SmartNotes Privacy Policy
Effective Date: 1 July 2025 | Last Updated: 1 July 2025
Summary
This document explains in detail how Mia Digital Solutions Ltd. ("Company", "we", "our", or "us") collects, processes, shares, and safeguards your personal data when you use the SmartNotes mobile applications, website, or any related services (collectively, the "Service"). By accessing or using SmartNotes, you acknowledge that you have read, understood, and accepted the practices described in this Privacy Policy.
1. About Us
Mia Digital Solutions Ltd.
Official website: https://miadigitalsolutions.com/
E‑mail: [email protected]
Address: Barbaros Mah. X Cad. No: 00, Ataşehir / İstanbul, Türkiye
The Company is incorporated under the laws of the Republic of Türkiye and is subject to the Turkish Personal Data Protection Law ("KVKK"), the EU General Data Protection Regulation ("GDPR"), and other applicable international data‑protection rules.
2. Scope
This policy applies to the SmartNotes iOS and Android mobile applications, the web interface at https://smartnotes.miadigital.us, public APIs, customer‑support channels, and all online features or content under our control. Third‑party websites or resources that may be linked within the Service (e.g., YouTube videos, external blog posts) fall outside the scope of this policy.
3. Definitions
| Term | Meaning |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Special Category Data | Sensitive data such as race, ethnic origin, political opinions, or health information. |
| Processing | Any operation performed on personal data (collection, storage, alteration, deletion, transfer, etc.). |
| User Content | PDF, Word, TXT, or other documents you upload, and the summaries, quiz questions, notes, or comments derived from those documents. |
| AI Output | Text automatically generated by the OpenAI ChatGPT API or similar language models. |
4. Categories of Data We Collect
Account Data
• Name and surname (optional)
• E‑mail address
• Password or OAuth credential
• Subscription status, billing ID (if applicable)
User Content & Metadata
• Filename, size, and type of the documents you upload
• UTF‑8 text representation of the content (read by the application)
• AI‑generated summaries, quiz questions, and related timestamps
Device & Session Information
• Device model, operating system, app version, language preference
• IP address and approximate geolocation (city level)
• Cookies, Firebase Instance ID, advertising identifiers
Analytics & Log Data
• Page views, clicks, crash and error logs (Firebase Crashlytics)
Support & Communication Records
• Help‑desk tickets, chat history, surveys, feedback forms
Payment Information (for premium tiers)
• Transaction ID, payment‑provider tokens (we never store full card numbers)
5. How We Collect Data
Directly from you: account registration, file uploads, form submissions, support requests.
Automatically: cookies, device SDKs, Firebase, Google Play Services.
From third parties: Google/Apple single‑sign‑on, payment processors (Stripe, Google Play Billing), or social‑media integrations.
6. Purposes & Legal Bases for Processing
| Purpose | Legal Basis (KVKK / GDPR) |
|---|---|
| Provide core Service features (registration, sessions, document processing) | Contract performance (KVKK Art. 5/2‑c, GDPR Art. 6 (1)(b)) |
| Generate summaries & quizzes via AI | Consent (KVKK Art. 5/1, GDPR Art. 6 (1)(a)) |
| Monitor performance & fix bugs | Legitimate interest (KVKK Art. 5/2‑f, GDPR Art. 6 (1)(f)) |
| Comply with legal and fiscal obligations, issue invoices | Legal obligation (KVKK Art. 5/2‑ç, GDPR Art. 6 (1)(c)) |
| Marketing & personalised content | Consent |
You may withdraw your consent at any time; withdrawal does not affect the lawfulness of processing carried out before that point.
7. Artificial Intelligence & Automated Decision‑Making
Your document content is transmitted to the OpenAI ChatGPT API over a TLS‑encrypted connection.
OpenAI may store the data for up to 30 days for abuse monitoring but will not use it to train its models.
AI outputs are fully automated suggestions intended for educational or study purposes; they do not constitute legal, medical, or professional advice.
Limitation of Liability: The Company disclaims any responsibility for damages arising from the use or reliance on AI outputs.
8. Cookies & Similar Technologies
| Type | Purpose | Example |
|---|---|---|
| Strictly Necessary | Session management, authentication | __session |
| Analytics | Traffic measurement, user behaviour | firebase_analytics |
| Performance SDKs | Crash reporting | Firebase Crashlytics |
| You can delete or block cookies via your browser settings; some features may not function properly if cookies are disabled. |
9. International Data Transfers
Data may be transferred among servers located in the European Union, Türkiye, and the United States under Standard Contractual Clauses (SCCs), additional encryption, and contractual safeguards. We will not transfer personal data to third‑country recipients without an adequate level of protection or your explicit consent.
10. Data Retention
Account Data: Until you close your account + 90 days.
User Content: Permanently deleted within 30 days after you remove a file.
Backups: Rotating, encrypted backups retained for up to 30 days.
Cookies & Analytics Data: Up to 26 months.
After the retention period, data are anonymised or securely destroyed.
11. Security Measures
End‑to‑end TLS 1.3 encryption in transit
AES‑256 encryption at rest on Firebase Storage
Role‑based access control (RBAC) and least‑privilege principles
Code reviews following OWASP guidelines
Annual independent penetration tests and SOC 2 type reports
In the event of a security breach, we will notify affected users within 72 hours in accordance with KVKK Art. 12 and GDPR Art. 33.
12. Data Sharing & Recipient Categories
| Recipient | Purpose | Data Shared |
|---|---|---|
| Google LLC – Firebase | Authentication, storage, analytics, crash reporting | IP, device info, app activity |
| OpenAI, LLC | AI processing service | Document text (temporary), summary requests |
| Stripe, Inc. (if used) | Payment processing | Transaction ID, subscription plan |
| Hetzner Online GmbH | Hosting & backups | Encrypted database copies |
| Authorities & Regulators | Compliance with legal requests | Limited data as required |
| Business Successors | Merger or acquisition | All records (with prior user notice) |
We never sell your personal data to third parties for marketing purposes.
13. Your Rights
You may exercise any of the following rights via in‑app settings or by e‑mailing [email protected]:
Access: Obtain a copy of the personal data we hold about you.
Rectification: Correct incomplete or inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Restriction / Objection: Object to or restrict certain processing activities.
Data Portability: Receive data in a structured, commonly used, machine‑readable format.
Withdraw Consent: Opt out of marketing or AI processing.
Complaint: Lodge a complaint with the Turkish DPA (KVKK Kurumu) or your local supervisory authority under GDPR.
14. Children’s Privacy (COPPA)
SmartNotes is not intended for children under the age of 13. We do not knowingly collect data from anyone under 13 without verifiable parental consent. If we learn that such data has been inadvertently collected, we will delete it and close the associated account.
15. Marketing & Communication Preferences
We obtain your explicit consent before sending push notifications or e‑mail newsletters.
You may opt out at any time via Settings → Notification Preferences or the "unsubscribe" link in our e‑mails.
16. Third‑Party Links
The Service may contain links to third‑party websites (e.g., educational videos, social networks). We are not responsible for the privacy practices of those sites; please review the respective policies.
17. Updates to This Policy
We may revise this Privacy Policy from time to time. The updated version will be posted on our website, and for material changes we will provide in‑app and e‑mail notice at least 30 days in advance. Changes will take effect on the date specified in the notice.
18. Disclaimer of Liability
The Service is provided "as is". To the fullest extent permitted by law, the Company disclaims liability for any indirect, incidental, special, or consequential damages arising from the use of the Service.
19. Contact
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
• E‑mail: [email protected]
• Web: https://miadigitalsolutions.com/contact
This English version is provided for informational purposes. In the event of any conflict with the Turkish version, the Turkish text shall prevail.