← Back to Home
Privacy Policy and Data Protection Notice
Last Updated: July 21, 2025
Effective Date: July 21, 2025
INTRODUCTION
This Data Protection Notice has been prepared by Barış Öztürk ("Data Controller"), the developer of the Growo mobile application. This notice provides information about the processing of your personal data within the scope of the Growo application in accordance with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Children's Online Privacy Protection Act (COPPA)
- Turkish Personal Data Protection Law (KVKK)
- Other applicable international data protection laws
DEFINITIONS
In this document:
- Personal Data: Any information relating to an identified or identifiable natural person
- Special Category Personal Data: Health, genetic, biometric data and other sensitive information as defined in data protection laws
- Processing: Any operation performed on personal data (collection, recording, storage, modification, transfer, deletion, etc.)
DATA CONTROLLER
This notice has been prepared by the data controller Barış Öztürk, developer of the Growo mobile application.
Data Controller Information:
- Name: Barış Öztürk
- Email: info@usegrowo.com
USER SCOPE
The Growo application can only be used by individuals aged 18 and over (parents). Users register their children's data to Growo as guardians and give explicit consent for the processing of this data.
COPPA Compliance: This is a parental application. Children don't use the app directly. Parents control all data as legal guardians.
DATA PROCESSING PURPOSES
GDPR Legal Basis: Article 6(1)(a) Consent, Article 9(2)(a) Health data consent
CCPA Notice: We don't sell personal information
- Provide age-appropriate content
- Conduct development tracking and health analysis
- Personalize application usage
- Improve performance and develop new features
- Fulfill legal obligations
- Provide AI-assisted food content analysis and developmental reference comparisons (not medical advice)
PROCESSED PERSONAL DATA
1. Parent (User) Data:
- Identity: Name, surname
- Contact: Email address, phone number
- Account: User ID, password (encrypted)
- Demographic: Age, profession, country
- Consent information
2. Child Data (Processed as Guardian):
Basic Information:
- Name, date of birth, gender
- Birth information (birth week, birth type, incubator information)
- Parental height information
Measurement Data:
- Height (value, percentile, Z-score)
- Weight (value, percentile, Z-score)
- Head circumference (value, percentile, Z-score)
- BMI (value, percentile, Z-score)
- Body composition (fat, muscle, water, bone ratios)
Health Tracking:
- Disease records: disease name, start and end date, symptoms, treatments, notes
- Medications used: medication name, dosage, frequency, usage status
- Vaccination status and tracking
- Hospital control appointments and results
Daily Tracking:
- Water consumption: daily amount and statistics
- Sleep tracking: sleep start and end times, total sleep duration
- Nutrition tracking: daily meals, calorie information and special notes
Development Information:
- Physical, mental, language and social-emotional development tracking
3. Application Usage and Artificial Intelligence Data:
- Technical: IP address, device information
- Behavioral: Application usage preferences and purposes
- AI Interactions: Conversations with AI assistants and child data shared in these conversations (name, age, gender, measurement results)
- Visual: Photos uploaded for food analysis (processed temporarily and deleted after analysis)
DATA PROCESSING METHODS
- Collection: User forms, visual uploads, AI chat interface
- Processing: Evaluation with artificial intelligence and analysis algorithms
- Storage: Secure servers on Supabase infrastructure
- Deletion: Images are automatically deleted after processing
- Inactive Accounts: Deleted after 2 years
DATA SECURITY
Technical Measures:
- SSL/TLS encryption
- Access control
- Regular backups
Administrative Measures:
- Confidentiality agreements
- Access logs
- User information protocols
DATA TRANSFERS
Domestic:
- Authorized institutions and organizations
- Legal obligations
- Service providers (with confidentiality agreement)
International (with necessary security measures):
- Google Gemini AI: For food analysis and AI chat features
- Supabase: Data storage and management
- RevenueCat: Subscription status and payment information
- Apple/Google: Authentication systems
For users located in the European Economic Area, compliance with EU GDPR is also ensured.
USER RIGHTS
According to applicable data protection laws, users have the right to:
- Learn whether personal data is processed
- Obtain information about processed data
- Request correction or deletion of data
- Object to data transfers
- Object to profiling or automated decisions
- Request data portability
EU Users: Right to withdraw consent, data portability, supervisory authority complaint
California Users: Right to know, delete, opt-out, non-discrimination
All requests: info@usegrowo.com
DATA RETENTION AND DESTRUCTION
Retention Periods:
- Account information: Until account deletion
- Health data: During active usage
- Photos: Immediately deleted after analysis
- Log records: 2 years
- Payment data: 5 years (legal obligation)
Destruction Processes:
- Periodic destruction every 6 months (June and December)
- Deletion, destruction, anonymization methods
- Every operation is recorded and kept for 3 years
- Account deletion request: Fulfilled within 30 days
EXPLICIT CONSENT DECLARATION
Within the scope of this Data Protection Notice, I accept that I give explicit consent to:
- Processing of my personal data,
- Processing of my special category data (health, etc.),
- Domestic and international transfers,
- Use in profiling and automated analysis systems
I also declare that I consent to the processing of my child's data, of whom I am the guardian, within the same scope.
CONTACT
For all applications and questions within the scope of data protection:
📧 Email: info@usegrowo.com
DATA BREACH PROCEDURE
- Notification to relevant authorities within 72 hours of breach detection
- Email notification to affected users
- Impact analysis and system improvements implementation
PROFILING AND AUTOMATED DECISIONS
⚠️ FDA Notice: Not a medical device. Not evaluated by regulatory authorities.
The artificial intelligence assistants within the application may provide automatic evaluations and reference comparisons based on the data provided. These outputs are absolutely not medical advice and are for informational purposes only. Users must consult with an authorized healthcare professional before making any medical decisions based on these automated outputs.
Last Updated: July 21, 2025
Effective: July 21, 2025