Privacy Policy
Last updated: April 27, 2026
This Privacy Policy explains how Noydo (operated by Oktay Kırık) ("Noydo", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our website, mobile application, and related services (collectively, the "Service").
We are the data controller for the personal information processed under this Policy. If you have any questions, you can reach us at privacy@noydo.com.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: email address and optional display name or full name. Noydo is passwordless — we never collect, store, or transmit a password for your Noydo account. You sign in with a one-time link sent to your email or with a third-party provider (see Section 1.2).
- Profile information: any additional information you add to your profile, such as an avatar URL.
- Communications: messages you send us when you contact support or request information.
1.2 Information From Third-Party Sign-In Providers
If you sign in with Google or GitHub, the provider shares limited profile information with us (typically your email address, name, and unique user identifier). We do not receive your provider password. You can review and revoke access at any time through your Google or GitHub account settings.
1.3 Information Collected Automatically
- Authentication cookies and tokens: required to keep you signed in. On the web, these are stored as HTTP-only cookies. On mobile, session tokens are stored on your device using AES-256 encrypted secure storage.
- Device and log data: IP address, browser or device type, operating system, and timestamps of requests. This data is collected by our hosting providers for security, abuse prevention, and reliability purposes.
- Usage analytics: aggregated and anonymized usage metrics collected through Vercel Analytics and Vercel Speed Insights to understand performance and feature adoption.
We do not use third-party advertising cookies, cross-site tracking, or sell personal information to advertisers.
2. How We Use Your Information
We use personal information to:
- Create and maintain your account, authenticate you, and provide the Service.
- Send transactional messages such as one-time sign-in links and email verification messages.
- Protect the Service against fraud, abuse, and unauthorized access.
- Analyze aggregated usage to improve performance, reliability, and features.
- Comply with legal obligations and enforce our Terms of Service.
Legal bases (GDPR). For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on the following legal bases under the General Data Protection Regulation:
| Purpose | Legal basis |
|---|---|
| Providing the Service and account management | Performance of a contract (Art. 6(1)(b)) |
| Security, abuse prevention, service improvement | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Optional communications | Consent (Art. 6(1)(a)) — you may withdraw at any time |
3. Who We Share Information With
We share personal information only with service providers that process it on our behalf, under contractual confidentiality and data-protection obligations:
- Supabase, Inc. — database, authentication, and backend infrastructure.
- Vercel, Inc. — web hosting and performance analytics.
- Google and GitHub — only if you choose to sign in with one of these providers.
- Email delivery providers — to send transactional messages such as sign-in links and verification emails.
We may also disclose personal information when required by law, valid legal process, or to protect the rights, property, or safety of Noydo, our users, or the public. We do not sell personal information.
4. International Data Transfers
Our service providers may process personal information in countries outside your country of residence, including the United States and the European Union. Where transfers leave the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and equivalent mechanisms offered by our sub-processors.
5. Data Retention
We retain personal information for as long as your account is active or as needed to provide the Service. When you delete your account, we remove your personal information from production systems within 30 days. Residual copies may persist in encrypted backups for up to 90 days before automatic deletion. We may retain limited information longer when required by law, for tax and accounting obligations, or to resolve disputes.
6. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you.
- Rectification — correct inaccurate or incomplete personal information.
- Erasure — request deletion of your account and associated personal information.
- Restriction — limit how we process your information in certain circumstances.
- Portability — receive your information in a portable, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
- Lodge a complaint — with your local data protection authority.
6.1 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, the purposes of collection, the categories of third parties we share it with, and to request deletion or correction of your information. You also have the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, email privacy@noydo.com from the address associated with your account. We will respond within the time limits required by applicable law.
7. Security
We use technical and organizational measures designed to protect personal information, including:
- Encryption of data in transit (TLS) and at rest where supported by our infrastructure.
- Passwordless authentication — Noydo never stores a password for your account. Sign-in links are single-use, time-limited, and bound to the email address that requested them.
- Row-Level Security (RLS) policies in our database to enforce per-user access control.
- Encrypted token storage on mobile devices (AES-256 via secure enclave).
- Restricted administrative access and audit logging.
No system can be guaranteed 100% secure. If you suspect your account has been compromised, contact us immediately at privacy@noydo.com.
8. Children's Privacy
The Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact privacy@noydo.com and we will delete it.
9. Cookies and Similar Technologies
We use only cookies and local storage that are strictly necessary for the Service, including authentication session cookies. We do not use advertising cookies or cross-site tracking. You can disable cookies in your browser, but some features of the Service may not function correctly without them.
For a detailed list of the cookies we set, their purpose, and how to control them, see our Cookie Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where required by law, provide additional notice (such as an in-app message or email). Your continued use of the Service after an update means you accept the revised Policy.
11. Contact Us
If you have questions, requests, or complaints about this Privacy Policy or our data practices, contact:
Noydo (operated by Oktay Kırık) Email: privacy@noydo.com