π TΓΌrkΓ§e sΓΌrΓΌm
Privacy Policy
Last updated: May 23, 2026
1. Overview
TakviMed ("the App") is a mobile application designed to help users track their medication intake and share reminders with family members. This Privacy Policy describes the types of personal data we collect, the purposes of processing, retention periods, and your rights as a user.
Data controller: TakviMed Development Team Β· destek@takvimed.app
2. Data We Collect
2.1. Account data
- Email address β for authentication.
- Name / nickname β to identify the user in family sharing (optional).
- PIN (hashed) β stored using PBKDF2-SHA256 with 120,000 iterations; plain-text PIN is never stored on the server.
2.2. Health-related data
- Medication name, dose, schedule, duration, stock β for reminder and tracking functionality.
- Medication intake logs β to render adherence charts.
- Prescription / pillbox photos β sent transiently to Google Gemini for automatic field extraction; not retained on our servers.
2.3. Device & usage data
- Location (transient only) β used to list nearby on-duty pharmacies. Location is not stored; it is forwarded to NosyAPI for each query and discarded.
- Notification tokens β to deliver reminder push notifications.
3. Purposes of Processing
- Scheduling and sending medication reminders
- Rendering adherence charts
- Authorized family sharing
- On-duty pharmacy lookup
- AI assistant (Gemini) Q&A and prescription scanning
- Security (rate-limiting, account protection)
4. Third-Party Service Providers
| Service | Purpose | Data shared |
|---|---|---|
| Google Firebase (Auth, Firestore, Cloud Functions) | Authentication, storage, server processing | Account & medication data |
| Google Gemini API | AI assistant & prescription OCR | Question text, medication list, prescription photo (transient) |
| NosyAPI | On-duty pharmacy data | Transient location (lat/lng) |
| Apple Push Notification Service | Notification delivery | Device token, notification content |
5. Retention
- Account & medication data β while the user's account is active.
- Intake logs β last 12 months; older logs are summarized and removed (planned).
- Prescription photos β deleted immediately after processing.
- Location β not retained.
6. Security
- All traffic is encrypted via HTTPS/TLS.
- PINs are hashed with PBKDF2-SHA256 (120k iterations).
- Firestore Security Rules restrict access to the owning user or explicitly authorized family followers.
- Sensitive API keys (Gemini, NosyAPI) are stored exclusively in Firebase Secret Manager.
- Rate limiting on authentication and AI endpoints (5 failures β 60s lockout, 10 failures β 10m lockout).
7. Your Rights
Under Turkish KVKK Art. 11 and GDPR Art. 15β22 you have the right to:
- Access your data
- Request rectification
- Request deletion (via in-app "Delete Account" or by writing to destek@takvimed.app)
- Restrict processing
- Data portability
- Object to processing
8. Children's Privacy
The App is not directed to users under 13. If we become aware that we have inadvertently collected data from a user under 13, the account will be deleted promptly.
9. Medical Disclaimer
TakviMed is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult your physician or pharmacist for health decisions. Reminders, AI responses and prescription scans are for informational purposes only.
10. Policy Updates
Material changes to this policy will be announced in-app and on this page. The current version's date appears at the top.
11. Contact
For privacy inquiries: destek@takvimed.app