Who we are (data controller)
Mustafa Baykal (Individual Developer), jurisdiction: Republic of Türkiye.
For all privacy-related questions: support@mustafabaykal.com
What we collect
- Nothing personal. Attention Pulse does not require an account or collect identifying information about you.
Third-party services we use
- RevenueCat (subscription management)
Local-first by default
Attention Pulse stores your training history, streaks, garden state, and settings on your device only. No account required. No data sent to our servers unless you explicitly enable a future cloud-sync feature.
What RevenueCat sees
When you start a free trial or subscribe, Apple's StoreKit forwards a transaction receipt to RevenueCat (our subscription provider) so we can verify your premium status. No personal information beyond an anonymous device identifier is shared.
Your rights
- Access — request a copy of any data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion (see Delete account).
- Portability — receive your data in a machine-readable format.
- Restriction — restrict processing in certain circumstances.
- Objection — object to processing based on legitimate interests.
- Object to automated decisions — the app does not make consequential automated decisions; you may still email us per GDPR Art. 22.
- Withdraw consent — for any processing based on consent.
- Lodge a complaint — with your local supervisory authority (in Türkiye: KVKK; in EU: your national DPA).
Legal bases for processing (GDPR Art. 6)
- Performance of a contract — processing payment receipts via Apple/RevenueCat to provide your subscription.
- Legitimate interests — anonymized analytics + crash reporting to improve the app.
- Consent — health permissions, push notifications, ATT tracking (you can withdraw at any time in iOS Settings).
- Legal obligation — retaining payment records per applicable tax law.
Children
Attention Pulse is not directed at children under 13. We do not knowingly collect data from children under that age. If you believe a child has provided us data, contact support@mustafabaykal.com and we will delete it within 30 days.
Security
We implement industry-standard security measures: TLS 1.3 for all network traffic, encrypted at rest where stored on third-party services, no plaintext credentials, principle of least privilege for data access. No system is 100% secure; if a breach impacts you, we will notify per GDPR Art. 33–34 (within 72 hours of discovery).
California / CCPA
California residents have the right to: (i) know what personal info we collect; (ii) delete personal info; (iii) opt out of sale (we do not sell); (iv) non-discrimination. To exercise: email support@mustafabaykal.com with subject "CCPA request".
Changes
If this policy changes materially, the "Last updated" date will be revised. Significant changes will be flagged in-app and we will provide a 30-day notice period for objection where required by law.
Contact
Privacy questions: support@mustafabaykal.com · Data subject requests: same email, subject "Data subject request".