Privacy Policy

Data Controller: Essentia Memoria
Address: Guzelyurt District, 2148th Street, No: 5/A Block A, Door/Flat No: 217 Esenyurt, Istanbul, Turkey
Contact: contact@essentiamemoria.com
Phone: +90 543 688 76 18 (WhatsApp only)

This policy complies with the European Union General Data Protection Regulation (GDPR) and Turkish Personal Data Protection Law No. 6698 (KVKK / Kişisel Verilerin Korunması Kanunu).

Account data: Username, email address, hashed password, preferred language, avatar image, and bio.

Mood and emotional data (sensitive): Mood entries, mood codes, emotional journal content, Atlas session data, and mindset interactions. This data is classified as sensitive personal data under both GDPR Article 9 and KVKK, as it relates to your psychological state and inner life. It is processed only with your explicit consent.

Usage data: Pages visited, features used, session duration, and interaction patterns — used only for improving the platform.

IP geolocation: Your approximate location (city-level) is derived from your IP address and used exclusively to display the anonymous Presence Map feature. Your exact IP is never stored or shared. You can disable this in your Privacy Settings.

Payment data: Transaction records are handled by third-party processors (LemonSqueezy, Paddle, Gumroad). We store only order confirmations and subscription status — never raw card data.

Communications: Messages sent to us via contact forms or WhatsApp for support purposes.

We use your data to: provide and personalize the platform experience; operate the emotional Atlas and mood tracking features; send essential service communications; process payments; enforce our Terms of Service; and improve our services through aggregated, anonymized analytics.

We never sell your personal data or mood data to any third party. We do not use your data for targeted advertising. We do not share your data with any marketing companies.

Contract: Processing necessary to deliver the service you registered for (account, features, subscriptions).

Consent: Mood data, emotional journal, geolocation for Presence Map — you may withdraw consent at any time.

Legitimate interest: Security monitoring, fraud prevention, platform improvement.

Legal obligation: Retention of financial records as required by Turkish commercial law.

Account data: retained until you delete your account. After deletion, data is held in soft-delete state for 30 days for recovery, then permanently erased. Mood data is deleted immediately upon account deletion request.

Financial records: retained for 10 years as required by Turkish law (Türk Ticaret Kanunu).

Log data: retained for a maximum of 90 days.

Under GDPR and KVKK you have the right to: Access your data; Rectify inaccurate data; Erase your data (right to be forgotten); Restrict processing; Data portability (export as JSON); Object to processing; Withdraw consent at any time.

Export your data: Go to Settings → Privacy → Download My Data
Delete your account: Go to Settings → Account → Delete Account (30-day recovery window)

To exercise any right, email: contact@essentiamemoria.com

Essentia Memoria is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided data, please contact us immediately at contact@essentiamemoria.com and we will delete the data.

We use your IP address to derive your approximate city-level location for the anonymous Presence Map feature only. This is disclosed here in compliance with GDPR transparency requirements. Your exact IP is not permanently stored. You can opt out of geolocation in your profile Privacy Settings.

We use: Google Analytics (anonymized, IP masking enabled); Google reCAPTCHA (spam prevention); LemonSqueezy / Paddle / Gumroad (payment processing); Resend (transactional email). Each of these services has their own privacy policy. We have Data Processing Agreements with each processor as required by GDPR Article 28.

We use industry-standard encryption (AES-256-CBC for sensitive fields, TLS in transit), bcrypt password hashing, JWT-based authentication with short expiry, and regular security audits. No system is 100% secure, but we are committed to protecting your data.

Our servers are located in the EU/EEA. Any transfer of data outside this zone is subject to Standard Contractual Clauses (SCCs) as required by GDPR Chapter V. As a company registered in Turkey, KVKK transfer provisions also apply.

We use essential cookies for authentication and security, and optional analytics cookies. See our full Cookie Policy for details.

We will notify you by email and in-app notification of material changes. Continued use of the platform after 30 days constitutes acceptance.