Privacy Policy
This Privacy Policy describes how heyisoft ("we", "us", "our") handles information when you use the Taslak mobile application (the "App") on iOS and Android.
Taslak is designed to work without a user account. We do not ask for your name, email, phone number, or any other identifier to use the App. Most data Taslak produces stays on your device. Where data must leave your device — to be analyzed by an AI model — we only send what is strictly required to perform the analysis you requested, and we tell you exactly where it goes.
Read this policy carefully. If you do not agree with it, please do not use the App.
1. Who we are
Taslak is published by heyisoft, a software studio operated by Hüseyin İris, based in Türkiye. heyisoft is the controller of any personal data described in this policy for the purposes of the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK — Kişisel Verilerin Korunması Kanunu, Law No. 6698).
You can contact us at any time at heyisoft@gmail.com.
2. What this policy covers
This policy applies to the Taslak mobile application and to the supporting backend service operated by heyisoft (the "Backend") that the App calls in order to run analyses. It does not cover third-party websites, services, or tools that you may access from links inside the App.
3. Information we handle
The information involved in your use of Taslak falls into the following categories.
a) Information you provide when you request an analysis
- Resume file. The PDF or DOCX file you upload (up to 5 MB). This file typically contains personal information you have written into your CV — for example your name, contact details, education, work history, and references.
- Job title. The position name you are targeting.
- Experience level. One of: junior, mid, senior, lead.
- Job description (optional). The job posting text you paste, up to 10,000 characters.
b) Information generated by the App on your device
- Analysis results. The score, category breakdown, missing keywords, and feedback returned by the Backend.
- App preferences. Your settings — language, theme, haptics on/off, etc.
- Onboarding state. A flag remembering that you have completed the onboarding screens.
All of this data lives in encrypted on-device storage (Hive). It is not transmitted anywhere by us, and we do not have access to it.
c) Diagnostic and analytics data
- Anonymous usage events via Google Firebase Analytics — for example when the App is opened, when a screen is viewed, when an analysis is completed. These events are aggregated and used to understand how the App is used in general.
- Device and app metadata automatically collected by the operating system or by Firebase Analytics — App version, device model, OS version, language, country (derived from IP, not stored as IP), and a randomly generated installation identifier that is not linked to you personally and is reset when you reinstall the App.
These analytics identifiers are not linked to your identity and are not used to track you across other apps or websites. We do not use them for advertising. Uninstalling the App stops all analytics collection.
We do not use Firebase Crashlytics, Remote Config, Cloud Messaging, or any advertising SDK. We do not buy or sell personal data.
4. What we do not collect
- No account, email, password, or phone number.
- No precise location data.
- No contacts, calendars, photos, or files other than the resume you choose to upload.
- No browsing history, advertising identifier, or cross-app tracking.
- No biometric data.
5. How we use information
We use the information described above only for the following purposes:
- To deliver the service. We send the resume file, job title, experience level, and (if provided) job description to the Backend so it can produce your analysis and return it to your device.
- To run the AI analysis. The Backend forwards the relevant text to Google Gemini (operated by Google), which is the AI model that performs the resume-versus-job evaluation.
- To improve the App. We use anonymous, aggregated usage events to understand which features are useful and where users get stuck.
- To keep the service safe. We may use technical metadata to detect abuse, rate-limit excessive requests, and prevent fraud.
6. Legal bases (GDPR / KVKK)
Under GDPR, our legal bases for processing are:
- Performance of a contract (Art. 6(1)(b) GDPR): processing your resume and the data you submit is necessary to deliver the analysis you requested.
- Legitimate interests (Art. 6(1)(f) GDPR): aggregate analytics and abuse prevention serve our legitimate interest in operating and improving the App, with minimal impact on your privacy.
Under KVKK, our legal bases (Art. 5) are the establishment and performance of a contract with you, and our legitimate interests, provided they do not override your fundamental rights.
Where a resume contains special categories of data (for example, references to health, union membership, or religion), you submit that data to Taslak voluntarily and at your discretion. You should remove sensitive details from your resume if you do not wish them to be sent to the AI model.
7. Third parties and international transfers
We rely on the following third-party processors:
Google LLC — Gemini API
When you request an analysis, the Backend sends your resume text and (if provided) the job description to Google's Gemini AI model so it can produce the analysis. Google processes this data under its own privacy and security commitments. Google's privacy terms for the Gemini API are available at policies.google.com/privacy.
Google LLC — Firebase Analytics
Anonymous usage events are sent to Firebase Analytics. No personal identifiers are attached to these events. Firebase privacy details: firebase.google.com/support/privacy.
Cloud infrastructure
The Backend and supporting infrastructure run on commercial cloud providers, which process data on our behalf under standard data processing terms.
Several of these providers are located outside of Türkiye and the European Economic Area (primarily in the United States). Where data is transferred internationally, we rely on safeguards published by those providers — including, where applicable, the European Commission's Standard Contractual Clauses and equivalent KVKK safeguards under Art. 9 of Law No. 6698.
8. Retention
- Backend. The Taslak Backend is stateless. The resume content and job description you submit are processed in memory to fulfill your request and are not persisted on our servers after the response is returned to your device. We may retain short-lived, anonymized logs (request timestamps, status codes, no resume content) for up to 30 days for operational and abuse-prevention purposes.
- On-device storage. Analysis history and preferences remain on your device until you delete an analysis from inside the App, clear the App's history, or uninstall the App.
- Analytics. Anonymous Firebase Analytics events are retained according to your Firebase project's data retention setting, which we configure to the minimum supported period.
9. Security
We take reasonable technical and organizational measures to protect data in transit and at rest. The App communicates with the Backend over HTTPS (TLS 1.2+). On-device storage uses the encryption provided by the operating system. No internet-connected service can be guaranteed 100% secure, but we work to keep risk low.
10. Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your personal data.
- Object to or restrict certain processing.
- Request portability of data you provided to us.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a data protection authority — in Türkiye the Kişisel Verileri Koruma Kurulu (KVKK), and in the EU your local supervisory authority.
Because Taslak does not require a user account, most of your data stays on your device and is under your direct control:
- To delete an analysis, open it in the History tab and use the delete option, or clear all history from Settings.
- To delete all data, uninstall the App.
For requests that involve our records (for example, abuse-prevention logs), email heyisoft@gmail.com. We will respond within 30 days. We may ask for information needed to verify your request.
11. Children
Taslak is a tool for job seekers and is not directed at children. You must be at least 16 years old — or the minimum digital-consent age in your country, and in no case under 13 — to use the App. We do not knowingly collect personal data from children below this age. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this policy from time to time. The "Effective" date at the top reflects the most recent change. Material changes will be highlighted in the App or via our store listings. Your continued use of Taslak after a change means you accept the updated policy.
13. Contact
This document is provided for transparency. It is not legal advice. If you operate under different laws than those referenced above and require region-specific disclosures, please contact us.