Eva app icon
EVA
Legal

Privacy Policy

Last Updated: March 2026

EVA

Eva respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you may have.

1. Who We Are

Eva is operated by:

Amatis Bilgi Teknolojileri A.Ş.

Novus Tower, 22nd Floor, 35530 Bayraklı / İzmir / Türkiye

Email: privacy@evacycle.app

2. What Data We Collect

Depending on how you use the app, we may collect:

  • Account information such as name, surname, email address, user ID, and date of birth
  • Profile and preference information such as language and notification settings
  • Cycle-related information such as period dates, cycle length, symptom logs, mood, flow, notes, biorhythm-related entries, and other user-entered wellness or health-related information
  • Subscription and transaction-related records
  • Device and technical information such as device model, operating system, app version, crash logs, identifiers, IP address, and session data
  • Usage data about how you interact with the app
  • Customer support communications and feedback

3. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Provide cycle tracking and personalized app features
  • Show phase-based recommendations, workouts, nutrition content, and related in-app experiences
  • Send reminders, notifications, and service messages
  • Manage subscriptions and purchases
  • Improve app performance, reliability, and security
  • Respond to support requests
  • Comply with legal obligations
  • Prevent fraud, abuse, and unauthorized access
  • Carry out marketing communications where permitted and, where required, based on consent

4. Health-Related Data

Some data you provide in Eva — such as period dates, symptoms, mood, flow, and similar entries — may be considered health-related or sensitive personal data under applicable laws. Under GDPR, data concerning health is treated as a special category of personal data under Article 9 and generally requires an applicable exception, most commonly explicit consent in consumer app settings. Under KVKK, such data is similarly treated as sensitive personal data requiring explicit consent.

5. Legal Bases

Where GDPR or KVKK applies, we rely on one or more of the following legal bases, depending on the processing activity:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests
  • Your consent
  • Explicit consent where sensitive or health-related data is processed

6. Sharing of Data

We may share data with:

  • Cloud hosting and infrastructure providers
  • Analytics, crash reporting, communication, and support service providers
  • Payment and subscription partners
  • Legal and regulatory authorities when required by law
  • Professional advisors where necessary

We do not sell your personal data.

7. International Data Transfers

Where your data is transferred outside your country or region — including outside the European Economic Area — we take appropriate legal, technical, and organizational safeguards as required by applicable law, including GDPR Chapter V transfer mechanisms where applicable.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

9. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Restrict or object to certain processing
  • Withdraw consent at any time where processing is based on consent
  • Request data portability where applicable
  • Lodge a complaint with the relevant supervisory authority

To exercise your rights, you may submit a written request to privacy@evacycle.app. We will respond in accordance with applicable law.

If you are located in Türkiye, you may also submit a complaint to the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu — KVKK). If you are located within the EU/EEA, you may contact the supervisory authority in your country of residence.

10. Security Standards & Compliance

Eva is committed to protecting your data with the highest standards of security and compliance. Our application and underlying infrastructure are designed in accordance with:

  • ISO 27001 — Information Security Management System
  • ISO 9001 — Quality Management System
  • ISO 13485 — Medical Devices Quality Management System
  • GDPR — General Data Protection Regulation
  • KVKK — Turkish Personal Data Protection Law
  • HIPAA — Health Insurance Portability and Accountability Act

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. Heightened safeguards are applied to sensitive and health-related data.

11. Children's Privacy

Eva is not intended for children under the age defined by applicable law in the relevant jurisdiction. If we learn that we have collected personal data from a child without appropriate authorization, we will take steps to delete that data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users through the app or by other appropriate means prior to the change taking effect.

13. Contact Us

If you have any questions or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@evacycle.app

Address: Amatis Bilgi Teknolojileri A.Ş., Novus Tower, 22nd Floor, 35530
Bayraklı / İzmir / Türkiye