Privacy Policy
Last updated: May 11, 2026
This Privacy Policy explains how your personal data is collected, used, and protected when you use the Nazar application ("App" or "Service"). By using the App, you agree to this policy.
1. Data Controller
Under Türkiye's Personal Data Protection Law (KVKK, Law No. 6698) and the EU GDPR, the entity responsible for processing your personal data is identified above.
2. Data We Collect
2.1. Profile Information (During Onboarding)
To personalize the App, we collect the following with your explicit consent:
- Name (for personalized content)
- Date of birth (for zodiac and mystical calendar calculations)
- Time of birth (optional — for ascendant calculation)
- Gender (optional)
- Personality test answers (10 mystic questions)
- Mood and energy selections
- Animal spirit and chronotype preference
This information is stored only on your device and is not transmitted to our servers.
2.2. Face Photographs (Face Reading + Couple Compatibility)
For the App's core features — AI face reading and couple compatibility — face photographs are captured only after your explicit, in-app consent. These data are sensitive in nature, so we make the following commitments organized by what we collect, how we use it, where it goes, and how long we keep it.
(A) What face data we collect
- Static face photographs that you actively capture by tapping the in-app camera shutter button. Nothing is captured passively or in the background.
- For the AI Face Reading feature: a single photo containing your face.
- For the Couple Harmony feature: a single photo containing two faces (you and a chosen partner).
We do NOT collect:
- Face geometry templates (no Face ID-style biometric identifiers)
- Voice prints
- Identity verification or authentication data
- Health data
- Continuous video recording
(B) How we use the face photographs
- To generate your personal Mystic Identity card (8 mystical lines, nazar map, aura description, and a hand-drawn-style portrait), shown only to you on your own device.
- To generate a Couple Harmony reading from a single photo containing two faces.
- The face photo is treated solely as an input image for mystic interpretation, comparable to a face-themed entertainment camera filter.
We do NOT use face photographs for:
- Advertising or marketing
- Profiling
- Selling or renting to anyone
- Training AI models
- Identifying you to others
- Facial recognition or authentication
(C) Where face photographs are stored and which third parties process them
- Primary storage — your own device. Stored in the app's secure on-device storage with iOS file protection (encrypted at rest, accessible only while the device is unlocked). iCloud backup is explicitly disabled for these files.
- Transient processing for mystic interpretation. To produce the AI mystic interpretation, the photo is briefly transmitted over HTTPS/TLS to two service providers used strictly as data processors:
- Our authenticated backend proxy on Cloudflare Workers — pass-through proxy. The image is held in memory only for the duration of the request and is not persisted at the edge or in any database.
- Anthropic Claude API — generates the mystic interpretation text. Per Anthropic's data-handling policy, image inputs sent through the API are not retained beyond the request window and are not used to train Anthropic's models.
- After the mystic interpretation is returned, all transient image bytes are discarded.
- We do NOT share face photographs with advertisers, analytics SDKs, third-party trackers, or social media platforms.
- We operate no server-side database or persistent file storage for user face photographs.
(D) How long face photographs are retained
- On your device: until you tap "Delete Account" in Settings, or uninstall the app. "Delete Account" wipes the photo files from the app's secure local storage, removes the mystic identity, clears local preferences, removes secure token storage, and returns the app to the splash screen.
- In transit (during a mystic interpretation request): seconds — the duration of a single HTTPS request — and then immediately discarded. Not persisted.
- See Section 4 — Data Retention for the full retention table.
(E) Important clarifications
- Although Türkiye's KVKK Article 6 broadly classifies face photographs as biometric data (any data describing a person's physical characteristics), Nazar does not generate, store, or compare biometric identifier templates. The App does not perform facial recognition, identity verification, or authentication of any kind.
- Your explicit, in-app consent is required before any face photograph is captured. You may withdraw consent at any time via "Delete Account" or by contacting support@nazarai.app.
2.3. Live Face Scan (Real-Time Imagery)
The Live Face Scan feature uses real-time imagery from your selfie camera to display live scores and an aura halo on screen.
(A) What is processed
- Real-time face landmark coordinates (jaw, eye, nose, lip contour points) computed by Apple's Vision framework on the device.
- No static photographs are captured unless you tap the snapshot button yourself.
(B) How it is used
- Solely to render four real-time on-screen line scores (intuition / love / prosperity / career) and an aura halo overlay during the active scan session.
- The output is shown only to you on your own device.
(C) Where it is processed and shared
- Entirely on your device. Nothing is transmitted off the device.
- Not shared with any third party.
- Not stored on any server, database, or persistent file.
(D) How long it is retained
- Zero retention. All landmark data and frames are discarded immediately when the scan ends. No frames are written to disk. The user only obtains a still image if they choose to take a snapshot — and even that snapshot is governed by Section 2.2 above.
2.4. Authentication Data
We offer Apple Sign In and Guest Mode. If you create an account:
- Apple Sign In: Apple's anonymized user ID. Optionally your name and email (only if you choose to share them).
- Guest Mode: No identity information is collected.
2.5. Protection Ritual Completion Data
When you complete daily protection rituals, your streak count and which ritual you completed on which day are stored.
- Saved entirely on your device (in local preferences)
- Not sent to our servers
- Cleared instantly with "Delete Account"
2.6. Subscription Data
Subscriptions (Apple StoreKit) are processed through Apple. We do not collect your card information or payment details. Only the active/inactive status of your subscription is checked from your device.
2.7. Automatically Collected Data
The App may locally log basic diagnostic information (device model, iOS version) to help resolve iOS system errors. This data is not sent to our servers.
We do not use any third-party analytics, tracking, or advertising SDKs.
3. Purposes of Data Use
Collected data is used only for the following purposes:
- Mystic identity generation — combining zodiac, animal spirit, personality test results to deliver personalized content
- AI face reading interpretations — combining your facial features with profile information for mystic analysis
- Couple compatibility calculation — analyzing symmetry and harmony between two faces
- Live Face Scan — real-time face landmark analysis (on device)
- Daily protection ritual recommendation — selecting a ritual based on your sign, birthdate, and the day's energy
- Today's mystic note — a short personalized guide based on your sign and energy
- Notifications — only local notifications for topics you have explicitly opted into
Your data is not used for marketing, profiling, or any other commercial purpose.
4. Data Retention
| Data Type | Where | For How Long |
|---|
| Profile information | Device (local preferences) | Until you delete your account |
| Face photographs | Device (secure local storage) | Until you delete your account |
| Mystic identity card | Device | Until you generate a new reading |
| Ritual completion log | Device (local preferences) | Until you delete your account |
| Live scan imagery | Memory | Discarded immediately when scan ends |
| Account ID (if any) | Device (local preferences) | Until you sign out |
No personal data is permanently stored on our servers. For some operations, your data passes briefly through our infrastructure and is deleted immediately upon completion.
5. Sharing With Third Parties
To run the Service, we work with a limited set of infrastructure providers:
- Apple Inc. — for Sign In, App Store, and subscription processing. Apple's privacy policy applies.
- Cloudflare, Inc. — for transporting the app's backend proxy requests. Cloudflare acts solely as a data processor and does not retain persistent records.
- Anthropic, PBC (Claude AI) — for the face reading and couple compatibility features only, after you grant explicit in-app consent, your face photo and profile information are sent over TLS to Anthropic's API to generate the mystic interpretation. Per Anthropic's commercial terms, image and text inputs sent through the API are not retained beyond the request window and are not used to train Anthropic's models. You can revoke your consent at any time from inside the app via Settings → AI Data Sharing; until consent is granted (or once it is revoked) these features remain locked and no data is sent to Anthropic. Anthropic's privacy policy: anthropic.com/privacy
We do not use any advertising, analytics, or marketing third-party services. Your data is not sold, rented, or transferred to advertising networks.
6. Your Rights Under KVKK
Under KVKK Article 11:
- Right to be informed — Ask which data is being processed
- Right of access — Access to your processed data
- Right of rectification — Correction of incorrectly processed data
- Right of erasure — Deletion of your data (Profile → Delete Account)
- Right to object to processing
- Right to compensation in case of damages
To exercise these rights: support@nazarai.app
7. Your Rights Under GDPR (European Users)
Under GDPR Articles 15-22:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction
- Right to data portability
- Right to object
- Right not to be subject to automated decision-making
For requests: support@nazarai.app
8. Children's Privacy
The App is not intended for users under the age of 13. If we discover that we have collected data from a child under 13, we will delete that data as soon as possible.
For European users, the age threshold is 16 (GDPR Article 8); below this age, parental consent is required.
9. Data Security
- All data transmission is encrypted with TLS 1.3.
- Apple's iOS platform security mechanisms (secure credential storage and app sandbox isolation) are used.
- We do not collect card information, passwords, or sensitive financial data.
- Since we do not retain user data on our servers, the risk of server-side leaks does not apply.
When server-side processing occurs, transmission is performed over enterprise-grade secure infrastructure with encryption.
10. Data Deletion Request
You can delete all your data with one tap via Profile → Delete Account within the App. This action:
- Deletes all profile information from the device
- Deletes face photographs
- Deletes couple compatibility records
- Deletes ritual completion records
- Deletes account ID
- Cannot be undone
The deletion has no server-side counterpart (we do not retain persistent data on our servers).
11. Entertainment Purpose
App content is for entertainment and mystic experience purposes. The interpretations provided:
- Are not medical, psychological, or legal advice
- Do not contain scientifically validated information
- Should not be used to guide your life decisions
For health or life decisions, please consult a licensed professional.
12. Policy Changes
We reserve the right to make changes to this policy. For significant changes:
- The "Last updated" date will be revised
- An in-app notification may be displayed
It is recommended that you review the policy periodically.
13. Contact
For your questions, requests, or concerns:
📧 support@nazarai.app
This policy entered into force on May 7, 2026.