Privacy Policy

Last updated: 30 May 2026

alprys ("we", "us", or "the Services") operates https://alprys.com and all related websites, applications, APIs, and subdomains now or in the future.

This Privacy Policy explains how personal data is collected, stored, used, transferred, and protected when you use any alprys Service. It has been prepared in accordance with the General Data Protection Regulation (GDPR) of the European Union and the Law on the Protection of Personal Data No. 6698 (KVKK) of the Republic of Turkey, as well as applicable policies of third-party services including Google AdSense. By using the Services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

1. Data Controller

For the purposes of the GDPR and KVKK, the data controller responsible for your personal data is alprys, reachable via https://alprys.com/contact. As a data controller, alprys determines the purposes and means by which your personal data is processed.

2. Information We Collect

2.1 Information You Provide

You may voluntarily provide information when you create or use an account, authenticate using third-party providers, contact us, or use features that require identification. This may include:

• Email address (received from your chosen authentication provider)
• Username or account identifier
• Profile information, such as a display name or profile picture, as provided by your authentication provider
• Messages or support requests submitted through our contact channels

2.2 Account & Authentication Data

alprys operates a passwordless account system. We do not collect, store, or process passwords at any point. Authentication is performed exclusively through third-party OAuth providers. When you create or use an account, we may store:

• Encrypted email address as received from your authentication provider
• Authentication provider identifier and linked provider information
• Account creation timestamp
• Account last-updated timestamp
• Last login timestamp
• Internal account metrics, such as experience points or activity counters
• Profile data received from authentication providers, including profile picture URLs

Sensitive identifiers, including email addresses, are stored exclusively in encrypted form and are never exposed in plaintext within our systems.

2.3 Technical & Device Information

For the purposes of security, abuse prevention, fraud detection, and system integrity, we may collect and store limited technical information. This constitutes personal data under applicable law and is handled accordingly:

• Encrypted IP address (current and/or most recent login IP)
• Encrypted operating system information
• Encrypted browser name and version
• Login timestamps and session activity metadata

This data is processed on the legal basis of legitimate interests (Article 6(1)(f) GDPR; KVKK Article 5(2)(f)) in protecting the integrity and security of our platform and its users.

2.4 Uploaded Content & Files (File Transfer Service)

The Services include a file transfer feature that allows users to upload and share files. The following conditions apply to all uploaded content:

• Files are stored temporarily and are subject to automatic deletion after a defined retention period, which may vary by service tier or feature.
• Files may also be deleted manually by the user, by alprys for operational or legal reasons, or automatically upon expiry.
• alprys does not routinely inspect the content of uploaded files, but reserves the right to do so when required by law, for abuse prevention, or to enforce these policies.
• You are solely responsible for ensuring that any content you upload complies with applicable law and these policies. You must not upload content that is unlawful, infringing, harmful, or otherwise prohibited.
• By uploading files, you grant alprys a limited, temporary licence to store and transmit that content solely for the purpose of providing the file transfer service.

2.5 Automatically Collected Data

We may automatically collect non-directly-identifying data for analytics and service improvement purposes, including:

• Pages visited and actions taken within the Services
• Referring URLs and navigation paths
• Approximate geographic location at country or region level
• Session duration and feature usage statistics

3. Legal Bases for Processing

Under the GDPR and KVKK, we process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to provide you with the Services you have requested (GDPR Art. 6(1)(b); KVKK Art. 5(2)(c)).
• Legitimate interests: Processing for security, fraud prevention, and service improvement where your interests do not override ours (GDPR Art. 6(1)(f); KVKK Art. 5(2)(f)).
• Consent: Where processing is based on your consent, including for personalised advertising through Google AdSense (GDPR Art. 6(1)(a); KVKK Art. 5(1)). You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws and regulations (GDPR Art. 6(1)(c); KVKK Art. 5(2)(ç)).

4. Cookies & Advertising

alprys uses cookies and similar tracking technologies to maintain user sessions, preserve preferences, ensure security, and deliver and measure the performance of advertisements.

We use Google AdSense, a third-party advertising service provided by Google LLC. Google AdSense may use cookies, web beacons, and similar technologies to collect data about your visits to this and other websites in order to display personalised advertisements. This constitutes the transfer of data to Google and may involve the processing of personal data for advertising profiling purposes.

Specifically, Google AdSense may:

• Use the DoubleClick cookie to serve ads based on your prior visits to our website and other sites on the internet.
• Combine data collected via cookies with data from your Google account, if you are signed in to Google.
• Share aggregated, non-personally-identifying statistics with advertisers.

You may opt out of personalised advertising by visiting Google's Ads Settings or by visiting www.aboutads.info. You may also manage or disable cookies through your browser settings; however, doing so may affect the functionality of certain features.

Where required by applicable law, including the GDPR and the ePrivacy Directive, we will request your explicit consent before placing non-essential cookies on your device.

5. How We Use Information

We use the personal data we collect for the following purposes:

• Operating, maintaining, and delivering the Services
• Authenticating users and managing account access
• Providing customer support and responding to communications
• Securing our systems and preventing unauthorised access, abuse, and fraud
• Analysing usage patterns to improve features and performance
• Complying with applicable legal obligations
• Displaying advertisements through Google AdSense where applicable
• Enforcing our Terms of Service and other applicable policies

6. Data Sharing & Third-Party Disclosure

We do not sell, rent, or trade your personal data to any third party for commercial purposes. Personal data may be disclosed only in the following limited circumstances:

• Authentication providers: When you log in via a third-party provider, that provider's privacy policy governs the data shared with us through the authentication process. The third-party provider options on alprys are limited to Google, Twitter, Discord, GitHub and Spotify from which the user may pick the third-party provider of choice during the authentication process.
• Google AdSense: As described in Section 4 above, Google may receive data in connection with the delivery of advertisements.
• Legal compliance: We may disclose data to competent authorities when required by applicable law, judicial order, or regulatory obligation under Turkish law or the laws of any jurisdiction with legitimate authority.
• Protection of rights: We may disclose data when necessary to protect the rights, property, or safety of alprys, its users, or the public.
• Service providers: We may engage trusted service providers (such as hosting or infrastructure providers) who process data on our behalf and are bound by appropriate data processing agreements.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of Turkey or the European Economic Area (EEA), including by Google in connection with AdSense and authentication services. Where such transfers occur, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, or the adequacy decisions recognised under Turkish KVKK, to ensure that your data receives an adequate level of protection.

8. Data Security

We implement reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include, but are not limited to:

• Encryption of sensitive fields such as email addresses and IP addresses at rest
• Secure transmission of data via HTTPS/TLS
• Access controls limiting who within our systems may access personal data
• Regular review of security practices and infrastructure

Notwithstanding the above, no system is entirely immune to risk. We cannot guarantee absolute security, and we encourage users to exercise appropriate caution when sharing information online.

9. Children's Privacy

alprys does not knowingly collect or process personal data from individuals under the age of 13. The Services are not directed at children. If we become aware that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will take immediate steps to delete such data. If you believe a child under 13 has submitted personal data to us, please contact us at https://alprys.com/contact.

10. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for operational, legal, security, and compliance purposes. Specifically:

• Account data is retained for the duration of your account's existence and deleted within a reasonable period following account deletion.
• Uploaded files are retained temporarily and deleted automatically upon expiry or sooner if requested or required.
• Technical and security data (such as IP addresses) are retained for a limited period sufficient for security and fraud prevention purposes.
• Legal hold data may be retained beyond the above periods where required by applicable law or ongoing legal proceedings.

11. Your Rights

Subject to applicable law, you may have the following rights with respect to your personal data:

• Right of access (GDPR Art. 15; KVKK Art. 11(b)–(c)): The right to obtain confirmation of whether we process your data and to receive a copy of it.
• Right to rectification (GDPR Art. 16; KVKK Art. 11(d)): The right to request correction of inaccurate or incomplete data.
• Right to erasure (GDPR Art. 17; KVKK Art. 11(e)): The right to request deletion of your personal data where no longer necessary or where consent is withdrawn.
• Right to restriction of processing (GDPR Art. 18): The right to request that we limit how we use your data in certain circumstances.
• Right to data portability (GDPR Art. 20): The right to receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Right to object (GDPR Art. 21; KVKK Art. 11(f)): The right to object to processing based on legitimate interests, including profiling for advertising purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: You have the right to lodge a complaint with your relevant supervisory authority. In Turkey, this is the Kişisel Verileri Koruma Kurumu (KVKK) at www.kvkk.gov.tr. EEA residents may contact their national data protection authority.

To exercise any of these rights, please contact us via https://alprys.com/contact. We will respond to valid requests within the timeframes required by applicable law.

12. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices, services, or applicable law. The date of the most recent revision will always be indicated at the top of this page. Where changes are material, we will endeavour to provide reasonable notice. Continued use of the Services following the effective date of an updated policy constitutes your acceptance of that policy.

13. Contact

For any privacy-related questions, requests, or concerns, please contact us at https://alprys.com/contact.