top of page

VIRCLE

Virtual Circle of Friends

Privacy Policy

Privacy Policy

Effective date: 01.10.2025

Introduction

This Privacy Policy explains how ITWORKED YAZILIM IC VE DIS TICARET LIMITED SIRKETI, operating the Vircle brand (“Vircle,” “we,” “us”), collects, uses, shares, and protects personal data when the Vircle iOS/Android apps and related services are used (the “Service”). By using the Service, this Policy and any updates communicated with notice are agreed.

Who we are

  1. Controller: ITWORKED YAZILIM IC VE DIS TICARET LIMITED SIRKETI, Dumlupinar Mah. Baris Sk. A Blok No: 7a Iç Kapi No: 29 Kadiköy / Istanbul, Türkiye.

  2. Contact: info@vircle.ai

  3. Governing language: English.

What we collect

  1. Account and identifiers: email, display name, authentication identifiers (Apple/Google/email), device and app identifiers.

  2. Usage and technical data: app interactions, logs, timestamps, device/OS version, crash diagnostics, IP address, coarse location inferred from IP, language, and settings.

  3. Content data: prompts/inputs, AI outputs, personas/character settings, feedback (e.g., ratings, reports).

  4. Transaction data: subscription tier, purchase confirmations, renewal status, and app‑store region; store‑provided payment metadata (no full card data is stored).

  5. Communications: support requests, abuse reports, legal and IP notices.

  6. Inferences: engagement metrics, feature usage patterns, and capped frequency signals for product operation, abuse prevention, and analytics.

What we do not seek to collect

  1. Special category data: health, biometric, racial/ethnic, political opinions, religious beliefs, sexual life, or similar sensitive data are not sought; voluntary disclosure in prompts should be avoided.

  2. Children’s data: eligibility follows app store minimums and applicable laws; the Service is not directed to children below those thresholds.

How we use data

  1. Provide and maintain the Service: authentication, session management, message routing, persona configuration, content delivery, troubleshooting, and support.

  2. Safety and integrity: abuse detection, spam/phishing/malware screening, rate limiting, fraud prevention, violation investigation, and legal compliance.

  3. Improve features and quality: performance tuning, crash analysis, product analytics, and UX research; prompts and outputs are excluded from model‑training by default.

  4. Communications: in‑app notices about features, policy updates, and critical incidents; optional service‑related emails where available.

  5. Legal: compliance with legal obligations, enforcing Terms, managing disputes, and responding to lawful requests.

AI, content, and training position

  1. AI outputs are generated by machine‑learning systems and may be inaccurate, offensive, or unreliable; they are provided for informational use and are not professional advice or a substitute for emergency services.

  2. Prompts and outputs are excluded from model training for all users; limited processing of data may occur for safety, debugging, reliability, analytics, and to operate core features as described here.

Legal bases (where applicable, e.g., EEA/UK)

  1. Contract: to provide the Service requested.

  2. Legitimate interests: safety, security, fraud prevention, service improvement, and analytics proportionate to user expectations.

  3. Consent: where required for optional features, notifications, or certain local requirements.

  4. Legal obligation: compliance with consumer, tax, and record‑keeping laws.

Data retention

  1. Active accounts: retained as long as needed to provide the Service.

  2. Inactive accounts: after 1 year of inactivity, only account identifiers and purchase records necessary for tax/compliance are retained, subject to lawful retention, backup, and legal‑hold exceptions.

  3. Logs and diagnostics: retained for operational and security purposes for a limited period consistent with this Policy and applicable law.

  4. Deletion: when an account is deleted in‑app, processing ceases for that account, subject to lawful retention, safety investigations, dispute resolution, and backup/legal‑hold exceptions.

Sharing and disclosures

  1. Service providers (processors): cloud hosting, authentication, analytics, crash reporting, content moderation, and model infrastructure, bound by contracts and confidentiality.

  2. App stores: Apple and Google receive transaction and subscription data and manage billing, renewals, and refunds.

  3. Compliance and safety: disclosures to law enforcement or authorities when legally required or necessary to protect users, the Service, or others.

  4. Corporate events: in mergers, acquisitions, or reorganizations, personal data may transfer in accordance with this Policy and applicable law.

  5. No sale of personal data: personal data is not sold. No sharing for cross‑context behavioral advertising where restricted by applicable law.

International transfers

  1. Data may be processed in countries where Vircle or service providers operate. Appropriate safeguards are used as required by law (e.g., contractual protections) and a risk‑based approach for international transfers.

Security

  1. Technical and organizational measures are applied, including encryption in transit and at rest, access controls, key management, audit logs, vulnerability management, and least‑privilege access. No method is 100% secure. Suspected incidents can be reported to info@vircle.ai.

User choices and controls

  1. Account settings: manage profile, personas, and, where available, certain privacy preferences.

  2. Access and deletion: in‑app account deletion is available; data subject rights requests can be sent to info@vircle.ai.

  3. Communications: control store‑level notifications and, where enabled, in‑app or OS notification permissions.

  4. Sensitive content: avoid entering sensitive personal data in prompts or profiles.

Regional rights (illustrative, non‑exhaustive)

  1. EEA/UK: rights to access, rectification, erasure, restriction, portability, and objection where applicable; right to lodge a complaint with a supervisory authority.

  2. California and similar jurisdictions: rights to know, delete, correct, and to opt‑out of certain disclosures; non‑discrimination for exercising rights. No sale or sharing for cross‑context behavioral advertising as defined by applicable law.

  3. Türkiye: rights under applicable Turkish data protection and consumer laws, including applications to the data controller and complaint rights to the competent authority.

Children

  1. Eligibility follows app store minimums and local law. Where a jurisdiction requires parental consent for minors, such consent should be obtained and supervised use ensured. The Service is not intended for children below the applicable thresholds.

Cookies and tracking

  1. The mobile apps primarily rely on device identifiers and SDK‑based analytics/crash telemetry rather than browser cookies. Platform‑level identifiers and SDKs may capture usage, diagnostics, and performance metrics to operate and improve the Service.

Third‑party links and content

  1. The Service may reference third‑party content or links. Those parties’ privacy practices are not controlled, and their policies should be reviewed for details.

User responsibilities

  1. Do not include sensitive or unlawful content in prompts.

  2. Maintain account security and comply with the Acceptable Use rules described in the Terms.

  3. Use discretion with public sharing of personas or chats if/when enabled.

Changes to this Policy

  1. Material changes will be communicated with at least 15 days’ notice via in‑app notice and/or website posting (and email where available). Continued use after the effective date indicates acceptance; discontinuation before that date is an available option.

Contact

  1. Controller: ITWORKED YAZILIM IC VE DIS TICARET LIMITED SIRKETI

  2. Address: Dumlupinar Mah. Baris Sk. A Blok No: 7a Iç Kapi No: 29 Kadiköy / Istanbul, Türkiye

  3. Email: info@vircle.ai

Language and interpretation

  1. This Privacy Policy is provided in English and governs in case of any translation discrepancy.

Optional add‑ons to confirm or adjust

  1. Data subject request SLA (e.g., respond within 30 days where required).

  2. SDK/vendor list disclosure style: categorical in the Policy, with a live list linked in‑app or on the website for transparency.

  3. Data residency note: indicate main hosting region(s) if preferred (e.g., EU region for EU users, multi‑region otherwise).

  4. Incident notifications: add a dedicated status page link if one will be used for security or availability incidents.

bottom of page