This Privacy Policy explains how personal data of users of the Wunbek and Wunbek Business mobile applications ("App") is collected, used, stored, and protected.
1. Data Controller
- Brand: Wunbek
- Operator: Ferhat Demir (Individual developer / Operator of the Wunbek brand)
- Email: wunbek@gmail.com
- Support: destek@wunbek.com
- Web: https://wunbek.com
2. Personal Data We Collect
2.1. Account and Profile Information
- First name, last name
- Email address
- Phone number
- City
- Profile photo (optional)
- Password (stored encrypted; the raw value cannot be retrieved)
2.2. Usage Data
- Appointment history (date, time, salon, service, price)
- Favorite salons/barbers/stylists
- Reviews and ratings
- Loyalty points and referral code usage
- Chat messages (communication with salons/businesses)
2.3. Device and Technical Data
- Device notification token (Firebase Cloud Messaging — for push notifications)
- App version
- Operating system and version
- Language and region
- Anonymous usage statistics (screen views, crash reports)
2.4. Camera and Gallery
- To upload a profile photo: camera or gallery access (with user permission)
- For the AI Stylist feature: uploaded photos (see Section 2.5)
2.5. AI Stylist Feature
Photos you upload are sent to Google Gemini API to generate hair/beard/makeup style suggestions. For that service's data processing policy: ai.google.dev/gemini-api/terms. Uploaded photos are sent from your device to the Gemini API over TLS encryption and are not retained long-term on Wunbek servers.
2.6. Location Data
The App may require approximate device location for map and "nearby salons" features. Location access is requested only while you actively use the App (foreground) and becomes active only with your permission. Your location does not leave your device and is not transmitted to Wunbek servers.
2.7. Additional Data for Business Users (Wunbek Business)
Salon/clinic businesses provide the following during registration:
- Business name, address, phone, website
- Staff information (name, specialty, photo)
- Service catalog and prices
- Clinic modules: anamnesis forms, treatment protocols, patient tracking data
Patient health data entered into the App by clinic businesses is the data controller responsibility of the respective business. Wunbek only provides infrastructure as a data processor.
3. Purposes of Data Processing
Your personal data is processed for the following purposes:
- Creating and verifying your account
- Enabling you to book, manage, and receive reminders for appointments
- Providing the most suitable salon/service recommendations
- Transmitting information required for payments (to be integrated in the future)
- Push notifications (appointment confirmations, reminders, campaigns)
- Providing customer support
- Improving the App and fixing bugs
- Fulfilling legal obligations
4. Third Parties with Whom Data is Shared
The following service providers may access your data as contracted data processors:
| Service | Purpose | Data Location | Policy |
|---|---|---|---|
| Supabase (Supabase Inc., USA) | User account, database, storage | EU/USA | Link |
| Firebase Cloud Messaging (Google LLC, USA) | Push notification delivery | Global | Link |
| Google Gemini API (Google LLC, USA) | AI Stylist photo analysis | USA | Link |
| Apple App Store / Google Play | App distribution, payment infrastructure | Global | Apple · Google |
Wunbek does not sell your personal data to third parties for marketing purposes.
5. Data Retention
- Active accounts: For the duration your account is active
- Deleted accounts: Within 30 days of an account deletion request, all your personal data is deleted (except for statutory retention obligations)
- Appointment records: 5 years per tax legislation (for Turkey)
- Reviews and ratings: Anonymized after account deletion
- Push tokens: Deleted when you sign out of the device
- Chat messages: Automatically archived after 2 years
6. Your Rights
Under GDPR and KVKK (Turkish Law No. 6698) you have the following rights:
- Right of access: To learn which of your data is being processed
- Right of rectification: To request correction of inaccurate data
- Right to erasure: To request deletion of your account and data ("right to be forgotten")
- Right to portability: To request your data be transferred to another service
- Right to object: To object to certain processing activities
- Right to withdraw consent: To withdraw explicit consent you previously provided
To exercise your rights: email wunbek@gmail.com. A response will be provided within 30 days.
Account deletion: You may request deletion in-app via Profile > Delete Account or at wunbek.com/delete-account.
7. Children
Wunbek is not a service directed at children under 13. We do not knowingly collect data from users under 13. If we learn that a child has provided us with data, we will promptly delete the account.
8. Security
- All communication is protected with TLS 1.2+ encryption
- Passwords are one-way hashed with bcrypt; raw values are not stored
- Database access is restricted with Row-Level Security (RLS) policies
- FCM tokens are readable only by the owning user
- Payment information is not stored on Wunbek servers
9. Cookies and Similar Technologies
The mobile application does not use cookies. The web version uses only necessary cookies required for session management; there are no advertising or analytics cookies.
10. International Data Transfers
Your data may be processed on servers located in the European Union and/or the United States. Such transfers occur under Standard Contractual Clauses (SCC) and GDPR Article 46 safeguards.
11. Policy Changes
We may update this Policy. In case of material changes, we will notify you via in-app notification and email. The current version is always available at this page.
12. Contact
For privacy-related questions and requests:
- Email: wunbek@gmail.com
- Support: destek@wunbek.com
- Web: https://wunbek.com