Privacy Policy

20.10.2025

This Privacy Policy for Deep Flow Software Services - FZCO (“Company”), explains which personal data we collect, store, use, and share ("process") when you engage with our services ("Services") in relation to Eatwise application and/or its website (“Application”). This includes instances when you:

download, install, registering with, access or use the Application, and its services, or
interact with us in other related ways, such as through sales, support, or marketing activities.

This Privacy Policy further describes how and why we collect your personal data; how we intend to use, store, protect and share your personal data, and what are your rights and how to exercise them.

Summary of Key Points

This summary outlines the key highlights of our Privacy Notice. For more detailed information on any specific topic, please refer to the table of contents below to navigate to the relevant sections.

What personal data do we process? When you use our Services, we may process your personal information based on your interactions with us, the choices you make, and the products or features that you access. The personal data of users processed by the Company, in particular, are as follows:

your name and surname, e-mail address and phone number which we may receive if you contact the Company,
your profile or social media information if you choose to create an account with us,
your Internet Protocol Address (IP address),
prompts, messages, phrases, text, information, photos, images, videos, visual and audio records, voice recordings and other input and data which you have uploaded or transmitted to the Application,
your order information if you make a purchase,
(if you give us permission) identifier for advertisers designated in your mobile device used in accessing our services (The Identifier for Advertisers-IDFA), identifier for vendors/developers designated your mobile device (The Identifier for Vendors-IDVF), and Google Advertising ID (GAID), identifier for Firebase analytics.

Do we process sensitive personal data? No, we do not process any sensitive personal data. Please do not share with us any content that might have any sensitive personal data.

How do we process your information? We mainly process your personal data to deliver, enhance, and manage our Services, facilitate communication with you, safeguard security, prevent fraud, and comply with legal obligations. Additionally, your data may be processed for other purposes with your explicit consent. All processing activities are conducted only in accordance with valid legal bases.

When do we share personal information? We only share your personal data with third parties only when necessary to deliver our Services, comply with legal obligations, protect our rights, or prevent fraud and security threats. This may include service providers, business partners, and legal authorities. All data sharing is carried out in compliance with applicable data protection laws and is subject to stringent safeguards to ensure the security of your personal data.

How do we keep your personal data secure? We implement administrative and technical measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction, ensuring its security.

What are your rights? Depending on your region, you may have specific rights concerning your personal data. These rights may include the right to access, correct, delete, restrict processing, object to processing, and data portability. Additionally, you may have the right to withdraw your consent.

How can you exercise your rights? You can simply exercise your rights by reaching out to us directly. We will diligently review and address any request in compliance with applicable data protection laws.

Table of Contents

1. The Data Controller and the Objective 3

2. Collection of Personal Data and Method 3

3. Purposes of Processing Personal Data and Legal Bases 6

4. Third Party Websites/Applications, Cookies and Notifications 12

5. Data Storage 13

6. Technical and Administrative Measures 14

7. Age Limitation 15

8. Transferring Personal Data to Third Parties 15

9. Your Rights as the Data Subject 16

10. Contact Information 17

11. For Individuals in the European Economic Area, the United Kingdom,

and Switzerland: 17

12. For California Residents 22

1. The Data Controller and the Objective

Your personal data, which you provided/will provide to the Company, (see Section 10 for contact information), and/or obtained by our Company by any external means, may be processed by our Company as “Data Controller”.

The Company aims to process the personal data of users in accordance with general principles of privacy and the provisions of the applicable data protection legislation to the relevant person, particularly Law on Personal Data Protection No. 6698 of Turkish Republic, (“PDP Law”) and other applicable law and regulations.

We are committed to complying with this Privacy Policy in accordance with all applicable laws in each region in which we operate. To ensure compliance with regional legal requirements, we provide additional privacy notices for specific jurisdictions. Accordingly, where applicable, this Privacy Policy includes additional information regarding the European Union's General Data Protection Regulation (GDPR) (EU Regulation 2016/679). For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For California residents, please scroll down to Section 12.

In accordance with this Privacy Policy, personal data are processed by the Company as a data controller in line with the basic principles named here: (i) being in accordance with law and good faith, (ii) being accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate purposes, (iv) being limited for the purpose for which they are processed and data minimization; and (v) being stored for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

Capitalized terms in this Privacy Policy shall have the meanings specified in the Terms and Conditions unless defined separately in this Privacy Policy.

2. Collection of Personal Data and Method

The Company may process your following data for the purposes specified in this Privacy Policy.

Identity and Contact Information: When you contact us, such as via e-mail or our phone number, we may process your name, surname, phone number and e-mail address, (if relevant) other contact information and the content of your communication. If you contact us by post, we may additionally process your address if entailed in the communication.

Technical Information: When you visit, use or engage our Services, we may collect the following information from such use of our Services:

Usage Data: We may collect data on how you interact with our Services. This includes information about your access to and use of our Application, such as duration of the time spent on the Application, information on time and date of access, date/time stamps of your visit, visit data, screen recordings, the features you access, contents you view, searches, and actions you take within the Application, device event information (for example error reports), in-app/web purchase history.
Log Data: We may collect your log data generated while you are using our Services/Applications (through our products or third-party products). This log data includes internet traffic data, network movements, Internet Protocol (“IP”) address, device name, device information, operating system version, visit data, (when website is used) browser type, version and settings, language preference, time zone, information about your use of Services, the configuration of the Application when utilizing our Service/Application, the time/date of your use of the Service/Application, and other statistics.
Device Information: We may collect data about the device you use to interact with our Services, including the device name, device ID, its model, its manufacturer, region information, device’s operating system, device identifiers, hardware model.
Location Information: Please note that we may be able to determine the general area of your device's location when it interacts with our Services, based on the information associated with your IP address and the region information of the device.
Identifiers: unique user ID; and device token ID (particularly, if you allow us to send notifications through your device).

Account Information: If you create an account with us, we will process the following data linked to your account.

Profile Information. If you choose to create an account with us by providing your profile information, we may collect your user ID, nickname, username, profile picture, user token, open ID, phone number, e-mail address, and password
Social Media Information. If you choose to register with your social media account on these networks, we may collect the following data:

Through Google: Google user ID, nickname, username, profile picture, user token, open ID, phone number, e-mail address,
Through Apple: Apple user ID, nickname, username profile picture, user token, open ID, phone number, e-mail address,
Through Facebook: Facebook user ID, nickname, username, profile picture, user token, open ID, phone number, e-mail address.

User Content: We process the data that you provide when interacting with our Services, such as when you provide an Input to our Services.

This data includes prompts, messages, posts, communication, statements, information, phrases, entries, text, questions, materials, files, documents, links, images, photos, videos, visual and audio records, voice recording, graphics, media, responses, answers, choices, and any content, input, record or data that you provide, upload, transmit, create, store, use, edit or share with or through the Application.
Access to device’s tools. We may ask for your permission to access your device’s photo file or gallery app, camera and audio recording tools, in order to provide certain services, when you are using the Application, such as to generate Output for photos you share or to transcribe your audio recording. You can choose not to allow us to access these tools by either rejecting our access or later disabling such access in your mobile device settings. However, you may not be able to use certain features of our Services if you choose to opt out.
Note regarding voice recordings. If you have made a voice recording for transcription via the Application, your voice recordings are deleted from our servers within 24 hours of transcription.
Note regarding sensitive information. Please do not share any content that might have sensitive personal information. Furthermore, please be advised that the provision of any financial information, social security numbers, health information, images of other individuals, any information on children, or any other sensitive or confidential information via the Application is strictly prohibited. Despite this warning and prohibition, however, we recognise that our users might inadvertently include such information within the free-form text, images, or other content they submit via the Application. If we become aware that we have inadvertently received or processed sensitive personal data submitted by you, we will take commercially reasonable steps to promptly delete such sensitive data from our systems, except where retention is strictly required by applicable law.

Note regarding your rights. Please note that we do store your user content in accordance with this Privacy Policy and relevant legislation, especially in order to be able to provide services. At any time, you can request the deletion of this information. Your other rights regarding this information are outlined in detail in this Privacy Policy.

Customer Transaction. We may collect order information directly from you, our marketing vendors or our payment processors.

This information includes order date, payment date, subscription type, billing period, billing document, payment amount, due amount, payment status and any associated transaction identifiers (e.g., billing id, your e-mail address). This information is used to process your orders, manage subscriptions, and ensure the proper handling of payments and subscriptions.
Please note that we do not collect your payment method details, such as your credit card number, as we do not directly process your payment.

Marketing Data. When you give us permission, we may collect your Usage Data; and an identifier for advertisers designated in your mobile device used in accessing our services (the Identifier for Advertisers-IDFA), an identifier for vendors/developers designated to your mobile device (the Identifier for Vendors-IDFV), Google advertising ID (GAID); identifier for Firebase analytics.

Explanation on the Source of Information

We may collect your above mentioned data directly from you through electronic or physical mediums, your device, your browser, third party applications or third party sources which you can access our application through these mediums such as Apple App Store, Google Play Store (similar platforms together with “App Stores”), or payment processors such as Paddle for the purposes of operation of our product, compliance with legal obligations, enhancing our services, administering your use of our services, as well as enabling you to enjoy and easily navigate our services.

3. Purposes of Processing Personal Data and Legal Bases

Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law where it is expressly permitted by the laws, the establishment of a contract or direct relation to the execution or performance of the contract and for the legitimate interests of the Company provided that your fundamental rights and freedoms are protected, and in order to fulfil our legal obligations.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11.

a) Purposes of Processing Personal Data

Your personal data is processed for the following purposes in accordance with the general principles referred to above as well as the legal bases identified below:

● execution of goods/services sales processes,

● execution of agreement processes,

● execution of company/product/service commitment operations,

● operation of our product,

● creating user accounts for the service recipients/application users.

● conducting storage and archive activities,

● execution of communication activities,

● conducting after-sales support services for goods/services,

● execution of activities in compliance with legislation,

● execution/auditing of business activities,

● execution of information security processes,

● conducting audit/ethical activities,

● conducting activities to ensure business continuity,

● compliance with legislation and protection of persons’ rights, privacy and safety,

● providing information to authorized persons, institutions and organizations,

● prevention of crimes and other illegal acts,

● conducting activities for customer satisfaction,

● customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment using our Services and improve our users’ experience,

Additionally, if you give us explicit consent, your Marketing Data may be processed for conducting marketing analysis studies and executing advertising (including personalised advertisements)/campaign/promotion processes. Please note that the GAID will be collected and processed based on your explicit consent, only if you are based in a jurisdiction where such consent is required for the processing of the GAID (e.g. where PDP Law or GDPR applies).

If you give us explicit consent, your identity and contact information may be processed for communicating with you to send information about marketing and informing about new products, services and applications and delivering you information regarding advertisements and promotions,

Besides, the purposes of processing personal data may be updated in line with our obligations arising from our Company policies and legislation; in particular,

● Carrying out digital subscription and in-app purchase processes of service recipients,

● Carrying out the auto-renewable subscriptions for giving users access to content, services, or premium features in our Service,

● Conducting the processes of finance and accounting transactions,

● Carrying out strategic planning activities,

● Following up on requests and complaints.

b) Purpose of Processing and Legal Basis

Purpose of Processing	Type of Personal Data	Legal Basis
operation of our product, for example to provide outputs in response to user inputs or provide certain features to certain type of subscription models	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
creating user accounts for the service recipients/application users	- Account Information - Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
execution of goods/services sales processes (either via in-app purchases or through web purchases)	- Identity and Contact Information - Account Information - Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
execution of agreement processes	- Contact and Identity Information - Account Information - Technical Information - Customer Transaction - User Content	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
execution of company/product/service commitment operations (including detecting and correcting technical defects)	- Identity and Contact Information - Account Information - User Content - Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
execution of communication activities (This only entails communication for the purpose of establishment of a contract with you or communication related to the operation of our product/Services. This does not entail communication for marketing purposes which is subject to explicit consent)	- Identity and Contact Information - Account Information - Customer Transaction - Technical Information	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
conducting after-sales support services for goods/services (for example, to carry out refund process or resolving technical defects that a user may experience)	- Identity and Contact Information - Account Information - Customer Transaction - Technical Information - User Content	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract
conducting storage and archive activities	- Contact and Identity Information - Account Information - User Content - Technical Information - Customer Transaction	It is necessary to process your personal data, provided that we establish a contractual relationship with you, or that it is directly related to our performance obligation arising from this contract.
execution/auditing of business activities	- Technical Information - Customer Transaction - User Content	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
conducting audit activities	- Technical Information - Customer Transaction	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
conducting activities to ensure business continuity	- Technical Information - Customer Transaction	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
conducting activities for customer satisfaction	- Technical Information - Customer Transaction - User Content - Account Information	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
Customizing our Services, understanding our users and their preferences to enhance user experience and enjoyment using our Services and improve our users’ experience (this does not include processing to train AI models)	- Technical Information - Customer Transaction - User Content - Account Information	Processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms are not harmed.
execution of activities in compliance with legislation	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	Conditions that are necessary in order to fulfil our legal obligation
compliance with legislation and protection of persons’ rights, privacy and safety	- Contact and Identity Information - Account Information - Technical Information - Customer Transaction - User Content	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks. Such processing may involve detecting potential threats to the security and integrity of our Services by processing technical information.
execution of information security processes	- Technical Information	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks. Such processing may involve detecting potential threats to the security and integrity of our Services by processing technical information.
providing information to authorized persons, institutions and organizations	- Account Information - Contact and Identity Information - Technical Information - Customer Transaction - User Content	Conditions that are necessary in order to fulfill our legal obligation
prevention of crimes and other illegal acts	- Account Information - Contact and Identity Information - Technical Information - Customer Transaction - User Content	Conditions that are necessary in order to fulfill our legal obligation; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks. Such processing may involve the detection and blocking accounts and contents that violate our Community Guidelines or pose potential threats to the security and integrity of our Services.

In addition to the above purposes, the following personal data may be processed for the following purposes in accordance with your explicit consent.

● If you give us explicit consent (acquired via Apple and/or Google and/or within the App), your Marketing Data may be processed for conducting marketing analysis studies and execution of advertising (including personalised advertisements)/campaign/promotion processes.

● If you give us explicit consent (acquired when you opt- in for marketing communication), your Identity and Contact Information may be processed for communicating with you to send information about services, products, and applications and delivering you information regarding advertisements, promotions and other marketing communication.

● If you give us explicit consent (acquired when you opt- in for model improvement), your User Content may be processed to improve our services by training of AI models.

4. Third Party Websites/Applications, Cookies and Notifications

The Application may contain links to other websites or apps that are unknown to the Company and whose content is not controlled. These linked websites or apps may contain terms and conditions other than the Company texts. The Company cannot be held responsible for the use or disclosure of information that these websites or apps may process. Likewise, the Company shall not have any responsibility for any links from other sites or apps provided to the Application owned by the Company.

We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.

While using the Application, you may provide information through third party websites and apps to the Company, please be aware that your liability and obligations against third party apps or websites will continue and the Company shall not be held responsible for any terms, conditions, rules or policies determined by third parties.

Cookies

Cookies are little text files that are stored on the browser or hard drive of your computer or mobile device when you visit a webpage. Cookies allow a website to run more efficiently in addition to ensuring the presentation of personalized web pages in order to make you live a faster visit experience which is more fit for your specific personal needs and demands. Containing only data on your website visit history via the internet, cookies do not collect any information, including your personal data/files stored on your computer or mobile device. We may use cookies when it is necessary for operating our Services, to enhance our Service performance and functionality, and to deliver content, including ads relevant to your interests, on our sites, or third-party sites. You can delete cookies which are already present on your computer and prevent the recording/location of cookies on your internet explorer.

Internet browsers are predefined to automatically accept the cookies as default. As the management of cookies varies from browser to browser, you may look at the help menu of the browser or application to get detailed information. Please refer to our Cookie Policy.

Push Notifications

The Company may occasionally send you push notifications via its mobile applications or website regarding Application upgrades or notifications about our Services. You can always edit such communication and notifications through the settings on your device and stop receiving such communications and notifications.

5. Data Storage

Your data will be stored for the duration specified in the applicable legislation or until the purpose of processing ceases to exist.

The Company may continue to store your personal data, even after the expiry of the purpose of its use provided that it is required by other laws or separately a consent is granted by you in this regard.

In cases that you allow the Company to store your personal data for additional time by giving your consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such additional time or once the consent is withdrawn.

Additionally, your data may be further stored even after the fulfilment of the purpose of processing on the legal basis of the necessity of the establishment, execution and protection of our legal rights until the end of legal limitation periods (in jurisdictions where the GDPR applies, the storage is based on our legal interests).

6. Technical and Administrative Measures

The Company stores the personal data it processes in accordance with relevant legislation for periods stipulated in relevant legislation or required for the purpose of processing. The Company undertakes to take all necessary technical and administrative measures and to take the due care to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, modification or destruction of data.

Accordingly, the Company takes the following technical and administrative measures regarding the personal data it processes:

Anti-virus application. On all computers and servers in the Company's information technology infrastructure, a periodically updated anti-virus application is installed.

Firewall. The data center and disaster recovery centers hosting the Company servers are protected by periodically updated software-loaded firewalls; the relevant next generation firewalls control the internet connections of all staff and provide protection against viruses and similar threats during this control.

VPN. Suppliers can access the Company servers or systems through SSL-VPN defined on Firewalls. A separate SSL-VPN identification has been made for each supplier; with the identification made, the supplier only provides access to the systems that it should use or is authorized to use.

User identifications. The Company employees' authorization to the Company systems is limited only to the extent necessary by job descriptions; in case of any change of authority or duty, systemic authorizations are also updated.

Information security threat and event management. Events that occur on the Company servers and firewalls, are transferred to the “Information Security Threat and Event Management” system. This system alerts the responsible staff when a security threat occurs and allows them to respond immediately to the threat.

Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through environments encrypted with cryptographic methods and cryptographic keys are stored in secure and various environments.

Logging. All transaction records regarding sensitive data are securely logged.

Two-factor authentication. Remote access to sensitive data and registration/creation of an account is allowed through at least two-factor authentication.

Penetration test. Periodically, penetration tests are performed on servers in the Company system. The security gaps created as a result of this test are closed and a verification test is performed to show that the relevant security gaps have been closed. Besides, the Information Security Threat and Event Management System automatically performs penetration tests. Test results are recorded.

Information Security Management System (ISMS). At the ISMS meetings made within the Company, the topics contained in the control forum are audited monthly by the director of information technology and the director of financial operations.

Training. In order to increase the awareness of the Company employees against various information security violations and to minimize the impact of the human factor in information violation incidents, training is provided to employees at regular intervals.

Physical data security. It ensures that personal data on papers is necessarily stored in lockers and accessed only by authorized persons. Adequate security measures (for situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature of the environment where sensitive data is stored.

Backup. Company periodically backs up the data it stores. As a backup mechanism, it uses the backup facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops when deemed necessary, provided that it is in compliance with relevant legislation and provisions of this Policy.

Non-disclosure agreement. Non-disclosure agreements are concluded with employees taking part in sensitive personal data processing.

Transfer of sensitive personal data. If transfer of sensitive personal data is required through email; such transfer is done through (i) encrypted corporate email or (ii) Registered Email.

In the event that the personal data is damaged as a result of attacks on the Application or on the Company system, despite the Company taking the necessary information security measures, or the personal data is obtained by unauthorized third parties, the Company notifies this situation to Users immediately and, if necessary, to relevant data protection authority and takes necessary measures.

7. Age Limitation

We do not permit the use of our application by children under the age of 16.

We do not knowingly collect or process personal data from anyone under the age of 16. If you learn that someone under the age of 16 has provided us with personal information, please contact us via email.

Users under 18 must have permission from their parents or legal guardians to use our Services.

8. Transferring Personal Data to Third Parties

The procedures and principles to be applied for transferring of personal data are regulated in articles 8 and 9 of the PDP Law, and the personal and special categories of data of the supplier may be transferred to third parties within the country or abroad since we may use servers and cloud systems located abroad.

We implement the following mechanisms to ensure your data is transferred abroad securely and in accordance with applicable data protection laws:

● We rely on the Standard Contractual Clauses as issued by the Turkish Data Protection Authority pursuant to Article 9/4)(c) of the PDP Law.

Your following personal data may be transferred abroad to our service providers on the legal bases explained above (Section 3.b.) and in the respective Standard Contractual Clauses, for the following purposes:

● Your Technical Information, Identity and Contact Information, Account Information, Customer Information, and User Content for the purpose of conducting storage and archive activities (including cloud services and database services) that are required to maintain our operations.

● Your Account Information for the purpose of authentication of user accounts that is required to maintain our operations.

● Your Technical Information for the purposes of correction of technical specifications, technical errors and defects that are required to maintain our operations.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, Adjust and Firebase Analytics, which are embedded into our service) for the purpose of conducting marketing analysis studies and execution of advertising (including personalised advertising)/campaign/promotion processes.

We may have to share personal information with authorized public institutions and organizations, and judiciary bodies for the purpose of complying with our legal obligations and requirements on the legal basis that it is necessary in order to fulfill our legal obligation.

Please note that we may share anonymized data with third-party AI models.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For individuals in California please scroll down to Section 12.

9. Your Rights as the Data Subject

Pursuant to Article 11 of the PDP Law, you may request from the Company the exercise of the following rights regarding your personal data:

● Learn whether or not your personal data have been processed.

● Demand for information as to if your personal data have been processed.

● Learn the purpose of the processing of personal data and whether data are used in accordance with their purpose.

● Know the third parties in the country or abroad to whom your personal data have been transferred.

● In case the personal data is processed incompletely or inaccurately, request notification of the transactions made under this scope to third parties to whom personal data have been transferred.

● Request deletion, destruction or anonymization of personal data if the reasons for the processing have disappeared and request notification of the transactions made under this scope to third parties to whom personal data have been transferred.

● Object to the occurrence of any result that is to your detriment by means of the analysis of personal data exclusively through automated systems.

● Request compensation for the damages in case you incur damages due to unlawful processing of your personal data.

● Right to withdraw explicit consent from processing data based on explicit consent at any time.

In the request where you outline your rights as a data subject and specify the rights you wish to exercise, your request must be clear and understandable. If your request pertains to your own personal data or if you are acting on behalf of another individual, you must be specifically authorized to do so, and such authorization must be properly documented. Additionally, the application must include your identity and address details, and supporting documents verifying your identity must be attached.

Our Company will enable you to file such requests via email. In accordance with Article 13 of the PDP Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest, depending on the nature of the request. In case the request is rejected, the reason or reasons for the rejection will be notified in writing or electronically along with its justification.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll down to Section 11. For individuals in California please scroll down to Section 12.

10. Contact Information

If you have any questions or comments regarding this Privacy Policy that is not covered here or if you have any request or would like to exercise your rights, you may contact us via the following email address or by post at the following Company address:

Company Title:	Deep Flow Software Servicez - FZCO
Address:	IFZA Business Park, DDP, IFZA Property FZCO, Building A1 – 3641379065, 53751 – 001, Dubai, Digital Park, Dubai Silicon Oasis, UAE
E-mail:	eatwise.support@visionwizard.com

11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland:

Where General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal Act on Data Protection is applicable, for a complete understanding of our data practices, please read this privacy notice together with our Privacy Policy outline above.

Purposes of Processing Personal Data and Legal Bases

Your personal data may be processed for the following purposes on the following legal bases.

Purpose of Processing	Type of Personal Data	Legal Basis
creating and maintaining user accounts	- Account Information - Technical Information	processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
providing, analysing and maintaining our Services with all features and functionalities (such as to provide outputs in response to user inputs or provide certain features to certain type of subscription models and conducting archive and storage activities). This includes personalizing the features and functionalities of the service (such as displaying the Services in a language relevant to your general area based on your IP address).	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
administering and operating our business including purposes such as managing subscriptions, troubleshooting the technical defects and issues.	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
communicating with you, including to send you information about your subscription, and other requests (this does not include communication for marketing purposes).	- Identity and Contact Information - Account Information - Customer Transaction - Technical Information	processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
conducting after-sales support for goods and services, including manage refund processes, assisting you to manage a technical defect, responding to your inquiries	- Identity and Contact Information - Account Information - Customer Transaction - Technical Information - User Content	processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
conducting activities to ensure business continuity and usersatisfaction as well as improving our services (this does not include processing to train AI model)	- Account Information - Customer Transaction - Technical Information - User Content	processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
complying with legal and regulatory obligations	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	processing is necessary for compliance with a legal obligation to which the controller is subject.
ensuring safety and security, preventing fraud and unlawful activities, and protect against the misuse of our Services. This includes safeguarding our systems, securing our business operations, and investigating, preventing, and detecting prohibited conduct, illegal actions, and other security or technical issues.	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	processing is necessary for compliance with a legal obligation to which the controller is subject; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks. Such processing may involve the detection and blocking accounts and contents that violate our Community Guidelines or pose potential threats to the security and integrity of our Services.
complying with legal obligations and to protect the rights, privacy, safety, or property of our users, Company, or third parties	- Identity and Contact Information - Account Information - Technical Information - User Content - Customer Transaction	processing is necessary for compliance with a legal obligation to which the controller is subject; and where we are not subject to a specific legal obligation, we may process personal data when it is necessary for the purposes of our legitimate interests. This includes safeguarding our Services against abuse, fraud, or security risks. Such processing may involve detecting potential threats to the security and integrity of our Services by processing technical information.
auditing of business activities	- Technical Information - User Content - Customer Transaction	processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In addition to the above purposes, we will only process the following personal data with your consent. You may withdraw your consent at any time by contacting us via email or as stated below. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

● If you give us consent (acquired via Apple and/or Google and/or within the App), your Marketing Data may be processed for conducting marketing analysis studies and execution of advertising (including personalised advertising)/campaign/promotion processes. You can withdraw consent through settings of your account.

● If you give us consent (acquired when you opt-in in for marketing communication), your Identity and Contact Information may be processed for communicating with you to send information about services, products, and applications and delivering you information regarding advertisements, promotions and other marketing communication. You can withdraw your consent by clicking on "unsubscribe" link in the e-mail that is sent to you or by following the procedure specified in the communication.

● If you give us consent (acquired when you opt-in in for model improvement), your User Content may be processed to improve our services by training of AI models). You can withdraw consent in settings of the App.

AI Training Disclaimer: This processing may involve retention of your data for a certain period and use for algorithmic improvements. We do not use your data for AI training unless you have explicitly consented. You can withdraw consent at any time in the settings of the Application or by contacting us.

Transferring Personal Data to Third Parties

We implement the following mechanisms to ensure compliance with applicable data protection laws when transferring Personal Data outside the European Economic Area (EEA), Switzerland, or the United Kingdom (UK):

● Adequacy Decisions: We rely on adequacy decisions issued by the European Commission in accordance with Article 45(1) of the GDPR, when transferring Personal Data to countries that have been deemed to provide an adequate level of data protection. You can find the current list of adequate countries here.

● Standard Contractual Clauses (SCCs) & Supplementary Measures: For transfers to jurisdictions not covered by an adequacy decision, we implement the Standard Contractual Clauses as adopted by the European Commission under Article 46(2)(c) of the GDPR. We also apply additional safeguards where necessary, such as:

o Encryption of personal data in transit & at rest,

o Data minimization & anonymization where possible,

o Technical access controls to limit third-party access,

o Ongoing Transfer Impact Assessments (TIA) to monitor local laws.

● Binding Corporate Rules (BCRs): Where applicable, we rely on Binding Corporate Rules (BCRs) as approved by the competent supervisory authority in accordance with Article 46(2)(b) and Article 47 of the GDPR.

Your following personal data may be transferred abroad to our service providers on the legal basis explained above for the following purposes:

● Your Technical Information, Contact and Identity Information, Account Information, Customer Information, User Content for the purpose of conducting storage and archive activities (including cloud services and database services) that are required to maintain our operations.

● Your Account Information for the purpose of authentication of user accounts that is required to maintain our operations.

● Your Technical Information for the purposes of correction of technical specifications, technical errors and defects that is required to maintain our operations.

The Company may also transfer your Marketing Data to service providers (incl. Google, Apple, Facebook SDK, Adjust and Firebase Analytics which are embedded into our service) for the purpose of conducting marketing analysis studies and execution of advertising (including personalised advertising)/campaign/promotion processes.

Please note that we may share anonymized data with third-party AI models.

Your Rights Regarding Data Transfers

● You have the right to request a copy of the safeguards applied (e.g., SCCs, BCRs) by contacting us via email.

● If you believe your data has been transferred unlawfully, you can lodge a complaint with your local data protection authority or the European Data Protection Supervisor (EDPS).

Your rights as the Data Subject

Under the GDPR, you have the following rights:

● Right of Access (Article 15 GDPR) – You can request a copy of your personal data and details on how we process it.

● Right to Rectification (Article 16 GDPR) - To request the rectification of information that you believe is inaccurate or the completion of information that you believe is incomplete by the Company.

● Right to Erasure (Article 17 GDPR, “Right to be Forgotten”) – You can request deletion of your personal data, except when we are required to retain it for legal obligations, public interest, or legal claims.

● Right to Restriction of Processing (Article 18 GDPR) – To request the restriction of the processing of personal data under the conditions stipulated in the GDPR.

● Right to Data Portability (Article 20 GDPR) – You can request a copy of your data in a structured, commonly used, machine-readable format such as CSV or JSON, or request direct transfer to another provider where technically feasible.

● Right to Object (Article 21 GDPR) – You can object to processing based on legitimate interests. If you object to direct marketing, we will stop processing immediately. For other objections, we will assess whether our legitimate interests override your rights.

● Automated Decision-Making and Profiling (Article 22 GDPR) – If a decision affecting you is made solely by automated means, such as AI-based decisions, you have the right to request human intervention, express your views, and contest the decision.

● Right to Withdraw Consent (Article 7(3) GDPR) – If we process your data based on consent, you can withdraw it at any time. This does not affect prior processing.

You may exercise these rights by submitting your request via email. We will respond to your request within one month, as required under GDPR. If your request is complex, we may extend this by an additional two months, in which case we will notify you.

If you believe that we or someone with whom we have transferred your data is violating your rights, you can file a complaint to the local data protection authority in your country (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) and to other competent supervisory authorities. For any unresolved complaints relating to the UK you can reach out to the Information Commissioner's Office (https://ico.org.uk/) and for Switzerland, to the Federal Data Protection and Information Commissioner⁠ (https://www.edoeb.admin.ch/en).

12. For California Residents

For a complete understanding of our data practices, please read this privacy disclosure together with our Privacy Policy outline above.

Your rights

If you are a California resident, you have certain rights. These include the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information; and the right to limit the use and disclosure of sensitive personal information; and right to non-discrimination. We do not sell your personal information in the traditional sense, but we may share usage data with third-party service providers for analytics and functionality purposes. We do not collect sensitive personal information (please refer to Section 2 for more information). To exercise any of these rights, or to designate an authorized agent to make a request on your behalf, please contact us via email. We will not discriminate against you for exercising any of your privacy rights.

We may verify your identity before responding to your request to protect your privacy and security.

Our Services comply with all applicable laws and we ensure that our systems do not violate these laws and respect users' constitutional right to privacy.

Disclosure regarding the collection of personal data

We may collect the following categories of personal information: identifiers (e.g., name, e-mail address, phone number, IP address); personal information described in California Civil Code Section 1798.80(e) (e.g., s name, contact information (such as phone number), account name, billing information); inferences from your personal information to create a profile about your preferences (if it is an option in the Application and you choose to personalize services, the information may be used to personalise services); network activity information (information how consumers interact with our apps and websites).

Please refer to the Section 2 above for a complete description of what information we collect and how we collect it. Please refer to the Section 3 above for which purposes we use your personal information.

Disclosure regarding the use of third-party tools

We may use third-party tools such as Google, Apple, Facebook SDK, Adjust and Firebase Analytics to understand app usage and improve performance. These tools may collect information such as identifiers and in-app events (Please refer to the definition of Marketing Data under Section 2).

Under California law, the use of certain analytics and advertising tools may be considered a “sale” or “sharing” of personal information. We do not sell your personal information for monetary compensation, but we may share it for purposes of delivering personalized advertising or measuring marketing analytics.

Prior to using your information for the purposes of delivering personalised ads or measuring marketing analytics, we may ask for your permission. California residents may always opt out or withdraw their permission by adjusting privacy settings or by contacting us.

Please refer to Section 8 for more information.

Retention of Personal Information

Please refer to Section 5 for how long we retain your personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will state the date at the top of this Policy.

If we make material changes (changes that significantly affect your rights or the way we handle your data), we will provide you with prominent notice before the changes take effect. This notice may be provided through the Application interface (e.g., a pop-up notification), by sending an email to the address associated with your account (if applicable), or through other reasonable means appropriate to the circumstances.

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated terms, unless applicable law requires a different form of acceptance (such as explicit consent for certain types of changes).