MobiRoller

Privacy Policy

Last updated: 1 April 2025

Mobiroller ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. This policy complies with the General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK No. 6698).

1. Data Controller

Mobiroller acts as the data controller for personal data collected directly through the platform. For data processed on behalf of tenants (workspace owners), Mobiroller acts as a data processor. Contact: legal@mobiroller.com

2. Data We Collect

We collect the following categories of personal data:

• Identity data: name, email address • Account data: password (hashed), language and timezone preferences • Usage data: pages visited, features used, app activity logs • Device data: IP address, browser type, operating system • Payment data: billing address, payment method (handled by our payment processor; we do not store full card numbers) • Communications: support requests, feedback you send us

3. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

• Contract performance: to provide the Service you subscribed to • Legitimate interests: to improve our Service, prevent fraud, and ensure security • Legal obligation: to comply with applicable laws • Consent: for optional marketing communications (you may withdraw consent at any time)

4. How We Use Your Data

We use your personal data to:

• Create and manage your account • Provide, operate, and improve the Service • Process payments and send billing information • Send service-related notifications (password reset, email verification, etc.) • Respond to support requests • Detect and prevent fraud and abuse • Comply with legal obligations • Send product updates and newsletters (only with your consent)

5. Third-Party Service Providers

We share your data with trusted third parties only as necessary to operate the Service:

• Cloud infrastructure: to host and store your data securely • AI providers: to process AI-assisted features (data is processed but not used to train external models) • Email delivery: to send transactional and notification emails • Payment processors: to handle billing securely • Analytics: to understand how the Service is used (anonymised where possible)

All processors are bound by data processing agreements and may not use your data for their own purposes.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) or Turkey. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion, we delete your personal data within 30 days, except where we are required by law to retain it longer. Anonymised aggregate data may be retained indefinitely for analytical purposes.

8. Your Rights

Under GDPR and KVKK, you have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you • Rectification: request correction of inaccurate data • Erasure: request deletion of your data ("right to be forgotten") • Restriction: request that we limit how we process your data • Portability: receive your data in a structured, machine-readable format • Objection: object to processing based on legitimate interests • Withdrawal of consent: withdraw consent for marketing at any time

To exercise any of these rights, email privacy@mobiroller.com. We will respond within 30 days.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security assessments. However, no method of transmission over the internet is 100% secure. In the event of a data breach, we will notify affected users and relevant authorities as required by law.

10. Cookies

We use cookies and similar technologies to operate the Service. For detailed information, see our Cookie Policy.

11. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact and Complaints

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at privacy@mobiroller.com.

If you are in the EU/EEA, you have the right to lodge a complaint with your local supervisory authority. In Turkey, you may apply to the Personal Data Protection Authority (KVKK — Kişisel Verileri Koruma Kurumu).