Privacy Policy
Last updated: 3 May 2026 · Effective: 3 May 2026
Ascend: Monk Mode (the "App") is a personal-discipline and habit-building app developed by Berk Demirok ("we"). This policy explains what data we collect, how we use it, who we share it with, and your rights. By using the App you accept this policy.
1. Data We Collect
1.1 Information you provide
- Account info: email, name (optional). Provided via email/password or "Sign in with Apple". With Apple Sign-In you can hide your real email; in that case only Apple's relay address is stored.
- In-app content: chosen discipline path, lesson progress, quiz answers, streak (day count), XP, achievements, hearts, and optional written lesson reflections.
- Preferences: app language, sound on/off, notification preference.
1.2 Automatically collected
- Device identifiers: Apple Push Notification token (only if you enable notifications). App Store sandbox subscription validation data.
- Advertising identifier (IDFA): ONLY if you tap "Allow" in the App Tracking Transparency (ATT) prompt; Google AdMob then uses it for ad measurement. If you tap "Ask App Not to Track", your IDFA is not shared and you receive non-personalized ads only. Premium subscribers see no ad SDKs at all.
- Diagnostics: we currently do not run any crash-reporting or analytics SDK. If we add one we will update this policy and notify you in-app.
2. Data We Do NOT Collect
- Location (GPS or IP-based)
- Contacts, calendar
- Photos, video, camera, microphone
- Browsing history, data from other apps
- Sensitive financial data (card numbers, bank info). All purchases run through the Apple App Store; we have no access to payment instruments.
- Health data
3. How We Use Data
- Create your account and sync across devices
- Save and restore your progress
- Send a daily reminder push notification (only if you grant permission)
- Verify premium subscription status and gate content accordingly
- With ATT consent, show ads and measure ad performance (free users)
- Prevent abuse (e.g. mass account creation)
4. Third-Party Service Providers
We share the minimum data necessary with the following providers. Each is bound by its own privacy policy.
| Provider | Purpose | Data shared | Privacy policy |
|---|
| Supabase (hosted PostgreSQL, EU) |
User account, session, progress storage |
Email, password hash, app progress |
supabase.com/privacy |
| Apple App Store / Sign in with Apple |
Identity verification, in-app subscription |
Apple ID identity token, subscription receipt |
apple.com/legal/privacy |
| RevenueCat |
Subscription entitlement validation |
Anonymous app-user ID, subscription status |
revenuecat.com/privacy |
| Google AdMob (free users only) |
Banner / interstitial / rewarded ads |
IDFA if ATT granted; else only non-personalized signals (device class, OS version) |
policies.google.com/technologies/ads |
| Expo Application Services (EAS) |
Build & distribution pipeline (no user data shared) |
None |
expo.dev/privacy |
We do not sell your data for ad retargeting, email marketing, or data brokerage. Without ATT consent, AdMob ads remain non-personalized.
5. App Tracking Transparency (ATT)
We follow Apple's ATT policy. After you finish your first lesson, you'll see Apple's standard system dialog. If you tap "Ask App Not to Track" your IDFA is not shared; the App keeps working fully — just with generic ads. You can change this anytime in iOS Settings → Privacy & Security → Tracking. Premium subscribers see no ads regardless.
6. Data Retention & Location
- Account and progress data is stored in Supabase's EU (Frankfurt) region.
- If you delete your account, your Supabase user row and all related progress are irreversibly deleted within 30 days (cascade DELETE).
- We cannot delete subscription receipts that Apple stores on its own servers; for that, contact Apple directly.
7. Children's Privacy
The App is NOT directed at children under 13. We do not knowingly collect data from anyone under 13. If we learn that a child under 13 provided data, we delete the account. Report concerns to berkkdemirok@gmail.com.
8. Your Rights (KVKK / GDPR / CCPA-equivalent)
- Access: learn what data we hold about you
- Deletion: use Settings → Danger Zone → "Delete Account" in-app to wipe all server data instantly. Compliant with App Store Guideline 5.1.1(v) — server-side cascade DELETE.
- Correction: update your account info in-app or via support email
- Portability: request a JSON copy of your data via email
- Objection / restriction: disable notifications or ATT in iOS settings at any time
- Complaint: in Turkey, KVKK; in the EU, your local DPA; in California, your AG office
9. Security
Data is transmitted over HTTPS. Passwords are hashed by Supabase using bcrypt — nobody, including us, sees your plaintext password. Apple's infrastructure protects all payment data.
10. Policy Changes
If we change this policy we update the effective date and show an in-app notice for material changes. Email us for past versions.
11. Contact
Questions, requests, complaints: berkkdemirok@gmail.com
Data controller: Berk Demirok, Turkey