Privacy Policy
Effective date: 2026-05-05 Last updated: 2026-05-05
This Privacy Policy describes how the Yolda app (“the App”) collects, uses, and protects your personal data. It complies with the GDPR, Turkey’s KVKK Law No. 6698, and Apple App Store requirements. The Turkish version is the legally binding version; this English version is for informational purposes.
1. Data Controller
Data Controller: Emre Yıldırım Contact: info.yoldaapp@gmail.com Web: https://yolda-legal.pages.dev
2. Data We Collect
Yolda only collects the minimum data necessary for app functionality and authentication.
2.1 Authentication (Sign in with Apple / Google)
- Email address — provided by Apple or Google (if “Hide My Email” is selected, an
@privaterelay.appleid.comaddress) - First and last name — only as Apple Sign-In provides on first login (Apple does not return this on subsequent logins)
- User identifier — opaque persistent ID provided by Apple or Google
2.2 Usage data
- Tracking numbers you manually add
- Carrier name detected automatically or selected by you
- Parcel notes optional text you add
- Notification preferences — on/off state
2.3 Automatically collected
- Device type and iOS version — for compatibility
- App version — for diagnostics
- Push token (only if notifications are enabled) — to send shipment status updates
2.4 We do NOT collect
- Location data
- Advertising identifiers (IDFA)
- Contacts
- Photos or camera access
- Health, financial, or sensitive data
- Browsing history
3. Purposes of Processing
We process your data to:
- Create and maintain your account (contractual necessity)
- Query carrier APIs for parcels you add (service provision)
- Send push notifications when parcel status changes (consent)
- Diagnose app issues and ensure version compatibility (legitimate interest)
- Verify subscription status with App Store / Apple (contractual necessity)
We do not process your data for advertising, profiling, sales, or marketing.
4. Third-Party Sharing
Yolda shares only the necessary data with the following providers:
| Third party | Shared data | Purpose |
|---|---|---|
| Apple Inc. | Apple ID identifier | Sign in with Apple, subscription management |
| Google LLC | Google account ID, email | Google Sign-In authentication |
| Turkish carriers (Aras, Yurtiçi, PTT, Trendyol Express, Kolay Gelsin, Sürat, DHL eCommerce TR) | Tracking number | Query parcel status |
| Ship24 (UPS only) | Tracking number | Query UPS parcel status |
| Cloudflare Inc. | Email or user ID | Apple Sign In token revocation (only on account deletion) |
These providers process data under their own privacy policies. We do not share your data with any other parties.
5. Data Retention
- Account data: While your account is active. When you delete your account, all local and server data is permanently deleted within 30 days (including backups).
- Parcel history: Stored locally on your device only; deleted when you delete the app or your account. Yolda does not store parcel history on servers.
- Legal retention: No data subject to legal retention requirements is processed.
6. Your Rights
Under GDPR and KVKK Article 11, you have the right to:
- Be informed whether your data is processed
- Request information about processing
- Learn the purpose and whether data is used for that purpose
- Know third parties data is shared with, domestically and abroad
- Request correction of incomplete or inaccurate data
- Request deletion under applicable conditions
- Have corrections/deletions notified to relevant third parties
- Object to outcomes from automated processing
- Demand compensation for damages from unlawful processing
To exercise rights: email info.yoldaapp@gmail.com. We may request additional information to verify your identity. Requests are answered within 30 days.
You can also delete your account in-app via Settings → Danger Zone → Delete Account.
7. Children’s Privacy
Yolda is not directed at users under 13. If you believe a child under 13 has submitted data, contact info.yoldaapp@gmail.com and we will delete it promptly.
8. Security
- All network traffic uses HTTPS/TLS 1.2+
- Authentication tokens are stored in iOS Keychain on the device
- Apple
.p8private keys are stored in Cloudflare Workers Secrets as environment variables — never in source code
We follow industry-standard practices but cannot guarantee absolute security.
9. International Data Transfers
Apple (USA) and Google (USA) process authentication data on their servers. Cloudflare Workers run on a global edge network; your request is processed in the geographically nearest region. These transfers occur with your explicit consent under KVKK Article 9 by your use of the app.
10. Policy Changes
This policy may change. We will notify you in-app of significant changes. Continued use after changes constitutes acceptance of the updated policy.
11. Contact
For questions or requests:
Email: info.yoldaapp@gmail.com Address: [To be specified in App Store Connect]