Privacy Notice (GDPR)
okVibe — Daily Wellbeing Check-In for Independent Living For Users in the European Economic Area and United Kingdom
Effective date: June 02, 2025 Last updated: June 02, 2025
1. Introduction
ICI Tech Teknoloji A.Ş. processes your personal data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and, where applicable, the UK GDPR.
| Data Controller | ICI Tech Teknoloji A.Ş. |
| Website | https://okvibe.app/ |
| app@icitech.com.tr | |
| Country of establishment | Republic of Turkey |
EU Representative (Article 27 GDPR): As a company established outside the EEA offering services to EEA residents, we are in the process of designating an EU representative per Article 27 GDPR. Updated contact details will be published at /en/privacy once appointed. In the meantime, contact app@icitech.com.tr.
Data Protection Officer: We do not currently meet the threshold for mandatory DPO appointment under Article 37 GDPR. Contact: app@icitech.com.tr.
Important Disclaimer: okVibe is not an emergency service, medical device, fall detector, crisis hotline, or guaranteed safety system. In immediate danger, contact your local emergency services (112 in most EU countries, 999 in the UK).
2. Data We Process
2.1 Account Information
Email address, password (hashed), optional display name and profile photo. An account is required for the primary user (the person performing check-ins).
2.2 Check-in Data
Daily check-in timestamps, missed check-in records, check-in window settings, calm status notes, check-in history.
Check-in history reveals patterns about your daily routine and wellbeing status. We treat this as sensitive contextual data and do not share it with advertising platforms.
2.3 Trusted Contact Data
Names and contact details (phone/email) of people you choose to add as trusted contacts; your configured alert messages.
You are responsible for ensuring the people you add as trusted contacts have consented to receive notifications from okVibe on your behalf.
2.4 App Settings and Preferences
Check-in timing preferences, reminder settings, privacy mode configuration.
2.5 Location Data (Consent-based, optional)
Collected only when you explicitly enable the optional SOS feature and only while it is active. Not collected during routine check-ins.
2.6 Subscription and Purchase Data
Subscription status and tier, purchase/renewal dates, transaction ID, RevenueCat pseudonymous customer ID.
2.7 Device and Technical Data
Device type, OS version, app version, IP address (truncated), time zone, session data, crash logs.
2.8 Push Notification Data
Device push token and notification interaction events (if permission granted).
2.9 Communications Data
Email and message content from support contacts.
3. Legal Bases for Processing (GDPR)
| Purpose | GDPR Legal Basis |
|---|---|
| Account creation and management | Art. 6(1)(b) — Performance of contract |
| Daily check-in delivery | Art. 6(1)(b) — Performance of contract |
| Trusted contact storage and alert delivery | Art. 6(1)(b) — Performance of contract |
| Reminder notifications | Art. 6(1)(b) — Performance of contract |
| SOS location sharing | Art. 6(1)(a) — Explicit consent (device permission) |
| Subscription management | Art. 6(1)(b) — Performance of contract |
| App quality and crash analysis | Art. 6(1)(f) — Legitimate interests |
| Security monitoring and fraud prevention | Art. 6(1)(f) — Legitimate interests |
| Support requests | Art. 6(1)(b) — Performance of contract |
| Legal obligations | Art. 6(1)(c) — Legal obligation |
| Legal disputes | Art. 6(1)(f) — Legitimate interests |
| Marketing communications | Art. 6(1)(a) — Consent |
Legitimate interests: Where we rely on Art. 6(1)(f), we have balanced our interests against your rights. You may object — see Section 7.
4. Trusted Contacts — GDPR Considerations
When you add a trusted contact, you are providing us with a third party's personal data. Under GDPR:
- We process trusted contact data strictly as instructed by you (as a data processor for this purpose).
- Trusted contact data is used only to send missed check-in notifications.
- Trusted contacts who receive notifications from okVibe are entitled to rights under GDPR Articles 15–22. They may contact app@icitech.com.tr to exercise these rights.
- You should ensure you have a lawful basis (e.g. the trusted contact's consent) for providing their data to us.
- You can remove a trusted contact at any time in Settings → Trusted Contacts.
5. Location Data and SOS — GDPR Basis
okVibe's core check-in routine does not use location data. This is a fundamental design principle.
| Scenario | Location collected? | Legal Basis |
|---|---|---|
| Daily check-in | No | — |
| Missed check-in alert | No | — |
| SOS feature (when you enable it) | Yes | Art. 6(1)(a) — Consent |
When you enable SOS, you will be asked to grant location permission explicitly. You may withdraw this consent at any time by disabling SOS or revoking location permission in device settings.
6. What We Do Not Do
- We do not sell personal data.
- We do not track location routinely — GPS is used only for optional SOS.
- We do not share check-in history with Meta, TikTok, Google Ads, or advertising networks.
- We do not use advertising identifiers (IDFA / GAID).
- We do not profile users based on check-in patterns for advertising purposes.
- We do not require trusted contacts to install the app or create accounts.
7. Your Rights Under GDPR
| Right | Article | Description |
|---|---|---|
| Right of access | Art. 15 | Obtain a copy of your data |
| Right to rectification | Art. 16 | Correct inaccurate data |
| Right to erasure | Art. 17 | Request deletion |
| Right to restriction | Art. 18 | Limit processing |
| Right to data portability | Art. 20 | Receive data in machine-readable format |
| Right to object | Art. 21 | Object to legitimate interest processing or marketing |
| Right to withdraw consent | Art. 7(3) | Withdraw SOS location consent or marketing consent |
| Right to lodge a complaint | Art. 77 | Contact your national supervisory authority |
How to exercise
Email app@icitech.com.tr — subject "GDPR Data Subject Request — okVibe". We respond within one month, free of charge.
In-app controls
| Action | Where |
|---|---|
| Delete account | Settings → Account → Delete Account |
| Remove trusted contact | Settings → Trusted Contacts |
| Disable SOS location | Device Settings → Location Services → okVibe |
| Export your data | Settings → Privacy → Export My Data (where available) |
| Revoke marketing consent | Settings → Privacy → Marketing Preferences |
8. Right to Lodge a Complaint
| Country | Authority | Website |
|---|---|---|
| 🇫🇷 France | CNIL | https://www.cnil.fr |
| 🇩🇪 Germany | BfDI + state DPAs | https://www.bfdi.bund.de |
| 🇪🇸 Spain | AEPD | https://www.aepd.es |
| 🇬🇧 United Kingdom | ICO | https://ico.org.uk |
| 🇧🇪 Belgium | APD/GBA | https://www.dataprotectionauthority.be |
| 🇳🇱 Netherlands | AP | https://autoriteitpersoonsgegevens.nl |
| Other EEA | Your national DPA | https://edpb.europa.eu/about-edpb/about-edpb/members_en |
We encourage you to contact us first — most concerns are resolved quickly.
9. International Data Transfers
ICI Tech Teknoloji A.Ş. is established in Turkey. The European Commission has not issued an adequacy decision for Turkey under GDPR Article 45.
For all transfers from the EEA or UK, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK IDTAs for UK transfers
- GDPR Article 49 derogations where applicable (e.g. contract performance)
Request a copy of applicable transfer mechanisms: app@icitech.com.tr.
10. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration + 3 years after deletion |
| Check-in history | Duration + 1 year after deletion |
| Trusted contact data | Until removed or account deleted + 30 days |
| SOS location data | Not retained beyond alert delivery; deleted within 30 days |
| Subscription records | 10 years (Turkish commercial law) |
| Support communications | 3 years |
| Crash logs | 12 months |
| Security logs | 12 months |
11. Security
- TLS 1.2+ in transit; encryption at rest
- Check-in and trusted contact data protected with strict access controls
- Location data (SOS) processed minimally and not retained beyond necessity
- Breach notification: We notify supervisory authorities within 72 hours (Art. 33) and affected users without undue delay for high-risk breaches (Art. 34)
12. Automated Decision-Making
We do not make automated decisions that produce legal or similarly significant effects based on your check-in data (Art. 22 GDPR).
13. Children's Privacy
okVibe is for users 18 and older. We do not knowingly process children's data. Contact app@icitech.com.tr for immediate deletion if a child has submitted data.
14. Cookies
Our website uses cookies with consent banner on first visit.
| Type | Legal Basis | Opt-Out |
|---|---|---|
| Strictly necessary | Art. 6(1)(f) | Not possible |
| Analytics | Art. 6(1)(a) — Consent | Via banner |
| Marketing | Art. 6(1)(a) — Consent | Via banner |
The okVibe app does not use advertising identifiers.
15. Changes
Material changes notified 14 days in advance. Current version: /en/privacy/gdpr.
16. Contact Us
| app@icitech.com.tr | |
| Subject line | "GDPR Data Subject Request — okVibe" |
| Website | https://okvibe.app/ |
Acknowledge within 5 business days, resolve within one month.