Legal · Taslak

Privacy Policy

Effective: May 30, 2026 Version: 1.0

This Privacy Policy describes how heyisoft ("we", "us", "our") handles information when you use the Taslak mobile application (the "App") on iOS and Android.

Taslak is designed to work without a user account. We do not ask for your name, email, phone number, or any other identifier to use the App. Most data Taslak produces stays on your device. Where data must leave your device — to be analyzed by an AI model — we only send what is strictly required to perform the analysis you requested, and we tell you exactly where it goes.

Read this policy carefully. If you do not agree with it, please do not use the App.

1. Who we are

Taslak is published by heyisoft, a software studio operated by Hüseyin İris, based in Türkiye. heyisoft is the controller of any personal data described in this policy for the purposes of the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK — Kişisel Verilerin Korunması Kanunu, Law No. 6698).

You can contact us at any time at heyisoft@gmail.com.

2. What this policy covers

This policy applies to the Taslak mobile application and to the supporting backend service operated by heyisoft (the "Backend") that the App calls in order to run analyses. It does not cover third-party websites, services, or tools that you may access from links inside the App.

3. Information we handle

The information involved in your use of Taslak falls into the following categories.

a) Information you provide when you request an analysis

b) Information generated by the App on your device

All of this data lives in encrypted on-device storage (Hive). It is not transmitted anywhere by us, and we do not have access to it.

c) Diagnostic and analytics data

These analytics identifiers are not linked to your identity and are not used to track you across other apps or websites. We do not use them for advertising. Uninstalling the App stops all analytics collection.

We do not use Firebase Crashlytics, Remote Config, Cloud Messaging, or any advertising SDK. We do not buy or sell personal data.

4. What we do not collect

5. How we use information

We use the information described above only for the following purposes:

6. Legal bases (GDPR / KVKK)

Under GDPR, our legal bases for processing are:

Under KVKK, our legal bases (Art. 5) are the establishment and performance of a contract with you, and our legitimate interests, provided they do not override your fundamental rights.

Where a resume contains special categories of data (for example, references to health, union membership, or religion), you submit that data to Taslak voluntarily and at your discretion. You should remove sensitive details from your resume if you do not wish them to be sent to the AI model.

7. Third parties and international transfers

We rely on the following third-party processors:

Google LLC — Gemini API

When you request an analysis, the Backend sends your resume text and (if provided) the job description to Google's Gemini AI model so it can produce the analysis. Google processes this data under its own privacy and security commitments. Google's privacy terms for the Gemini API are available at policies.google.com/privacy.

Google LLC — Firebase Analytics

Anonymous usage events are sent to Firebase Analytics. No personal identifiers are attached to these events. Firebase privacy details: firebase.google.com/support/privacy.

Cloud infrastructure

The Backend and supporting infrastructure run on commercial cloud providers, which process data on our behalf under standard data processing terms.

Several of these providers are located outside of Türkiye and the European Economic Area (primarily in the United States). Where data is transferred internationally, we rely on safeguards published by those providers — including, where applicable, the European Commission's Standard Contractual Clauses and equivalent KVKK safeguards under Art. 9 of Law No. 6698.

8. Retention

9. Security

We take reasonable technical and organizational measures to protect data in transit and at rest. The App communicates with the Backend over HTTPS (TLS 1.2+). On-device storage uses the encryption provided by the operating system. No internet-connected service can be guaranteed 100% secure, but we work to keep risk low.

10. Your rights

Subject to applicable law, you have the right to:

Because Taslak does not require a user account, most of your data stays on your device and is under your direct control:

For requests that involve our records (for example, abuse-prevention logs), email heyisoft@gmail.com. We will respond within 30 days. We may ask for information needed to verify your request.

11. Children

Taslak is a tool for job seekers and is not directed at children. You must be at least 16 years old — or the minimum digital-consent age in your country, and in no case under 13 — to use the App. We do not knowingly collect personal data from children below this age. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. The "Effective" date at the top reflects the most recent change. Material changes will be highlighted in the App or via our store listings. Your continued use of Taslak after a change means you accept the updated policy.

13. Contact

Questions about your data?

Reach us at the address below. We read every message.

This document is provided for transparency. It is not legal advice. If you operate under different laws than those referenced above and require region-specific disclosures, please contact us.