This page summarises how Pilo (Wireless Remote) processes your personal data. The full KVKK / GDPR notice is at /legal/kvkk.html.
1) Data we collect
- Account: email, display name, locale, country code.
- Authentication: BCrypt password hash, or OAuth links (Google
sub, Facebookid, Applesub). If you use Apple's "Private Relay" we store the relay address. - Device: a hardware id (SHA-256 prefix of machine name + OS bits), platform, version, last-seen timestamp.
- Subscription & billing: the subscription id reported by the payment provider (Iyzico / Google Play / Apple / Microsoft), amount, currency, status. Pilo never stores card numbers — they live only at the provider.
- Telemetry: anonymous usage events (e.g.
social_login,device_added). We do not collect IP or GPS.
2) Why we process it
- Account creation, sign-in, device licensing (contract performance).
- Reconciliation with billing providers (legal obligation — bookkeeping).
- Product improvement (legitimate interest, identifier-free).
3) Social-login data flow
When you tap "Continue with Google / Facebook / Apple":
- Your browser (PC) or OS (Android) talks to the provider directly — Pilo never sees your provider password.
- The provider returns a signed identity token; our server only verifies the token and stores
provider,provider_id,email,display_name,avatar_url. - If the same provider + id appears again, we link to the existing account.
4) In-app purchase flow
| Provider | Flow | What Pilo receives |
|---|---|---|
| Iyzico (TR · web/PC) | Checkout iframe → card processor → server webhook | paymentId, amount, currency, status |
| Google Play (Android) | Play Billing → purchaseToken → verified server-side | token, productId, expiryTime |
| Apple StoreKit 2 (iOS) | StoreKit + ASSN V2 (signed JWS) | txn id, productId, expirationDate |
| Microsoft Store (Windows) | StoreContext receipt → server verification | storeId, anonymous user id |
Card data never reaches Pilo's servers. PCI-DSS scope sits with the provider.
5) Retention
- Account & devices: while active + 30 days after deletion request, then permanently anonymised.
- Invoices: 10 years (TR) / 7 years (EU) as required by tax law.
- Refresh tokens: max 30 days.
- Telemetry events: 90 days, then aggregated.
6) Your rights
- Access & portability:
GET /v1/me/exportor Settings → "Download my data" — full JSON dump. - Deletion:
DELETE /v1/me(in-app "Delete my account") — anonymised within 30 days. - Rectification: Settings → "Edit profile".
- Complaint: For Turkey, KVKK Authority; for the EU, your local DPA.
Contact: privacy@pilo.media