support services and customer communications
  • Marketing communications about services (with consent)
  • Execution of goods/services sales processes
  • Conducting storage and archive activities
  • Execution of agreement processes
  • Operation of our product

10.2 Process Security Data

  • Execution of information security processes
  • Conducting audit and ethical activities
  • Execution and audit of business activities
  • Conducting activities to ensure business continuity
  • Providing information to authorized persons, institutions, and organizations

10.3 Transaction Records

  • Execution and auditing of business activities
  • Conducting after-sales support services for goods/services
  • Execution of goods/services sales processes
  • Conducting activities for customer satisfaction
  • Execution of agreement processes

10.4 User Generated Content

  • Operation of our product, e.g., to generate outputs in response to inputs
  • Execution of activities in compliance with legislation
  • Execution of agreement processes
  • Conducting storage and archive activities
  • Execution and auditing of business activities
  • Conducting activities to ensure business continuity
  • Execution of activities for customer satisfaction
  • Improving our services and application features

You can opt out of our use of your information to improve our services or train artificial intelligence models by submitting a request to info@themarsby.com.

10.5 Marketing Information

  • Conducting marketing analysis studies
  • Execution of advertising/campaign/promotion processes

10.6 Additional Processing Purposes

Data processing purposes may be updated in line with our company policies and legislative obligations, including:

  • Creating user accounts for service recipients/application users
  • Customizing our Services, understanding our users and their preferences to enhance user experience
  • Informing about new products, services, applications, advertisements, and promotions
  • Carrying out digital subscription and in-app purchase processes
  • Carrying out auto-renewable subscriptions for content, services, or premium features
  • Carrying out information security processes
  • Conducting activities in accordance with legislation
  • Fulfilling demands of competent authorities
  • Conducting finance and accounting transaction processes
  • Conducting communication activities
  • Conducting contract processes
  • Carrying out strategic planning activities
  • Following up requests and complaints

11. Legal Basis for Processing

11.1 Identity, Contact, Profile, and Social Media Information

  • Processing is necessary when we establish a contractual relationship with you, or when directly related to our performance obligation arising from this contract
  • We must process data to establish a right for you, to exercise and protect this right
  • Your consent (e.g., for marketing communications)

11.2 User Generated Content

  • Processing is necessary when we establish a contractual relationship with you, or when directly related to our performance obligation arising from this contract
  • We must process data to establish a right for you, to exercise and protect this right
  • Processing is necessary for our legitimate interests, provided your fundamental rights and freedoms are not harmed
  • Your consent

11.3 Process Security and Application Data

  • The law explicitly stipulates the processing of your personal data
  • Processing is necessary to fulfill our legal obligations
  • Processing is necessary when we establish a contractual relationship with you, or when directly related to our performance obligation arising from this contract
  • Processing is necessary for our legitimate interests, provided your fundamental rights and freedoms are not harmed
  • Your consent

11.4 Marketing Data

  • Your explicit consent

12. Data Retention

Your data will be retained for the duration specified in applicable legislation or for a reasonable period until the processing purpose ceases to exist, or during legal limitation periods.

The Company may continue to retain your personal data even after the expiry of the processing purpose if required by other laws or if you have granted separate consent in this regard.

In cases where you permit the Company to retain your personal data for additional time by giving consent, such data shall be immediately deleted, destroyed, or anonymized upon the expiry of such additional time or once the processing purpose no longer exists.

13. Security Measures

The Company retains personal data it processes in accordance with relevant legislation for periods stipulated in legislation or required for the processing purpose. The Company commits to taking all necessary technical and administrative measures and due care to ensure the confidentiality, integrity, and security of personal data. In this context, it takes necessary measures to prevent unlawful processing of personal data, unauthorized access to data, and unlawful disclosure, modification, or destruction of data.

13.1 Technical Measures

  • Anti-virus Protection: Periodically updated anti-virus applications are installed on all computers and servers in the Company's information technology infrastructure
  • Firewall: Data centers hosting Company servers are protected by periodically updated firewalls that control internet connections and provide protection against viruses and similar threats
  • VPN: Suppliers can access Company servers or systems through SSL-VPN defined on Firewalls with separate identification providing access only to authorized systems
  • User Identifications: Employee authorization to Company systems is limited to the extent necessary by job descriptions; authorizations are updated with any change of authority or duty
  • Security Monitoring: Events on Company servers and firewalls are transferred to an Information Security Threat and Event Management system that alerts responsible staff when security threats occur
  • Encryption: Sensitive data is stored with cryptographic methods and, if required, transferred through encrypted environments with cryptographic keys stored in secure locations
  • Logging: All transaction records regarding sensitive data are securely logged
  • Two-factor Authentication: Remote access to sensitive data is allowed through at least two-factor authentication
  • Penetration Testing: Periodic penetration tests are performed on servers; security gaps are closed with verification tests performed to confirm closure
  • Backup: The Company periodically backs up stored data using backup facilities provided by cloud infrastructure providers and backup solutions developed internally when necessary

13.2 Administrative Measures

  • Information Security Management: Topics are audited monthly by information technology and financial operations directors at ISMS meetings
  • Training: Regular training is provided to employees to increase awareness against information security violations and minimize the human factor in information violation incidents
  • Physical Security: Personal data on papers is stored in lockers accessible only by authorized persons; adequate security measures are taken based on the nature of the storage environment
  • Non-disclosure Agreements: Non-disclosure agreements are concluded with employees taking part in sensitive personal data processing
  • Secure Transfer: Transfer of sensitive personal data through email is done via encrypted corporate email or Registered E-mail

13.3 Incident Response

In the event that personal data is damaged as a result of attacks on the Application or Company system despite necessary information security measures, or if personal data is obtained by unauthorized third parties, the Company notifies this situation to Users immediately and, if necessary, to the relevant data protection authority, and takes necessary measures.

14. Cookie Usage

Cookies are small text files stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies enable a website to operate more efficiently and ensure the presentation of personalized web pages to provide a faster visit experience tailored to your specific personal needs and preferences.

Containing only data on your website visit history via the internet, cookies do not collect any information, including personal data or files stored on your computer or mobile device. We may use cookies when necessary for operating our services, enhancing service performance and functionality, and delivering content, including ads relevant to your interests, on our sites or third-party sites.

You can delete existing cookies on your computer and prevent the recording of cookies. Internet browsers are predefined to automatically accept cookies by default. As cookie management varies from browser to browser, you may consult your browser or application's help menu for detailed information.

15. Push Notifications

The Company may occasionally send you push notifications regarding account upgrades or service-related information. You can always edit such communications and notifications through your device settings and stop receiving such communications and notifications.

16. Third-Party Websites and Applications

The Application may contain links to other websites or applications unknown to the Company and whose content is not controlled by us. These linked websites or applications may contain terms and conditions different from the Company's texts. The Company cannot be held responsible for the use or disclosure of information that these websites or applications may process. Likewise, the Company shall not have any responsibility for any links from other sites or applications provided to the Application owned by the Company.

While using the Application, you may provide information through third-party websites and applications to the Company. Please be aware that your liability and obligations against third-party applications or websites will continue, and the Company shall not be held responsible for any terms, conditions, rules, or policies determined by third parties.

17. International Data Transfers

The procedures and principles for transferring personal data are regulated in articles 8 and 9 of the PDP Law. Personal data may be transferred to third parties domestically or abroad since we may use servers and cloud systems located outside our country.

Your personal data may be transferred abroad for the following reasons:

  • Conducting storage and archive activities
  • Conducting business activities
  • Conducting after-sales support services for goods/services
  • Managing customer relationship management processes
  • Correction of technical specifications, technical errors, and defects

The Company may also transfer your personal data to service providers and third parties (such as analytics providers) embedded into our service for the following purposes:

  • Sharing identity, communication, and transaction security information with authorized public institutions and organizations for execution of activities in compliance with legislation, monitoring and execution of legal affairs, and informing authorized persons, institutions, and organizations
  • Sharing identity and contact information to manage after-sales support services, conduct business activities, and manage customer relationship management processes

18. Your Rights as Data Subject

Pursuant to Article 11 of the PDP Law, you may request the following regarding your personal data by applying to the Company:

  • Learn whether or not your personal data have been processed
  • Demand information if your personal data have been processed
  • Learn the purpose of personal data processing and whether data are used in accordance with their purpose
  • Know the third parties domestically or abroad to whom your personal data have been transferred
  • Request correction if personal data is processed incompletely or inaccurately, and request notification of transactions made under this scope to third parties to whom personal data have been transferred
  • Request deletion, destruction, or anonymization of personal data if the processing reasons have disappeared, and request notification of transactions made under this scope to third parties to whom personal data have been transferred
  • Object to occurrence of any result to your detriment by means of analysis of personal data exclusively through automated systems
  • Request compensation for damages if you incur damages due to unlawful processing of your personal data

18.1 Additional Rights Under GDPR

Where the General Data Protection Regulation (GDPR) is applicable, data subjects have the following additional rights:

  • Right of Access: Learning whether personal data is being processed and, if so, accessing your personal data and information regarding its processing
  • Right to Correction: Requesting correction of inaccurate information or completion of incomplete information by the Company
  • Right to Deletion: Requesting deletion of personal data under conditions stipulated in GDPR
  • Right to Restrict Processing: Requesting restriction of personal data processing under conditions stipulated in GDPR
  • Right to Object to Processing: Objecting to personal data processing under conditions stipulated in GDPR
  • Right to Data Portability: Requesting data collected by the Company to be transferred directly to another organization under certain conditions
  • Right Against Automated Decision-Making: Objecting to the occurrence of a result against yourself by analyzing processed data exclusively through automatic systems, including profiling

18.2 Exercising Your Rights

In your application to exercise the rights stated above, your request must be explicit and understandable. If the subject of your request relates to you or if you are acting on behalf of someone else, you must be specially authorized and your authority must be documented. The application must contain identity and address information, and documents proving your identity must be attached.

Our Company will enable you to file such requests through the Data Subject Application Form at info@themarsby.com. In accordance with Article 13 of the PDP Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest depending on the nature of the request. In case the request is rejected, the reason or reasons for rejection will be notified in writing or electronically along with justification.

If you believe that we or someone to whom we have transferred your data is violating your rights, you can file a complaint with the data protection authority in your country and other competent supervisory authorities.

19. Policy Modifications

This Privacy Policy may be revised by our Company when deemed necessary. If you continue to access the Application and use or access the Application without benefiting from the Services offered by the Company after the notification period, you shall be deemed to have allowed the changes in this Privacy Policy.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company: Marsby Teknoloji A.Ş.

Location: Ankara / Türkiye

Email: info@themarsby.com