Vidi

Privacy Policy

Last updated 19 June 2026

This is an initial version of our legal terms. It is being finalised with legal counsel before launch and may change. If anything here is unclear, please contact us before relying on it.

This Privacy Policy explains how [COMPANY LEGAL NAME] ("VidiGame", "we", "us") collects, uses, and protects personal data when you use the VidiGame game, the vidigame.com website, and related services (the "Service"). We are the data controller for this processing. We take privacy seriously, especially because the Service is often used by or for children and involves data about therapy. This policy is written to meet the Turkish Personal Data Protection Law (KVKK, Law No. 6698); where the Service reaches users in the EU, we also aim to follow GDPR principles.

1. Data controller

The controller responsible for your personal data is [COMPANY LEGAL NAME], registered in Türkiye at [REGISTERED ADDRESS] (trade registry / MERSIS no. [MERSIS NO]). For any privacy question, or to exercise your rights, contact us at [KVKK CONTACT EMAIL].

2. The data we collect

Depending on how you use the Service, we may process:

  • Account and identity data: name or display name, email address, the authentication identifier from your sign-in provider, your role (user, supervisor, or admin), and your account status. Passwords are handled by our authentication provider and never stored by us.
  • Therapy and game metrics: gameplay results such as accuracy, reaction time, consistency, session timing, level/exercise progress, and which eye is being trained. Because this relates to a vision condition and supports therapy, we treat it as sensitive data and protect it accordingly.
  • Consent and link records: your processing and sharing consents, when they were given or withdrawn, the version of the terms you accepted, and the history of links between users and supervisors (kept as an audit trail).
  • Subscription and entitlement data: whether you have an active subscription or trial and its status. Payments are processed by the app stores; we receive subscription status, not your full payment-card details.
  • Technical and usage data: device and app information, log data, approximate location inferred from IP, and, with consent where required, analytics about how the Service is used. A device or app identifier counts as personal data even on its own.
  • Communications: messages you send us for support and our replies.

3. Children's data

Accounts must be created and managed by an adult. Where a child does the therapy, the adult account holder provides consent on the child's behalf and is responsible for that child's use. We minimise the data we collect about children to what is needed to provide the therapy and show progress, and we do not use it for advertising or third-party behavioural tracking. If you believe a child has given us data without the proper adult consent, contact us at [KVKK CONTACT EMAIL] and we will delete it.

4. Why we use your data and our legal grounds

We use personal data to provide and operate the Service, to support the therapy and show progress, and to keep the Service secure and working. Under the KVKK, we rely on the following grounds:

  • Performing our contract with you: to create and run your account, deliver the game and dashboards, and manage your subscription.
  • Your explicit consent: to process therapy/game metrics, and to share them with a supervisor you connect with. You can withdraw consent at any time (see "Your choices and rights").
  • Our legitimate interests: to keep the Service secure, prevent abuse, fix problems, and improve features, balanced against your rights.
  • Legal obligations: to meet accounting, tax, consumer-protection, and data-protection requirements.

5. Consent: two separate choices

We keep two consents separate so you stay in control:

Processing consent decides whether we may collect and store therapy/game metrics about you at all. It is captured during onboarding and is required to record progress. If you withdraw it, we stop collecting new metrics going forward.

Sharing consent decides whether a specific supervisor may see your metrics. It is given when you enter that supervisor's connect code and can be revoked at any time per supervisor. Withdrawing either consent does not affect the lawfulness of processing done before withdrawal, and it does not delete data already collected. To remove existing data, delete your account.

6. Who we share data with

We do not sell your personal data. We share it only as needed to run the Service:

  • Supervisors you connect with: an eye-care professional or other supervisor sees your therapy metrics only while your link is active and your sharing consent is in place.
  • Service providers who process data on our behalf, under contract and only on our instructions (see the next section).
  • Authorities or other parties when required by law, to protect our rights or users' safety, or in connection with a corporate transaction such as a merger, with appropriate safeguards.

7. Service providers we rely on

We use trusted providers to deliver the Service. Each processes data only for the purposes we set:

  • Google Firebase: authentication (sign-in and account identity) and operational services such as crash reporting and push notifications.
  • Render: hosting of our backend application and our primary database, which stores your account data and therapy metrics, located in the European Union (Frankfurt).
  • Vercel: hosting of our website and dashboards.
  • RevenueCat, together with the Apple App Store and Google Play, to manage and validate subscriptions and process payments.
  • Analytics providers (such as Firebase Analytics or a comparable tool) to understand usage where this is enabled and, where required, only with your consent.

8. International data transfers

Our primary database is hosted in the European Union, and we aim to keep your therapy and account data there. However, some providers, in particular our authentication provider, may process certain identity data (such as your email) on servers outside Türkiye and the EU. Where personal data is transferred abroad, we rely on the safeguards and conditions allowed under the KVKK (including your explicit consent where applicable) and use providers that offer appropriate protections. Contact us if you would like more detail about these transfers.

9. How long we keep data

We keep personal data for as long as your account is active and as needed to provide the Service, then for any period required to meet legal, accounting, or dispute-resolution obligations. When you delete your account, we erase or anonymise your data: we delete your therapy metrics, end and record the closure of any supervisor links, and replace your account record with an anonymised tombstone that keeps only what is needed for our audit trail and legal duties, with your identifying details removed.

10. How we protect your data

We use technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit, access controls so that supervisors only see data they are authorised and consented to see, and audit logging of consent and link changes. No system is perfectly secure, but we work to protect your data and to meet our legal obligations, including notifying you and the authorities of a data breach where the law requires.

11. Your choices and rights

You can manage much of your data directly: update your profile, withdraw metrics-processing consent, stop sharing with a supervisor, or delete your account entirely, all from your profile. Under the KVKK (Article 11) and, where it applies, the GDPR, you also have the right to:

  • learn whether we process your data and request information about that processing;
  • access your data and request a copy, and ask that it be corrected if it is inaccurate or incomplete;
  • request deletion or anonymisation of your data where the legal conditions are met;
  • object to or request that we restrict certain processing, and withdraw any consent you have given;
  • ask that processing be reconsidered if a decision was made solely by automated means in a way that affects you;
  • lodge a complaint with the Turkish Data Protection Authority (KVKK Kurumu) or your local supervisory authority.

12. Cookies and similar technologies

Our website uses cookies and similar technologies that are necessary to sign you in and keep the site working. Where we use non-essential cookies or analytics that are not strictly necessary, we will ask for your consent first, as required for visitors in Türkiye and the EU, and you can change your choice later.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you and we will update the "last updated" date above. Please review it periodically.

14. Contact us

To ask a question or exercise your rights, contact [COMPANY LEGAL NAME] at [KVKK CONTACT EMAIL], or by post at [REGISTERED ADDRESS]. We will respond within the timeframes set by applicable law.