Who we are (data controller)
Mustafa Baykal (Individual Developer), jurisdiction: Republic of Türkiye.
For all privacy-related questions: support@mustafabaykal.com
What we collect
- Nothing personal. Monkumo does not require an account or collect identifying information about you.
Third-party services we use
- RevenueCat (subscription management)
Local-first by default
Monkumo stores your training history, streaks, garden state, and settings on your device only. No account required. No data sent to our servers unless you explicitly enable a future cloud-sync feature.
What RevenueCat sees
When you start a free trial or subscribe, Apple's StoreKit forwards a transaction receipt to RevenueCat (our subscription provider) so we can verify your premium status. No personal information beyond an anonymous device identifier is shared.
Your rights
- Access — request a copy of any data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion (see Delete account).
- Portability — receive your data in a machine-readable format.
- Restriction — restrict processing in certain circumstances.
- Objection — object to processing based on legitimate interests.
- Object to automated decisions — the app does not make consequential automated decisions; you may still email us per GDPR Art. 22.
- Withdraw consent — for any processing based on consent.
- Lodge a complaint — with your local supervisory authority (in Türkiye: KVKK; in EU: your national DPA).
Legal bases for processing (GDPR Art. 6)
- Performance of a contract — processing payment receipts via Apple/RevenueCat to provide your subscription.
- Legitimate interests — anonymized analytics + crash reporting to improve the app.
- Consent — health permissions, push notifications, ATT tracking (you can withdraw at any time in iOS Settings).
- Legal obligation — retaining payment records per applicable tax law.
Children
Monkumo is not directed at children under 13. We do not knowingly collect data from children under that age. If you believe a child has provided us data, contact support@mustafabaykal.com and we will delete it within 30 days.
Security
We implement industry-standard security measures: TLS 1.3 for all network traffic, encrypted at rest where stored on third-party services, no plaintext credentials, principle of least privilege for data access. No system is 100% secure; if a breach impacts you, we will notify per GDPR Art. 33–34 (within 72 hours of discovery).
California / CCPA
California residents have the right to: (i) know what personal info we collect; (ii) delete personal info; (iii) opt out of sale (we do not sell); (iv) non-discrimination. To exercise: email support@mustafabaykal.com with subject "CCPA request".
Changes
If this policy changes materially, the "Last updated" date will be revised. Significant changes will be flagged in-app and we will provide a 30-day notice period for objection where required by law.
Contact
Privacy questions: support@mustafabaykal.com · Data subject requests: same email, subject "Data subject request".