← Babil

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how Salim Can Yılmaz ("Developer", "we", "us"), an individual developer resident in Türkiye, collects, uses, and protects your information when you use the Babil mobile application ("the app", "Babil"). By using Babil, you agree to the practices described below.

Contact for privacy matters: support@babilfinance.com

1. Information We Collect

We only collect information that is necessary to operate the app:

What we do NOT collect:
Babil contains no advertising, no behavioral analytics, no crash reporting services, and no third-party tracking SDKs. We do not collect your location, contacts, photos, device identifiers (IDFA / GAID), or any usage analytics. Other than your account details and the subscription status described above, the only data we hold is what you manually enter into the app.

Device permissions we request:

We do not request access to your camera, microphone, contacts, location, or photo library.

2. How We Use Your Information

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored securely using Supabase, our backend and database provider, on protected cloud infrastructure. Passwords are encrypted and never stored in plain text. A local backup copy of your data may also be kept on your device to allow the app to function.

Supabase operates under a Data Processing Agreement (DPA) that complies with international data protection standards, including encryption of data in transit and at rest. We remain committed to protecting your information in accordance with applicable privacy laws.

Biometric Login (Face ID / Fingerprint):
If you enable biometric login, Babil uses your device's built-in biometric authentication system (Face ID on iOS, fingerprint on Android) to verify your identity. Babil never accesses, processes, or stores your biometric data (face scans or fingerprints) — this authentication is handled entirely by your device's operating system.

As a result of a successful biometric verification, Babil stores a secure session token (a Supabase refresh token) in your device's encrypted secure storage (iOS Keychain / Android Keystore). This token allows the app to restore your session without re-entering your password. It is not biometric data and is never transmitted to us in a form that could identify your biometrics.

Your password is never stored. You can disable biometric login at any time from Profile → Security. Disabling it permanently removes the stored session token from your device.

While we take reasonable measures to protect your information, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

Data breach notification:
In the event of a data breach that affects your personal information, we will notify you via the email address associated with your account within 72 hours of becoming aware of the breach, where technically feasible. The notification will describe the nature of the breach, the data affected, and the steps we are taking in response. We will also notify the relevant data protection authority as required by applicable law (Turkish KVKK İdaresi and/or other applicable regulators).

4. Third-Party Services

Babil relies on the following service providers strictly to operate the app:

These providers process data only as needed to provide their service and are bound by their own privacy policies.

Subscriptions and purchases: Babil offers optional paid subscriptions (Premium and Unlimited). Subscriptions are sold and processed by the Google Play Store (and, in the future, the Apple App Store), which handle all payment details. We use RevenueCat to validate purchases and to track which plan you are entitled to. We never collect or store your payment card information.

5. Data Retention

We retain your personal information and financial data for as long as your account is active.

When you delete your account (Profile → Delete Account):

Subscriptions: Deleting your account does not automatically cancel an active subscription. Auto-renewable subscriptions continue under your Google or Apple account until you cancel them in the Google Play Store or Apple App Store. Records of your purchases and subscription status — held by us, by RevenueCat, and by the app stores — may be retained as required to provide the service and to meet legal, tax, and app-store record-keeping obligations, even after your account is deleted.

We do not retain personal data beyond what is needed to operate the service or comply with applicable legal obligations. In the event of a legal hold (for example, in response to a valid court order), we will notify you to the extent permitted by law.

If you have questions about the retention of specific data, contact us at support@babilfinance.com.

6. Your Rights

You have the right to:

Most of these actions can be performed directly within the app (e.g., account deletion, profile updates). For additional requests, contact us at support@babilfinance.com.

7. Your Rights Under Turkish Law (KVKK)

If you are located in Turkey, the Law on Protection of Personal Data (KVKK No. 6698) grants you additional rights:

To exercise any of these rights, please contact us at support@babilfinance.com with your request details. We will respond to your request within the timeframe specified by Turkish law (30 days, extendable to 60 days where necessary).

8. International Data Transfers

Your data is stored and processed using third-party infrastructure that may be located outside of Turkey, including in the United States and/or the European Economic Area.

Service providers involved in international transfers:

Under Turkish law (KVKK Article 9):
By registering an account, you explicitly and freely consent to the transfer of your personal data to countries that have not been declared adequate by the Turkish Data Protection Authority (KVKK İdaresi). This transfer is protected by the following safeguards:

(a) Data in transit is encrypted using TLS. Data at rest is encrypted by Supabase on its storage infrastructure.
(b) Supabase processes data under a formal Data Processing Agreement (DPA) that includes standard contractual protections.
(c) Only the minimum data necessary to operate the service is transferred (account credentials, financial records you enter, and optional profile information).

You may withdraw this consent at any time by deleting your account (Profile → Delete Account). Withdrawal of consent means we can no longer provide the service, as cloud storage is essential to app functionality.

9. Users in the European Union (GDPR)

If you are located in the European Union, the General Data Protection Regulation (GDPR) may apply to your personal data.

Our legal bases for processing your data are:

You have the rights described in Section 6. To exercise these rights or to lodge a complaint with your local data protection authority, contact us at support@babilfinance.com.

Note: Babil is operated by an individual developer and does not fall under the mandatory GDPR registration thresholds. However, we are committed to handling EU user data in accordance with GDPR principles.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights regarding your personal information.

Categories of personal information we collect:

We do NOT sell your personal information. We do not share personal information with third parties for cross-context behavioral advertising.

Your CCPA rights:

To exercise these rights, contact us at support@babilfinance.com. We will respond within 45 days as required by CCPA.

11. Children's Privacy (COPPA)

Babil is intended for users aged 13 and older and is not directed to children under the age of 13. We do not knowingly collect, maintain, or use personal information from children under 13.

If we discover that a child under 13 has created an account or provided personal information, we will promptly delete that information and close the account.

If you are a parent or legal guardian and believe your child under 13 has used Babil, please contact us immediately at support@babilfinance.com and we will take appropriate action.

Users between the ages of 13 and 18 should review this Privacy Policy with a parent or guardian before using Babil.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the app, our practices, or applicable laws.

When we make material changes, we will notify you by:

Minor changes (such as clarifications or corrections) will be reflected by updating the "Last updated" date on this page.

Continued use of Babil after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.

13. Contact Us

For questions about this Privacy Policy, your data rights, or to exercise any rights described in this policy:

Data Controller: Salim Can Yılmaz (individual developer, Türkiye)
Email: support@babilfinance.com

We aim to respond to all requests within 30 days.