Privacy Policy
Last Updated: July 6, 2026
1. Introduction
As the Drivarc application, we value our users' privacy and data security. This Privacy Policy ("Policy") explains what information we collect when you use the Drivarc application ("App"), how we use it, and how we protect it.
Data Controller: Under this Policy, Drivarc is the data controller. You can use the contact information below for any questions or requests regarding our data processing activities.
Policy Version: 2.0 - Effective Date: July 6, 2026
This Policy covers the following topics: Types of data collected, purposes and legal bases of data usage, data retention periods, user rights, third-party services, international data transfers, cookie policy, data security measures, and contact information.
2. Data Collection
When you use our app, we may collect the following personal data:
• Vehicle Information: Brand, model, year, license plate, VIN number (stored only, not used for any other purpose), color, mileage
• Maintenance Records: Maintenance type, date, mileage, cost, photos
• Fuel Records: Fuel type, liters, amount, date, mileage, efficiency data
• User Information: Google account information (email, name, profile photo)
• Notification Information: Technical information needed to send notifications (device token, preferences)
• Usage Statistics: Anonymous usage data and error reports to improve app performance
• Advertising ID: Device advertising ID used by Google AdMob for ad personalization
• Device Information: Operating system version, device model, app version
• Session and Log Data: In-app interactions, error logs, performance metrics
• Payment Information: Drivarc does not directly collect payment information. Payments are processed by RevenueCat and Google Play Store; Drivarc does not have access to your payment details.
• Receipt Feedback: Optionally, unrecognized receipt photos (for system development)
• Approximate Location: May be used by Google AdMob for ad targeting (can be disabled in device settings)
3. Data Usage Purposes
Your personal data is processed based on the following legal bases and purposes under KVKK Art. 5-6 and GDPR Art. 6:
Contractual Necessity (KVKK Art. 5/2-c, GDPR Art. 6/1-b):
• To provide app functionality (vehicle tracking, maintenance reminders, fuel analysis)
• To send you notifications (maintenance reminders and important notifications)
• To synchronize your data across your devices
• Premium subscription management and payment processes
Explicit Consent (KVKK Art. 5/1, GDPR Art. 6/1-a):
• Use of receipt photos you submit to improve the OCR scanning system
• Ad personalization (use of Google AdMob advertising ID)
• Location data collection (optional)
Legitimate Interest (KVKK Art. 5/2-f, GDPR Art. 6/1-f):
• To improve the app and fix errors
• To collect anonymous usage statistics
• To ensure security and fraud prevention
• Performance monitoring and error reporting (Sentry)
Legal Obligation (KVKK Art. 5/2-c, GDPR Art. 6/1-c):
• To fulfill legal obligations
• Data breach notification obligations
• Cooperation with authorized public authorities
4. Data Storage and Security
Your data is stored in the following ways and retained for the periods specified below:
Storage Environments:
• Device-First Storage: Your data is stored locally on your device (local-first)
• Offline Access: Stored locally on your device for offline access
• Backup: Encrypted backups of Premium users are stored in Google Drive
Retention Periods:
• Vehicle and Maintenance/Fuel Records: Retained while account is active. Permanently deleted upon account deletion.
• User Account Information (email, name): Retained while account is active.
• Usage Statistics and Log Records: Retained for a maximum of 12 months, then anonymized or deleted.
• Error Reports (Sentry): Retained for a maximum of 90 days.
• Receipt Photos: Retained until account deletion. Cloud backup available for Premium users.
• Payment Records: Retained for 10 years due to legal obligations (Drivarc does not see payment details; retained by RevenueCat/Google Play Store).
• Google Drive Backups: Retained until manually deleted. Only the latest 1 automatic backup is kept.
Security Measures:
• Encryption: All backup data is encrypted with AES-256-GCM standard. The local database is stored unencrypted on your device and is protected only by your device screen lock.
• Transmission Security: Data transmission occurs over HTTPS
• Data Separation: Each user's data is stored on their own device and their own Google Drive account
• Access Control: Only you can access your data. Drivarc does not operate its own servers.
To delete your account, go to Settings > Delete Data. When you request data deletion, after your identity is confirmed via biometric authentication, your data will be securely and permanently deleted. Data that must be retained due to legal obligations (if any) is excluded from this scope.
5. User Rights
Under KVKK Art. 11 and GDPR Art. 13-22, you have the following rights. You can use the contact channels in Section 17 to exercise these rights:
• Access to Data (KVKK Art. 11/1-a, GDPR Art. 15): You can access all your collected data and learn what data is being processed.
• Data Correction (KVKK Art. 11/1-d, GDPR Art. 16): You can correct incorrect or incomplete data.
• Data Deletion (KVKK Art. 11/1-e, GDPR Art. 17 - "Right to be Forgotten"): You can delete all your data (Settings > Delete Data). For security, deletion requires biometric authentication (fingerprint or face recognition) or device screen lock.
• Data Portability (KVKK Art. 11/1-f, GDPR Art. 20): You can export your data as PDF report (Settings > PDF Report). You can request your data in a structured, commonly used, and machine-readable format.
• Restrict Processing (GDPR Art. 18, KVKK Art. 11/1-g): You can request restriction of processing in certain circumstances (e.g., while contesting accuracy).
• Right to Object (KVKK Art. 11/1-g, GDPR Art. 21): You can object to processing based on legitimate interest. Your data will then not be processed unless we demonstrate compelling legitimate grounds.
• Withdraw Consent (GDPR Art. 7/3): You can withdraw your consent at any time for processing based on explicit consent. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Object to Automated Decisions (GDPR Art. 22): You have the right not to be subject to decisions based solely on automated processing, including profiling.
• Right to Complain (KVKK Art. 14, GDPR Art. 77): You can lodge a complaint with the Personal Data Protection Authority (KVKK) or the data protection authority of your country of residence.
You can exercise the above rights free of charge. Your requests will be concluded within 30 days at the latest. This period may be extended by 30 days due to the complexity or number of your requests, and you will be notified of this.
6. Third Party Services
Our app uses the following third-party services. Each service processes data within the framework of its own privacy policy:
1. Google (Authentication and Account Management)
• Data Processed: Email address, name, profile photo
• Purpose: Sign in with Google account and authentication
• Data Controller: Google LLC / Google Ireland Limited
• Policy: https://policies.google.com/privacy
2. Google AdMob (Advertising)
• Data Processed: Advertising ID, device information, approximate location, app usage data
• Purpose: In-app ad display and personalization
• Data Controller: Google LLC / Google Ireland Limited
• Policy: https://policies.google.com/privacy
• User Options: Ad personalization can be disabled from device settings > Google > Ads
3. Google Drive (Cloud Storage)
• Data Processed: Encrypted backup data (vehicle, fuel, maintenance records)
• Purpose: Automatic backup and cross-device sync for Premium users
• Data Controller: Google LLC / Google Ireland Limited
• Policy: https://policies.google.com/privacy
4. Google ML Kit (OCR - Receipt Scanning)
• Data Processed: Receipt photos (temporarily processed, not stored on server)
• Purpose: Text recognition and digitization from receipts
• Data Controller: Google LLC / Google Ireland Limited
• Policy: https://policies.google.com/privacy
5. RevenueCat (Subscription Management)
• Data Processed: Subscription status, purchase history, app-specific identifier (payment details not stored)
• Purpose: Premium subscription management and verification
• Data Controller: RevenueCat, Inc.
• Policy: https://www.revenuecat.com/privacy
• Note: RevenueCat, Inc. (US-based) is subject to Standard Contractual Clauses for international data transfer. See Section 13 for details.
6. Sentry (Error Reporting and Performance Monitoring)
• Data Processed: Error logs, performance metrics, device information (does not contain personal data)
• Purpose: Detect app errors and monitor performance
• Retention Period: 90 days
• Data Controller: Functional Software, Inc. (Sentry)
• Policy: https://sentry.io/privacy/
6.1. Premium Features and Subscription
While the Drivarc app offers basic features for free, it offers a Premium subscription option for advanced features:
• Cloud photo storage (vehicle, receipt and maintenance photos)
• Advanced PDF reports (graphs, recommendations)
• Priority support
• Ad-free experience
Premium subscription is managed through the RevenueCat platform. Monthly and annual plans are available. You can cancel your subscription at any time. In case of cancellation, you will continue to have access to Premium features until the end of the current payment period. The return policy is subject to the rules of your affiliated app store (Google Play Store).
Premium subscription automatically renews. The next period fee will be charged to your account 24 hours before the end of the current period. You can turn off auto-renewal in your device's store settings.
7. Advertising
Drivarc app may display advertisements through Google AdMob. These ads are shown to users of the free version of the app.
What you should know about ads:
• Ad Provider: Google AdMob is the third-party ad platform used to display our advertisements.
• Ad Types: Banner ads, interstitial ads, and rewarded ads may be displayed.
• Data Usage: Google AdMob may collect information such as device ID, advertising ID, app usage data, and approximate location to show relevant ads. Collection and processing of this data is subject to Google's privacy policy.
• User Options: Users can disable ad personalization or reset their advertising ID from their device settings.
Premium subscribers enjoy an ad-free experience.
8. App Permissions
Drivarc app uses the following device permissions:
• Camera Permission: Used for receipt scanning (OCR), taking vehicle photos, maintenance and expense attachments. This permission is optional; if denied, manual entry can be used.
• Notification Permission: Used to send maintenance reminders and important notifications. This permission is optional and can be managed in device settings.
• Storage Permission: Used to save and upload photos and documents. This permission is optional; if denied, photo upload feature will not work.
• Biometric Permission (Fingerprint / Face Recognition): Used for authentication on sensitive operations such as data deletion. Biometric data remains on your device and is never sent to Drivarc.
• Location Permission: Optionally used to record station location during fuel entry. This permission is entirely optional and not mandatory. Location data is only collected when you explicitly enable it.
• Network State: Used to check offline/online status and manage synchronization.
All permissions are used with your notification and consent within the app. You can revoke permissions at any time from your device settings.
9. Analytics and Crash Reporting
To improve our app and optimize user experience, we use Sentry for error reporting:
• Sentry: Used to report app crashes and errors. Error reports contain technical information about the cause of the error and how to fix it, but do not include your personal data.
Collected data is used solely for app improvements and bug fixes. It is not shared with third parties or used for advertising purposes.
10. Data Encryption and Backup
We provide multi-layered protection for your data security:
• Encryption: All backup data is encrypted with AES-256-GCM standard. This is an industry-standard encryption method.
• Backup System: For Premium users, your data is automatically backed up to Google Drive. Backup is triggered when changes are made to your data.
• Backup Retention: Backups are stored in your Google Drive until manually deleted. Only the latest auto-backup is retained; older auto-backups are cleaned up.
• Cloud Storage: Encrypted backups are stored securely in Google Drive.
• Local Storage: Your data is stored in SQLite database on your device and is available for offline access.
• Synchronization: Cross-device data synchronization occurs over secure connection (HTTPS).
11. Data Breach Notification
Since Drivarc does not operate its own servers, your data is stored only on your device and in your Google Drive account:
• Device loss or theft: Your data is protected by your device's screen lock. You can use Google Drive backups for data recovery.
• Third-party service breaches: In the event of a data breach at services like Google Drive or Sentry, the relevant service's own notification procedures apply.
• Notification: As Drivarc, we will inform you via in-app notification and/or email in case of data breaches reported to us that affect our users.
12. Data Sharing
Your personal data is not shared with third parties except in the following cases:
• Legal obligations: As required by court order or legal obligations
• Service providers: Only to the extent necessary for service provision with third-party services mentioned in Section 6
• User consent: With your explicit consent
Your data is not shared with third parties in association with your personal identity for advertising purposes.
13. International Data Transfer
Drivarc uses global services such as Google, Google Drive, Google AdMob, and Sentry. Therefore, your data may be processed and stored on servers outside Turkey. The main countries where data is transferred are: the United States (US) and the European Economic Area (EEA) countries.
For international transfer of your data, the following safeguards are applied:
• Adequacy Decision (KVKK Art. 9, GDPR Art. 45): Data is transferred to countries deemed to have an adequate level of protection by the European Commission.
• Standard Contractual Clauses (SCC - GDPR Art. 46): For transfers to countries without an adequacy decision (e.g., US), Standard Contractual Clauses approved by the European Commission are applied. These clauses ensure that your data is protected at GDPR level even in the receiving country.
• Data Minimization: Only data necessary for service provision is transferred in international transfers.
• Additional Safeguards: Google has the necessary certifications and mechanisms for compliance with US data protection laws (e.g., Data Privacy Framework).
14. Future Features
The following features may be added to Drivarc in the future:
• Fleet Management: Corporate features for companies to manage multiple vehicles from a single dashboard
• AI-Powered Fault Detection: Vehicle fault detection from voice or text symptoms
• Personal Assistant: Maintenance timing and fuel savings recommendations
• Location-Based Features: Find nearby fuel stations, service centers, and car washes
• Business Partnerships: Integrations with service, insurance, and spare parts companies
When these features are added, data collection and usage practices will be updated and users will be notified. Use of new features will be optional.
15. Cookies
Our app does not directly use cookies. However, Google, Google AdMob, and Google Drive services may use their own cookies.
For third-party cookies, you have the right to:
• Accept all cookies
• Reject non-essential cookies
• Manage your preferences via your device settings > Google > Ads
Your consent is obtained before any third-party cookies are placed. You can withdraw your consent at any time through your device settings.
16. Policy Changes
Changes to this Privacy Policy will be notified within the app. Users will be notified of significant changes. Policy changes take effect on the date they are published within the app.
17. Contact
If you have questions about our privacy policy or want to exercise your data rights, you can contact us through the following channels:
Data Controller: Drivarc
EU GDPR Representative (GDPR Art. 27): For users residing in the European Economic Area, Drivarc can be reached via the following contact address for GDPR-related matters: contact@drivarc.com
Contact Channels:
• Email: contact@drivarc.com
• In-App Feedback: Settings > Feedback
• Data Subject Request: You may submit your requests under GDPR Art. 15-22 and KVKK Art. 11 via email. Your request will be answered within 30 days at the latest.
Supervisory Authority:
Personal Data Protection Authority (KVKK)
Address: Nasuh Akar Mahallesi, Ziyabey Caddesi, 1407. Sokak, No:4, 06520, Balgat / Çankaya / ANKARA / TURKEY
Web: https://www.kvkk.gov.tr
Contact Center: +90 312 456 25 56
We kindly request that you contact us first before applying to KVKK. If we can resolve your issue, there will be no need for a formal application process.