Privacy Policy & Terms and Conditions

Privacy Policy

Last updated: 23.08.2025

### 1. Purpose and Scope

This Privacy Policy ("Policy") has been prepared to provide transparent information about the data processing activities carried out during the use of the PsycAI artificial intelligence-based web application ("Service"). The Policy explains which data we process, on what legal grounds, where and for how long we process it; with whom and under what conditions we share it; your rights and how to exercise them. This document should be read together with the Information Notice, Explicit Consent Text, and Terms of Use.

### 2. Definitions

* **Personal Data:** Any information relating to an identified or identifiable natural person.

* **Special Categories of Personal Data:** Under KVKK; health, religion, political opinions, sex life and sexual orientation, etc.

* **Session:** The user's one-off interaction with the Service; content is permanently deleted when the session ends.

* **Anonymized Content (Model Processing Data):** Text in which person-specific expressions in the message are generalized/anonymized and stripped of person-level information, and which is not suitable for identifying a person.

* **Third-Party Providers:** Google Firebase (hosting/infrastructure), OpenAI (model processing – Anonymized Content only).

* **NAM5:** Google Cloud's US Central regions cluster: us-central1 (Iowa), us-central2 (Oklahoma — private), us-east1 (South Carolina).

### 3. Data Controller and Contact

* **Data Controller(s):** PsycAI Developer Team

* **Contact:** info@psycai.net

### 4. Principles and Compliance Approach

* Lawfulness and fairness

* Accuracy and keeping up to date

* Specific, explicit and legitimate purpose

* Processing that is relevant, limited and proportionate to the purpose (data minimization)

* Storage for as long as necessary (permanent deletion at the end of the session)

* Transparency, accountability and privacy-by-design approach

### 5. Categories of Data Processed

**A) Personal Data Categories**

* **Account/Contact:** e-mail (registration/verification, support communication).

* **Technical/Session Data:** session ID, client/device type, platform information, error/performance codes.

* **Content (In-Session):** Messages written by the user are stored in encrypted form only during the session; permanent deletion is applied when the session ends.

Special categories of personal data are not processed. Even if such statements are entered into the free-text field, the system converts these parts into general/anonymous expressions by stripping them from person-level context; this transformation is applied before permanently storing and before transferring to external services.

**B) Categories Not Constituting Personal Data**

* **Anonymized Content (Model Processing Data):** Prior to being transmitted to external model services, person-specific expressions in the message are generalized and separated from the person; the model sees only anonymized content.

### 6. Collection Methods and Legal Bases

* **Collection:** In-app forms/interfaces, API calls; necessary session cookies and logs.

* **Legal Bases:**

* Performance of a contract (KVKK Art. 5/2-c): Provision of the Service, session management, account verification.

* Legitimate interest (Art. 5/2-f): Security, prevention of abuse, error/performance management.

* Explicit consent (Art. 5/1 & 9): Cross-border transfer (Firebase NAM5) and external model processing (OpenAI – Anonymized Content only), analytics/marketing cookies.

* Legal obligation (Art. 5/2-ç): Fulfilling legal requests, responding to applications/complaints.

### 7. Purposes of Processing

* Operating the Service; registration/verification within the account requirement and maintaining the session

* Hosting on Firebase (NAM5) and secure operations

* (With consent) aggregated analytics and limited personalization

* User support/communications; legal obligations

### 8. Locations of Processing and Storage

* **Hosting:** Google Firebase (Google Cloud) — NAM5 (US Central): us-central1 (Iowa), us-central2 (Oklahoma — private), us-east1 (South Carolina).

* **Model Processing:** OpenAI, Inc. (USA) — only Anonymized Content is processed, in the context of the session and temporarily.

### 9. Third Parties and Recipient Groups

* **Google Firebase (Google LLC/Google Cloud):** Mandatory technical operations and session-based hosting.

* **OpenAI, Inc.:** Session-based processing of anonymized and person-decoupled content.

### 10. Cross-Border Transfer

Due to the infrastructure, data may be processed by providers located in the USA. Although Anonymized Content, which does not qualify as personal data, is used for model processing, explicit consent is obtained as a precaution within the scope of the Explicit Consent Text in case of technical exceptions.

### 11. Retention Periods and Deletion/Anonymization

* In-session message content: only during the session; permanent deletion when the session ends.

* Technical/log data: to the minimum extent and solely for the specified purposes.

* Communication/support records: until the request is finalized.

A time-stamped record is kept regarding deletion operations (e.g., session ID, deletion time).

### 12. Automated Decision-Making / Profiling

PsycAI does not engage in automated decision-making that produces legal effects based on personal data or in profiling specific to a person.

### 13. Children's Privacy

The Service is intended for individuals aged 18 and above. Access will be terminated if underage use is detected.

### 14. Security Measures

* Encryption (in transit and at rest), key management, access authorization

* At the application layer, writing person-specific expressions in general/anonymous form; separation from the person prior to external processing

* Restricting access to real data in developer environments

* Incident management and breach notification procedures; confidentiality obligations in supplier contracts

### 15. Data Subject Rights (KVKK Art. 11) and Application

* To learn whether processing is taking place; to request information; to access

* Rectification, deletion/anonymization; to learn about transfer and recipients

* To object to processing; to request compensation for damage

Application channels: info@psycai.net Applications are responded to within 30 days at the latest.

### 16. Changes

The Policy may be updated due to process and legislative changes. The current version is published on our website; in the case of material changes, in-app notification is provided.

### 17. Contact

For any questions regarding privacy: info@psycai.net

Terms of Use

Last updated: 23.08.2025

### 1. Parties, Purpose and Scope

This Terms of Use ("Agreement") regulates the rights and obligations regarding the provision of the PsycAI artificial intelligence-based web application and related interfaces (collectively, the "Service") by the PsycAI Developer Team consisting of three developers ("Developer", "we") to users ("User", "you"). This document should be read together with the Information Notice, Privacy Policy and Explicit Consent Text.

By using the Service, you are deemed to have accepted this Agreement. If you do not accept the terms of the Agreement, do not use the Service.

### 2. Definitions

* **Service:** The PsycAI web interface and interactive chat features.

* **Session:** The User's one-off (session-based) interaction period with PsycAI. When the session ends, content is permanently deleted.

* **Anonymized Content:** The state in which expressions specific to the level of special personal data in the user's message are generalized/anonymized and stripped of the person's identity (does not constitute special personal data).

* **Third-Party Providers:** Google Firebase (hosting/infrastructure), OpenAI (model processing – Anonymized Content only).

* **NAM5:** Google Cloud's US Central regions cluster: us-central1 (Iowa), us-central2 (Oklahoma—private), us-east1 (South Carolina).

### 3. Nature of the Service and Usage Framework

3.1. Informational nature:** PsycAI does not provide healthcare, psychotherapy, diagnosis/treatment or professional counseling. Contents are for information and awareness only; they are not suitable for emergencies. In emergencies, call 112/155/AFAD or local emergency lines.

3.2. 18+ use:** The Service is intended for persons aged 18 and above.

3.3. Accountless/with account use:** Creating a user account is mandatory to benefit from the Service. By completing the account creation process, you are deemed to have read, understood and accepted all the terms and conditions set forth in this Agreement and its annexes.

3.4. Version and experimental nature:** The Service may include experimental features; no commitment is made regarding uninterrupted and error-free operation.

### 4. Acceptance, Changes and Notices

**4.1.** This Agreement may be updated from time to time. The current version enters into force as soon as it is published on our website.

**4.2.** In the case of material changes, in-app or on-site notices may be provided.

**4.3.** If you do not accept the changes, you should stop using the Service.

### 5. Rules of Use and Prohibitions

5.1. Lawful use:** The Service may only be used for lawful purposes.

5.2. Non-permissible acts:** (i) reverse engineering, attacks, DDoS, robots/automated crawling; (ii) malware, spam; (iii) infringement of third-party rights; (iv) sharing illegal content; (v) activities that would impair the integrity of the Service.

5.3. False/misleading statements:** Manipulating the Service, fake accounts/sessions, fake requests are prohibited.

5.4. Community safety:** Hate speech, harassment, threats, content encouraging self-harm or harm to others are prohibited.

5.5. Technical limits:** Reasonable use within the technical limits of the Service is essential; in case of abuse, access may be restricted/terminated (see §14).

### 6. Account, Authentication and Security

**6.1.** If you open an account, the security of your authentication information and password is your responsibility.

**6.2.** In case of suspected unauthorized access, inform us immediately.

**6.3.** You are responsible for any damages arising from third-party use of your account/access information.

### 7. Third-Party Services and Links

7.1. Hosting/infrastructure:** Hosting and technical operations in Google Firebase (Google Cloud) NAM5 regions.

7.2. Model processing:** OpenAI, Inc. (USA) processes only Anonymized Content and within the session context; content that qualifies as special personal data is sent to the model in anonymized form and is retained in the infrastructure in anonymized form.

**7.3. External links may not be managed by us; we are not responsible for the content/practices of such sites.

### 8. Content, Anonymization and Storage

8.1. Session logic:** User messages are kept encrypted during the session; permanent deletion is applied when the session ends.

8.2. Anonymization:** Before external processing (model), person-specific expressions in the message are transformed into general/anonymous expressions and person-level information is removed from the content.

8.3. Special category data:** Even if written by the user, these parts are separated from the person/generalized; Anonymized Content is sent to the model.

### 9. Processing/Transfer Abroad

**9.1.** Due to Firebase NAM5 infrastructure and OpenAI operations, data may be processed in the USA.

**9.2.** Since the text shared with the model is Anonymized Content, it does not constitute special personal data; a precautionary explicit consent mechanism may also be offered (see Explicit Consent Text).

### 10. Intellectual Property Rights

**10.1.** All rights to the Service, software, design, logos and content belong to us or our licensors.

**10.2.** The User retains rights over the texts entered into the Service; however, grants a simple, royalty-free, transferable, sublicensable license to the extent necessary for the operation of the Service (limited to the session and technical requirements).

### 11. Feedback and Test Content

**11.1.** You agree that we may use free of charge and without restriction the ideas you provide as feedback/suggestions.

**11.2.** Experimental/pre-release features are provided "as is".

### 12. Fees

**12.1.** The Service may currently be offered free of charge/with limited access; paid plans may be added in the future.

**12.2.** Paid plans, billing, renewal and cancellation terms will be announced on the site.

**12.3.** Payment transactions are carried out through licensed payment institutions; we do not access your card data.

### 13. Misuse and Suspension

**13.1.** In the event of a violation of this Agreement, a security risk, illegal content or suspected infringement of third-party rights, we may immediately and with or without notice suspend or terminate your access to the Service.

**13.2.** If manipulation by multiple accounts/sessions by the same person is detected, access may be blocked.

### 14. Termination and Cancellation

**14.1.** The User may stop using the Service at any time.

**14.2.** Access may be terminated in case of violation, security risk or due to legislation.

**14.3.** Provisions that should remain in force upon termination (intellectual property, disclaimer, dispute resolution, governing law) shall continue to apply.

### 15. Disclaimer of Warranties

**15.1.** The Service is provided "as is" and "as available"; no warranties are given for uninterrupted, error-free operation or fitness for a particular purpose.

**15.2.** Contents are not medical/psychological/academic advice.

**15.3.** We are not responsible for outages, delays and data loss arising from third-party infrastructure and the internet.

### 16. Limitation of Liability

**16.1.** To the maximum extent permitted by law; no liability is accepted for indirect, incidental, special, consequential damages; loss of profit/reputation/records; data recovery costs.

**16.2.** For direct damages, our total liability is limited to the Service fee for the relevant period, if any; for free use it is limited to 0 TRY.

### 17. Security, Notices and Breach Procedure

**17.1.** Encryption (in transit/at rest), access authorization, logging and incident management are applied.

**17.2.** Person-related elements are removed from the content before the model stage.

**17.3.** Legal notification obligations to the competent authorities remain reserved where required by law.

**17.4.** In case of suspected security breach, contact us through our communication channels.

### 18. Governing Law and Dispute Resolution

**18.1.** This Agreement is governed by the law of the Republic of Türkiye.

**18.2.** The courts and enforcement offices of Istanbul (Central) have jurisdiction in disputes.

**18.3.** If you qualify as a consumer, your rights to apply to mandatory application authorities are reserved.

### 19. Contact

For questions: info@psycai.net

### 20. Entry into Force

This Agreement enters into force on the date of publication and becomes effective upon the User's access to the Service.