Adiso · Version 1.0.0 · Effective Date: April 2026
Privacy Policy
1.Data Controller
This Privacy Policy has been prepared by HESAPP LTD ("Company", "we", "our"). Under the Personal Data Protection Law No. 6698 ("KVKK") and the UK General Data Protection Regulation ("UK GDPR"), our Company acts as the Data Controller.
HESAPP LTD
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom
Email: admin@adiso.app
2.Who Does This Policy Cover?
This Privacy Policy applies to all persons who use the Adiso mobile application, website, or any of our services. By using our services, you acknowledge that you have read and understood this Policy.
3.Personal Data We Collect
3.1 Account Information
- •Username (handle)
- •Email address
- •Encrypted password data (never stored in plain text)
- •Profile photo (optional)
- •Camera and photo library access (for receipt scanning)
3.2 Usage Data
- •IP address
- •Device type and operating system
- •App session duration and navigation data
- •Error and crash reports
3.3 Transaction Data
- •Created receipt records and related metadata
- •Spending categories and tags
- •Shared bill data
3.4 Communication Data
- •Customer support requests and correspondence
3.5 Technical Data
- •Cookie and session identifiers
- •Push notification tokens (if consent is given)
- •Location data (only if explicitly permitted)
Receipts you choose to share on Adiso are visible to all users of the platform and may appear in in-app search results.
4.Purposes and Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract |
| Service delivery and receipt management | Performance of a contract |
| Customer support | Performance of a contract |
| Security, fraud detection and prevention | Legitimate interests |
| Service quality analysis and improvement | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
| Marketing and promotional communications | Consent |
| Sending push notifications | Consent |
5.Data Retention Periods
Personal data is retained for the period required by the processing purpose and applicable legal retention obligations:
- •Account data: For as long as the account is active; up to 3 years after account closure.
- •Transaction data: 7 years from the date of the last transaction (required by tax and accounting regulations).
- •Usage and technical data: 12 months.
- •Customer support records: 2 years from resolution of the request.
- •Marketing consent records: Until consent is withdrawn, or 3 years from the last interaction.
Upon expiry of the retention period, data is securely deleted or anonymised.
6.Data Transfers
Your data is shared only with the following categories of recipients and only to the extent necessary:
- •Infrastructure and cloud services: Server hosting, database, and file storage (e.g. AWS, Render).
- •OCR and image processing services: Used to extract text from receipt photos; minimum data required.
- •Analytics services: App performance and error monitoring (anonymised or non-personally identifiable data preferred).
- •Competent public authorities: Where legally required.
When your data is transferred outside Turkey or the United Kingdom, standard contractual clauses or equivalent safeguard mechanisms under UK GDPR and KVKK are applied.
Your personal data is never sold to third parties.
7.Your Rights
Under Article 11 of KVKK and UK GDPR, you have the following rights:
- •Right to be informed: Learn whether and how your personal data is being processed.
- •Right of access: Request access to your processed personal data.
- •Right to rectification: Request correction of inaccurate or incomplete data.
- •Right to erasure (right to be forgotten): Request deletion of your data under certain conditions.
- •Right to restriction: Request that processing be halted under certain conditions.
- •Right to data portability: Receive your data in a structured, machine-readable format.
- •Right to object: Object to processing based on legitimate interests or direct marketing.
- •Rights related to automated decision-making: Request human review of decisions made solely by automated processing.
- •Right to withdraw consent: Withdraw consent at any time for consent-based processing.
- •Right to lodge a complaint: Users in Turkey may apply to the Personal Data Protection Authority (KVKK); users in the UK may apply to the Information Commissioner's Office (ICO).
To delete your account, go to Profile → Settings → Delete Account within the app. Your data will be permanently removed within 30 days, subject to the legal retention periods in Section 5. You may also request deletion by emailing admin@adiso.app.
To exercise any other rights, please email admin@adiso.app. Requests will be responded to within 30 days.
8.Cookies and Similar Technologies
Adiso uses session cookies that are essential for the service to function. Analytical or marketing cookies are only activated after your explicit consent. You can manage your cookie preferences in the app settings.
9.Data Security
The following technical and administrative measures are in place to protect your personal data:
- •TLS/HTTPS encryption in transit.
- •Passwords stored using strong one-way hashing algorithms.
- •Role-based access control; access limited to authorised personnel only.
- •Regular security updates and dependency audits.
- •Data breach response plan; notification to authorities and affected individuals within the legally required timeframe (72 hours).
No system is completely secure. We recommend using a strong, unique password and not sharing it with anyone.
10.Children's Privacy
Adiso is not directed at children under the age of 13 and does not knowingly collect personal data from them. Users aged 13–18 must use our services with parental or guardian consent. If you have a concern in this regard, please contact us.
11.Changes to This Policy
We may update this Privacy Policy from time to time. In the event of significant changes, advance notice will be given via an in-app notification or email. Continued use of our services after changes take effect constitutes acceptance of the updated Policy.
12.Contact
For any questions, requests, or complaints regarding our privacy practices:
- •Email: admin@adiso.app
- •App: Adiso — adiso.app
- •Address: HESAPP LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
This document is legally binding.
© 2026 HESAPP LTD. All rights reserved.