Privacy Policy

Clario — Last updated: March 21, 2026

Important Notice: This policy is provided in English as the binding version. For a Turkish-language informational version, see /tr/clario/privacy/.

1. Who We Are

Clario is developed and operated by Palms Yazılım Ticaret Limited Şirketi (“we”, “us”, “our”), a limited liability company incorporated under the laws of the Republic of Turkey (Trade Registry No: 13484). We are committed to protecting your privacy and handling any personal information we obtain from you with care and respect.

Data Controller / Veri Sorumlusu:
Palms Yazılım Ticaret Limited Şirketi
Address: Ege Mh. 481 Cd. C Blok No:14C, Kuşadası / Aydın, Türkiye
Email: hello@palmsandbirds.com
Website: www.palmsandbirds.com

For users in the European Union, we act as the Data Controller as defined under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

For users in Turkey, we act as the Veri Sorumlusu as defined under Turkish Law No. 6698 on the Protection of Personal Data (“KVKK”).

2. What Data We Collect and Why

2.1 Account Information

When you create a Clario account, we collect:

• Email address — used for authentication, account recovery, and essential service communications.
• Name — used to personalize your experience within the App.
• Language preference — used to display the App in your preferred language.
• Consent records and legal document versions — used to prove when you accepted privacy, health-data, and marketing choices inside the App.

Legal basis (GDPR): Performance of a contract (Article 6(1)(b) GDPR) — necessary to provide the service you requested.
Legal basis (KVKK): Performance of a contract to which the data subject is party.

2.2 Health & Allergy Data (Special Category)

You may voluntarily provide health-related information including:

• Allergy types and severity levels
• Symptom logs (type, severity, timestamp, notes)
• Medication information
• Food diary entries and correlations

This data is classified as special category data under GDPR Article 9 and sensitive personal data under KVKK Article 6.

Purpose: Provide personalized allergy insights, symptom tracking, AI-powered health briefings, and predictive alerts.
Legal basis (GDPR): Your explicit consent (Article 9(2)(a) GDPR), obtained during onboarding.
Legal basis (KVKK): Your explicit consent (açık rıza), obtained during onboarding.

Important: All AI-generated insights are for informational purposes only and do not constitute medical advice. Always consult a qualified healthcare professional for medical decisions.

2.3 Location Data

When you grant location permission, the App accesses your device’s GPS coordinates to:

• Display localized pollen, air quality, and weather information for your area.
• Identify nearby safe zones (parks, pharmacies, hospitals).
• Generate location-based risk assessments.

Legal basis (GDPR): Your explicit consent, given when you grant location permission (Article 6(1)(a) GDPR).
Legal basis (KVKK): Your explicit consent (açık rıza), given via your device’s permission system.
Retention: Your last known location is stored on our servers to provide relevant daily briefings. We minimize retention by avoiding long-term storage of precise coordinates and may keep short-lived coarse region snapshots for forecast and risk features. You may delete this data at any time through the App or by requesting account deletion.

2.4 AI Conversational Data

When you use the AI chat feature, your messages and the AI responses are processed to provide personalized allergy guidance. If you enable “Conversational Learning” in your privacy settings:

• Chat interactions may be used to improve the relevance of future AI responses for your account.
• This data is never shared with third parties or used to train general AI models.

You can disable Conversational Learning at any time in the App’s privacy settings.

2.5 Device & Technical Data

We collect minimal technical data necessary to operate the service:

• Device type and operating system version (for compatibility)
• App version
• Language/locale setting
• Push token metadata and notification preference status, only if notifications are enabled in your app build and on your device

We do not use third-party analytics or advertising SDKs. We do not collect advertising identifiers.

3. Third-Party Services

Clario relies on the following third-party services:

• OpenAI API (AI features) — Processes your health queries to generate personalized insights. Data sent to OpenAI is not used to train their models (per our API agreement). Privacy Policy
• OpenStreetMap / Overpass API (safe zones) — Retrieve nearby parks, pharmacies, and hospitals. Only coordinates are sent. Privacy Policy
• Google Maps Platform (location search) — Place search and geocoding. Privacy Policy
• Apple Push Notification service (APNs) / Firebase Cloud Messaging (FCM) (when push notifications are enabled) — Process device push tokens and delivery metadata required to send service alerts or optional marketing notifications.

We do not sell, rent, or otherwise share your personal data with any third party for marketing or commercial purposes.

4. Data Transfers Outside Your Country

Your data may be processed in the following jurisdictions:

• Turkey — Our primary servers are located in Turkey.
• United States — OpenAI API servers. Transfers are governed by our Data Processing Agreement with OpenAI and Standard Contractual Clauses (SCCs) as required by GDPR.

For Turkish users: International data transfers are conducted in compliance with KVKK Article 9, based on your explicit consent obtained during registration.

5. Data Retention

• Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request (grace period during which you may cancel the deletion).
• Health & symptom data: Retained as long as your account is active. Fully deleted upon account deletion.
• Location data: Last known location is updated with each use. Historical location data is not retained.
• AI chat logs: Retained for up to 90 days for service quality, then automatically purged. Deleted immediately upon account deletion.
• Consent records and document versions: Retained while your account is active and for a limited period afterward where required to demonstrate compliance.
• Push tokens and notification preferences: If push delivery is enabled in your app build, retained until you disable notifications, uninstall the App, or delete your account.

6. Your Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data via the “Export My Data” feature in the App.
• Right to Rectification (Article 16): Update your profile information directly in the App.
• Right to Erasure (Article 17): Request account deletion through the App’s settings. A 30-day cancellation window applies before permanent deletion is completed.
• Right to Restriction (Article 18): Request restriction of processing by contacting us.
• Right to Data Portability (Article 20): Export your data in a machine-readable format via the App.
• Right to Object (Article 21): Object to processing by contacting us.
• Right to Withdraw Consent: Withdraw consent for health data processing or location access at any time through the App’s privacy settings. This does not affect the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: Lodge a complaint with your national data protection authority.

To exercise your rights: use the in-app privacy settings, or contact hello@palmsandbirds.com.

7. Your Rights Under KVKK (Turkish Users)

For users located in Turkey, your rights under Article 11 of KVKK include the right to: learn whether your data is processed, request information about processing, learn the purpose of processing, know third parties to whom data is transferred, request rectification, request erasure, and object to automated decisions. A Turkish-language version is available at /tr/clario/privacy/. To exercise your rights, contact hello@palmsandbirds.com.

8. Consent Management

Clario provides granular consent controls within the App:

• AI Disclaimer: You must accept a health-data disclaimer before using any AI-powered feature.
• Conversational Learning: Opt in or out of AI learning from your chat interactions.
• Marketing Communications: Opt in or out of non-essential communications.
• Service Alerts: Managed separately from marketing so critical pollen, air quality, and risk alerts can remain distinct from promotional messaging.

You can manage all consent preferences in the App’s Privacy & Legal settings at any time.

9. Children’s Privacy

Clario is not directed to children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at hello@palmsandbirds.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Secure token-based authentication with automatic session refresh
• Role-based access controls on our servers
• Regular security reviews

However, no data transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date at the top of this document and, where appropriate, through in-app notifications. If changes affect the processing of health data, we will request your renewed consent before continuing such processing.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Email: hello@palmsandbirds.com
Website: www.palmsandbirds.com
Palms Yazılım Ticaret Limited Şirketi