Neuromotive
Privacy Policy
Last Updated: May 27, 2026 Version 2.0
I. Introduction
Neuromotive (“Neuromotive,” “we,” “us,” or “our”) treats the protection of your personal data as a primary obligation. This Privacy Policy (“Policy”) explains how we collect, process, store, and share data when you use our mobile application (“App”), our website (“Website”), and our services (collectively, “Services”).
This Policy is prepared in accordance with Turkish Personal Data Protection Law No. 6698 (“KVKK”), the EU General Data Protection Regulation (“GDPR”), the EU Artificial Intelligence Act (“EU AI Act”), and applicable legislation.
Our Service includes:
-
A habit-building program grounded in behavioral neuroscience
-
Cohort-based social reinforcement and group interaction
-
Pomodoro focus sessions with in-group synchronization
-
Leaderboard and weekly point system
-
AI-supported personalized recommendations and conversation
-
App-locking (Reward Gate) functionality
-
Premium membership with extended features
Company Information
-
Legal Representative: Kivanc Uzer
-
Tax Number: 9010251484
-
Address: Fikirtepe, Kadikoy, Istanbul, 34728, Turkey
-
Email: info@neuromotive.co
-
Data Controller: Neuromotive (Kivanc Uzer)
-
Data Protection Officer: Kivanc Uzer (an independent DPO will be appointed as our user base grows)
I. What Data We Collect
A. Data You Provide
-
Identity data: name, surname, date of birth (for age verification)
-
Contact data: email address
-
Account data: password (stored encrypted with bcrypt), your selected avatar from preset options
-
Payment data: for Premium membership (not processed directly; transferred to the payment infrastructure provider)
-
App preferences: habit categories, target durations, notification preferences, language settings
B. Automatically Collected Data
-
Device information: model, operating system version, app version, language setting, time zone
-
Transaction security data: IP address, session information, HTTP status codes, access times
-
Usage data: which screens you access, how many minutes the app is used, Pomodoro completion rates
-
Crash and error reports: technical data related to app instability
C. Behavioral and Special Category Data
The following data is considered special category (health-related) data under KVKK Article 6 and GDPR Article 9. This data is processed only after we obtain your explicit consent:
-
Mood and emotional state entries: responses to “What went through your mind,” “What triggered you today,” “What did you do right after”
-
Behavioral pattern data: log dates, times, frequency, miss patterns, completion rates
-
Psychological assessment results: chronotype, temperament (Enneagram and Big Five), procrastination style (Sapadin), attachment style, Flourishing Scale, mindwandering, maladaptive daydreaming
-
Behavioral interpretation data: system-generated “Discovered Rewards” and success probability analyses
-
Reflection notes: free-text notes you write when logging
-
Photo records: optional log photos you upload
This data:
-
Is stored only on servers located in Turkey or the European Union (depending on your location)
-
Is not transferred outside the country (except for EU-to-EU transfers)
-
Is never shared with third parties under any circumstances
-
Is not used for advertising or marketing purposes
-
Is not used for AI model training
-
Is not intended for medical diagnosis or treatment
D. Data Collected from Group and Social Features
-
Cohort membership information: cohorts you join, cohort date, your phase level
-
Pomodoro pairing data: identity of the user who starts the timer (username, avatar), session start and end times
-
In-cohort activity: which cohort members are active, number of completed Pomodoro sessions
E. Reward Gate (App-Locking) Data
Important: The following data is processed only locally on your device. It is never transferred to our servers or shared with third parties under any circumstances:
-
List of locked applications (application names you selected)
-
Lock status (open/closed)
-
Number of peeks used
-
Habit window hours
F. AI Interaction Data
When you use AI-supported features:
-
AI Conversation (“AI coach” inside Habit Detail): conversation content is sent to our large language model (LLM) service provider
-
Discovered Rewards: your behavioral data is processed for pattern detection (locally or in a controlled environment)
-
Success prediction analysis: interpretation of your behavioral data by AI
Important: Conversation content is not used for AI model training (Zero Data Retention mode is enabled). AI outputs are not professional advice. AI-generated interpretations (which may not be 100% accurate) are for informational purposes.
G. Leaderboard and Point Data
-
Weekly point records: completed logs, Pomodoro sessions, cohort interactions
-
Profile visibility: your username and avatar are visible to other users
-
Leaderboard participation is voluntary; you can disable profile visibility from Settings
III. AI Interactions and Transparency
A. AI Coaches and Personas
During the beta period, some members of your cohort are AI coaches. In such cases:
-
Each AI persona is clearly indicated next to its name with a special marker in the app interface
-
Your profile page shows the number of AI coaches and the number of real users in your cohort
-
AI coaches may behave like real users (send messages, start Pomodoro sessions, react) but are not real users
-
As the number of real users grows, AI coaches will gradually be removed from cohorts
B. AI Conversation and Automated Content
-
When AI conversation is used, conversation content is sent to our LLM API service provider
-
AI-generated behavioral interpretations (Discovered Rewards, success prediction, weekly insight) are algorithmic outputs and are not definitive medical or psychological diagnoses
-
Whether to accept or reject AI suggestions is entirely under your control
-
You can disable AI features completely from Settings
C. EU AI Act Compliance
For European users, Neuromotive is classified as a Limited Risk AI system:
-
All AI interactions are clearly disclosed to the user
-
AI-generated content is not presented as if produced by a human
-
The user has the right to opt out of AI features
IV. Medical Disclaimer
Neuromotive is not a medical device, therapy application, or diagnostic tool.
Content provided in the App (AI suggestions, Mona AI videos, success predictions, behavioral interpretations, personal tests) is for general information and behavior-change support purposes.
-
For chronic mental or physical health conditions, please consult a healthcare professional
-
If you are in a crisis situation:
-
Turkey: 182 (Ministry of Health Helpline), 112 (Emergency)
-
EU: your local emergency numbers
-
If you have conditions such as eating disorders, anxiety, or depression, we recommend using the App in cooperation with a specialist
-
Neuromotive's recommendations do not replace professional guidance
Psychological test results (chronotype, temperament, procrastination style, attachment style, etc.) are not clinical diagnoses; they are self-awareness tools.
V. Purposes of Processing
The following table summarizes personal data categories, processing purposes, and legal bases under KVKK and GDPR:
Data Category
Processing Purpose
Legal Basis
Identity, contact, account data
Account creation, verification, contract performance
KVKK Art. 5/2(c) - Performance of contract
Payment and invoice data
Premium membership billing, accounting
KVKK Art. 5/2(a) - Provided by law
Habit and usage data
Personalized program, progress tracking
KVKK Art. 5/2(c) - Performance of contract
Mood, test, and behavioral pattern data
Personalized behavior change support
KVKK Art. 6/3 - Explicit consent
AI conversation and interpretations
AI-supported recommendations and feedback
KVKK Art. 5/1 - Explicit consent
App-locking data
Reward Gate functionality (local only)
KVKK Art. 5/2(c) - Performance of contract
Cohort and Pomodoro data
Group matching, timer synchronization
KVKK Art. 5/2(c) - Performance of contract
Leaderboard data
Score calculation, ranking display
KVKK Art. 5/2(f) - Legitimate interest
Marketing data (cookies)
Advertising, campaign activities
KVKK Art. 5/1 - Explicit consent
Transaction security data
Security, legal obligations
KVKK Art. 5/2(c) - Legal obligation
VI. Data Sharing in Group and Pomodoro Features
When you use group features, some of your data is shared with cohort members:
-
When you join a cohort, your username and avatar are visible to group members
-
When you start a Pomodoro timer, group members can see who started the timer and when
-
When you join another member's timer, this participation is reported to group members
-
Your habit content, reflection notes, photos, and personal journal data are never disclosed to group members (only log messages you have explicitly shared appear in the cohort feed)
-
Pomodoro session duration and completion data may be used as anonymous statistics
VII. App-Locking Feature and Permissions
Permissions required for the Reward Gate feature:
-
iOS: FamilyControls framework and Screen Time API access
-
Android: Usage Access permission and Digital Wellbeing API
These permissions:
-
Function only while the habit process is active
-
Information about how much you use other applications is not sent to our servers
-
Only the lock status of the apps you select is stored on your device
-
If refused, the Reward Gate cannot operate but other app features remain usable
-
You can revoke these permissions at any time from your system settings
VIII. Premium Features and Data Processing
Additional data processed under Premium membership:
-
Subscription status and end date
-
Premium features used and frequency
-
Transaction ID provided by the payment provider (card or bank details are not stored by us)
Payment transactions are carried out through third-party payment infrastructure providers (Apple App Store, Google Play Store, and our subscription management partner). These providers are responsible for their own privacy policies.
Premium service does not include streak freeze, loss-protection mechanics, or similar psychological manipulation features. Premium delivers genuine behavioral value (unlimited AI conversation, deeper insights, the ability to create your own cohort, etc.).
IX. Cookies and Similar Technologies
Cookie types used on the Website:
-
Essential cookies: for session management and security (cannot be disabled)
-
Analytics cookies: to understand usage patterns
-
Preference cookies: to remember language and theme settings
-
Marketing cookies: for targeted advertising (only with your explicit consent)
A cookie consent banner is displayed on first visit. You can manage cookie preferences from your browser settings or from the Privacy Panel within the App.
Cookie duration:
-
Marketing data: maximum 25 months
-
Preference data: maximum 12 months
X. Where and How Long We Store Your Data
A. Storage Locations
-
Turkish users: servers located in Turkey
-
EU users: servers within European Union borders
-
Other users: secure servers in our chosen jurisdiction
-
App-locking data: only on the user's device
B. Retention Periods
Data Type
Retention Period
Active account data
As long as the account is active
Inactive account data (no activity for 12+ months)
Automatically deleted after 2 years
Mood and behavioral data
As long as the account is active
Personal test results
As long as the account is active
All data after account deletion request
Permanently deleted within 30 days
Deletion from backups
Completed within 90 days
Pomodoro and habit history
Until the account is deleted
Cohort data
Until you leave the cohort or delete your account
Leaderboard scores
While active; anonymized 30 days after account deletion
Analytics usage data
12 months
Marketing data
3 years from last interaction or until opt-out
Legally required records
According to applicable legislation (5-10 years, invoice and tax records)
XI. With Whom We Share Your Data
Your personal data is not sold to third parties. Data is shared only in the following limited circumstances:
A. Authorized Public Authorities and Institutions
Where required by our legal obligations or by court order or official request, data may be transferred to relevant institutions.
B. Third-Party Service Providers
We work with service providers in the following functional categories. Data shared with each provider is limited to what is necessary for that function, and a Data Processing Agreement is in place with each provider:
Provider Category
Data Shared
Purpose
Cloud infrastructure provider (backend)
User data, behavioral records
Data storage and backend operations
LLM service provider
AI conversation content
AI coach responses
Subscription management provider
Subscription status
Premium membership management
Push notification service provider
Device token, notification preferences
Push notification delivery
Analytics provider
Anonymous usage data
Product analytics
Crash monitoring provider
Error and crash reports
App stability monitoring
Apple App Store
Payment information
Premium payment processing
Google Play Store
Payment information
Premium payment processing
A current list of named service providers is available upon request via info@neuromotive.co.
C. Marketing Platforms (Only With Explicit Consent)
With your explicit consent, cookie-based data may be transferred to platforms such as Facebook Pixel and Google Ads for targeted advertising.
D. Cohort Members
If you join a cohort, your username, avatar, and Pomodoro activity information may be visible to cohort members (see Section VI).
E. Corporate Transfers
In case of merger, acquisition, or asset sale, your data may be transferred to the new entity. In such case, you will be notified 30 days in advance and your right to delete your account is preserved.
XII. Data Security
Technical Measures
-
TLS 1.3 encryption during data transmission
-
AES-256 encryption for data at rest
-
Strong authentication (bcrypt, 2FA support)
-
Regular security assessments and penetration tests
-
Separate encryption layer for special category data
-
Local-only storage for Reward Gate data
Administrative Measures
-
Physical access restriction to data centers (by third-party hosting partners)
-
Mandatory data protection training for personnel
-
Data breach response plan and notification procedure within 72 hours (GDPR Article 33)
-
Data access authorization controls and audit logs
Despite these measures, absolute security is not possible. We recommend using strong passwords and enabling 2FA when using the internet or applications.
XIII. Your Rights
Under KVKK (All Users)
-
To learn whether your personal data is processed
-
To request information if processed
-
To learn the processing purpose and whether the data is used in line with that purpose
-
To know third parties to whom data is transferred domestically or abroad
-
To request correction of incomplete or incorrect data
-
To request deletion or destruction
-
To request that correction or deletion be notified to third parties
-
To object to outcomes affecting you adversely through automated systems
-
To claim compensation for damages caused by unlawful processing
Additional Rights for EU Users (GDPR)
-
Data portability: download your data in machine-readable format (JSON)
-
Withdrawal of explicit consent: at any time, without giving a reason
-
Opt out of automated decisions: you may reject AI-generated suggestions
-
Right to complain to a supervisory authority
To Exercise Your Rights
You can submit your requests through the following channels:
-
Email: info@neuromotive.co
-
Address: Fikirtepe, Kadikoy, Istanbul, 34728, Turkey
-
In-app: Settings > Privacy > “Manage my data”
-
Response time: no later than 30 days, free of charge
Supervisory Authorities
-
Turkey: Personal Data Protection Authority (KVKK) - www.kvkk.gov.tr
-
EU: your local data protection authority
XIV. Protection of Minors
Neuromotive is intended only for users aged 18 and over.
-
Date of birth is requested during registration and age is verified
-
Accounts identified as belonging to users under 18 are closed and the data is deleted within 7 days
-
If we discover that data has been collected from a user under 18, it is deleted immediately
-
For notification: info@neuromotive.co
The reason for this age restriction: the App processes behavioral data and psychological assessment results; processing such data requires adult consent.
XV. Explicit Consent and Opt-In Process
A. Consent Obtained During Onboarding
On first use of the App, your explicit consent is obtained for the following:
-
General terms of use and privacy policy (mandatory)
-
Processing of mood, behavioral data, and psychological assessment data (special category - explicit consent, optional; if not granted, these features remain disabled)
-
AI-supported recommendation and conversation features (optional)
-
Push notification permissions (optional, at the system level)
-
Marketing use of data (optional, default disabled)
B. Withdrawal of Consent
You may withdraw any consent at any time from Settings > Privacy. Consent withdrawal:
-
Does not retroactively delete data but stops further processing
-
The relevant feature becomes unavailable (e.g., if you withdraw consent for AI conversation, it is disabled)
-
Your withdrawal request is applied immediately (within 24 hours at the latest)
XVI. Changes to This Policy
We reserve the right to modify this Policy. If significant changes are made:
-
The change will be published on the Website and on the main page of the App
-
Notification will be made 30 days in advance
-
Continuing to use the Services means you accept the changes
-
New explicit consent may be requested for significant changes
XVII. Contact
For questions or concerns about this Policy:
-
Email: info@neuromotive.co
-
Address: Fikirtepe, Kadikoy, Istanbul, Turkey
-
Data Protection Officer: Kivanc Uzer
Neuromotive | info@neuromotive.co | Fikirtepe, Kadikoy, Istanbul, Turkey
This document is prepared to fulfill the disclosure obligation under KVKK Article 10, GDPR Article 13, and EU AI Act Article 50.
Original language of this document is English. In case of conflict, the English version prevails. A Turkish version is available upon request.