Privacy Policy

Unshade — Last updated: April 21, 2026

Important Notice: This English version is the binding version of this Privacy Policy. Translations are provided for convenience only. If a translation conflicts with this English version, this English version controls to the maximum extent permitted by applicable law.

1. Who We Are and Scope

Unshade is developed and operated by Palms Yazılım Ticaret Limited Şirketi (“we”, “us”, “our”), a limited liability company incorporated under the laws of the Republic of Turkey (Trade Registry No: 13484). This Privacy Policy applies to the Unshade mobile application, Unshade APIs, public Signal links and previews, billing-related integrations, support requests, and Unshade legal pages on palmsandbirds.com.

Data Controller / Veri Sorumlusu:
Palms Yazılım Ticaret Limited Şirketi
Address: Ege Mh. 481 Cd. C Blok No:14C, Kuşadası / Aydın, Türkiye
Email: hello@palmsandbirds.com
Website: www.palmsandbirds.com

For users in the European Union, we act as the Data Controller as defined under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

For users in Turkey, we act as the Veri Sorumlusu as defined under Turkish Law No. 6698 on the Protection of Personal Data (“KVKK”).

Unshade is strictly for adults aged 18 and over. We do not knowingly permit minors to create accounts or use adult relationship features.

2. What Data We Collect and Why

2.1 Account Information

When you create an Unshade account, we collect:

• Email address — used for authentication, account recovery, and essential service communications.
• Password hash or authentication provider IDs — used to secure email/password, Google, Apple, or guest authentication. We do not store your plain-text password.
• Display name — used to personalize your experience and identify you to your partner within the App.
• Gender, looking-for preferences, and owner type — used for profile setup, Couple Mode, Signals Mode, QR styling, and compatibility filters.
• Language preference — used to display the App in your preferred language.
• Profile photo (avatar) — voluntarily provided; may be shown to connected partners, Signal viewers, or users who are eligible to see your Signal feed card.
• Age-gate, consent, privacy, and legal-version records — used to document your confirmations, AI opt-in status, privacy settings, and accepted terms.
• Account status, refresh tokens, credits balance, and plan metadata — used to keep your account secure and provide paid features.

Legal basis (GDPR): Performance of a contract (Article 6(1)(b) GDPR) — necessary to provide the service you requested.
Legal basis (KVKK): Performance of a contract to which the data subject is party.

2.2 Relationship Preference Data, Desire Maps, and Compatibility Scores

During onboarding, check-ins, Signal creation, and Couple Mode, you may voluntarily provide relationship preference and intention data. This includes:

• Intent, goals, communication style, energy, comfort priorities, boundaries, concerns, and availability.
• Looking-for preferences, location preferences, custom notes, and selected Desire Map answers.
• Derived tags, openness/desire scores, segments, match scores, friction/alignment summaries, and compatibility explanations.
• Couple pairing state, invite codes, relationship status, check-in source, and related report summaries.

Depending on your jurisdiction and the responses you provide, this data may reveal intimate preferences, sexual life, sexual orientation, or similar sensitive information and may constitute special category data under GDPR Article 9 and special categories of personal data under KVKK Article 6.

Purpose: Create your Desire Map, generate compatibility and Signal matching, support Couple Mode, produce reports or coaching, and personalize the App.
Legal basis (GDPR): Your explicit consent (Article 9(2)(a) GDPR), obtained during onboarding.
Legal basis (KVKK): Your explicit consent (açık rıza), obtained during onboarding or before the relevant feature is used.

2.3 City & Location Data

You may provide a city name during onboarding or profile setup. With device permission, the App may use your device location to resolve your city through a reverse-geocoding provider. We may store the city you choose and city-level coordinates (cityLat and cityLng) to calculate approximate distance for nearby Signal feed results.

• We do not run continuous background tracking.
• We do not sell location data.
• Your city label may appear on your QR code or Signal card.
• Approximate distance may be shown to eligible Signal feed viewers when both users have city-level coordinates.

Legal basis (GDPR): Your consent, given when you grant location permission or save a city (Article 6(1)(a) GDPR), and performance of the service when you request nearby features (Article 6(1)(b)).
Legal basis (KVKK): Your explicit consent (açık rıza), given via your device’s permission system.
Retention: City and city-level coordinates are retained while your account is active or until you update or remove them where the App supports doing so.

2.4 Chat & Communication Data

When you use Couple Chat or Signal Chat, messages are transmitted through our servers and stored so they can be delivered to chat participants. Chat data may include message text, sender ID, chat ID, read state, mute state, hidden chat state, safety flags, and timestamps.

• Text messages are visible to chat participants and may be reviewed by authorized personnel if you report abuse, safety risks, fraud, or legal violations.
• Image messages, if enabled, are stored in Firebase Cloud Storage and are designed to expire after approximately 10 minutes.
• Message rewriting and opening-coach features process your submitted text with AI only when you request the feature, have a paid entitlement where required, and have opted in to AI processing.
• Safety systems may flag or block content involving coercion, violence, exploitation, minors, harassment, or other prohibited conduct.

Retention: Chat messages are retained while needed to provide the chat feature, unless you delete or hide a chat, block a user, disconnect, or delete your account. Image messages expire separately as described above. Reports and safety records may be retained where necessary to protect users, enforce terms, and comply with law.

2.5 Check-in & Coaching Data

The App includes periodic check-in features and an AI communication coach. Data generated through these features (responses, progress records, session logs) is used to:

• Track your communication progress over time.
• Generate personalized AI coaching responses and weekly digests.
• Provide predictive insights to improve your connection quality.
• Create reports, safety or wellbeing insights, and conversation coaching sessions where available.

AI features require an explicit AI opt-in and, for most features, a paid entitlement. We aim to send only the minimum context needed for the AI feature. You can turn off AI opt-in in the App where available; turning it off stops new AI processing but does not undo processing already completed.

2.6 Signals, Public Links, and Mini-Match Previews

Signals Mode lets you create or view public Signal links and QR codes. Signal data may include owner type, public ID, QR data, QR style, city label, preview summary, match threshold, chat price in credits, normalized tags, profile snapshot, and desire score snapshot. Anyone with a public Signal link may see limited Signal preview information. Authenticated feed viewers may see additional limited information such as display name, avatar, city, approximate distance, identity label, and match score if the feed rules allow it.

Public mini-match previews can be used without an account after age confirmation. We store the preview ID, Signal ID, normalized tags, score, and expiry time. Mini-match previews expire after approximately 24 hours.

2.7 Billing, Device & Technical Data

We collect minimal technical data necessary to operate the service:

• Device type and operating system version (for compatibility)
• App version
• Language/locale setting
• Push token metadata and notification preference status, only if notifications are enabled
• RevenueCat app user ID, entitlement status, purchase product IDs, transaction IDs, receipt validation results, credits balance, and plan expiry metadata
• Security logs, rate-limit events, API diagnostics, and fraud-prevention metadata such as request timestamps and IP-derived technical logs where generated by our infrastructure

We do not use third-party advertising SDKs. We do not collect advertising identifiers.

3. Third-Party Services

Unshade relies on the following third-party services:

• OpenAI API (AI features) — Processes message rewriting, coaching, compatibility, digest, and safety-analysis requests when AI features are enabled. Data sent through the API is not used to train OpenAI models under OpenAI’s API data controls, unless OpenAI’s terms or your configuration state otherwise. Privacy Policy
• Google Sign-In (authentication) — Optional authentication method. Only your Google account email and basic profile are accessed. Privacy Policy
• Sign in with Apple (authentication) — Optional authentication method. Only your Apple-provided email and name are accessed. Privacy Policy
• RevenueCat (subscription billing) — Manages in-app purchase verification and subscription status. RevenueCat processes purchase receipts from Apple App Store and Google Play. Privacy Policy
• Firebase Cloud Storage (media storage) — Profile photos and image messages are stored in Firebase Cloud Storage. Privacy Policy
• Apple Push Notification service (APNs) / Firebase Cloud Messaging (FCM) (when push notifications are enabled) — Process device push tokens and delivery metadata required to send service alerts or optional communications.
• OpenStreetMap / Nominatim (reverse geocoding) — Used to resolve a device-provided latitude/longitude into a city when you request city detection.
• Cloud hosting, database, logging, and security providers — Used to host the App backend, store data, secure the service, and monitor reliability.

We do not sell or rent your personal data. We do not share personal data with third parties for third-party advertising. We share data only with processors, service providers, app stores, authorities, or other users as described in this Policy, as instructed by you, or as required by law.

4. Data Transfers Outside Your Country

Your data may be processed in Turkey, the European Union/European Economic Area, the United States, and other countries where our service providers operate. International transfers may occur when we use cloud infrastructure, OpenAI, Google/Firebase, Apple, RevenueCat, app stores, or support/security providers.

• For GDPR-covered users, we rely on adequacy decisions, Standard Contractual Clauses, Data Processing Agreements, transfer impact assessments, and supplementary safeguards where required.
• For Turkish users, cross-border transfers are made under KVKK Article 9 mechanisms, including explicit consent or other legally permitted safeguards where applicable.

5. Data Retention

• Account data: Retained while your account is active. Account deletion marks the account for purge and anonymization or deletion of associated records, subject to lawful retention needs.
• Relationship preference data, Desire Maps, Signals, Signal scans, check-ins, reports, coaching data, insights, and digests: Retained while needed to provide the relevant feature and removed or anonymized through account deletion or applicable feature deletion workflows.
• Chat messages: Retained while needed for chat delivery and user history. Image messages are designed to expire after approximately 10 minutes. Hidden chats may remain visible to other participants. Reports and safety records may be retained for enforcement and legal purposes.
• Mini-match previews: Expire after approximately 24 hours.
• Profile photos: Retained until you update or delete them, or delete your account.
• City/location: Retained as long as your account is active. Removable via profile settings at any time.
• Push tokens and notification preferences: Retained until you disable notifications, uninstall the App, or delete your account.
• Billing, transaction, tax, fraud-prevention, legal, and consent records: Retained for the period required or permitted by law and for legitimate defense, audit, and compliance purposes.
• Backups and logs: Removed on a rolling schedule according to our backup, security, and infrastructure retention practices unless preservation is legally required.

6. Age Restriction

Unshade is intended for adults aged 18 and over. By creating an account, you confirm that you are at least 18 years old. We do not knowingly collect personal data from persons under the age of 18. If you believe a minor has created an account, please contact us immediately at hello@palmsandbirds.com and we will take steps to delete the account.

7. Your Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights:

• Right of Access (Article 15): Request a copy of your personal data by contacting us.
• Right to Rectification (Article 16): Update your profile information directly in the App.
• Right to Erasure (Article 17): Request account deletion through the App’s settings. Deletion starts a purge or anonymization workflow, subject to lawful retention needs.
• Right to Restriction (Article 18): Request restriction of processing by contacting us.
• Right to Data Portability (Article 20): Request your data in a portable format by contacting us.
• Right to Object (Article 21): Object to processing by contacting us.
• Right to Withdraw Consent: Withdraw consent for relationship preference data processing or AI features at any time through the App’s settings. This does not affect the lawfulness of processing prior to withdrawal.
• Rights related to automated decision-making and profiling: Compatibility scores, eligibility thresholds, and AI insights are used to personalize the App and do not have legal or similarly significant effects by themselves. You may contact us to request information or human review where applicable.
• Right to Lodge a Complaint: Lodge a complaint with your national data protection authority.

To exercise your rights: use the in-app settings, or contact hello@palmsandbirds.com.

8. Your Rights Under KVKK (Turkish Users)

For users located in Turkey, your rights under Article 11 of KVKK include the right to: learn whether your data is processed, request information about processing, learn the purpose of processing, know third parties to whom data is transferred, request rectification, request erasure, and object to automated decisions. A Turkish-language version is available at /tr/unshade/privacy/. To exercise your rights, contact hello@palmsandbirds.com.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+) and at rest
• Secure token-based authentication with automatic session refresh
• Role-based access controls on our servers
• Password hashing, rate limiting, content safety checks, and abuse controls
• Limited internal access based on operational need
• Regular security reviews and incident-response processes

However, no data transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. User Visibility and Sharing Choices

Some Unshade features are designed to share limited information with other users. If you create a Couple connection, your partner may see profile, chat, Desire Map, check-in, report, and related couple data depending on the feature. If you create or share a Signal, people with the link and eligible feed viewers may see limited Signal preview information. Do not enter information you are not comfortable using for the App’s relationship, Signal, matching, and coaching features.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date at the top of this document and, where appropriate, through in-app notifications. If changes affect the processing of relationship preference or special category data, we will request your renewed consent before continuing such processing.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Email: hello@palmsandbirds.com
Website: www.palmsandbirds.com
Palms Yazılım Ticaret Limited Şirketi