Important note for your region
United States: COPPA warning
Before collecting from a child under 13, COPPA can require direct parental notice and verifiable parental consent. Parents should be able to review, delete and stop further use.
US Federal Trade Commission (FTC)This short alert is not a complete statement of federal or state law.
1. Scope and controller
This policy covers www.nektar.dev, the Nektar mobile app, and connected support, waitlist, learning, community, Scanner and subscription features. Nektar is operated by Ömer Doğan (Nektar).
The Data Processing Notice summarises core processing and legal bases. Neither document is a consent form. A genuinely optional purpose that requires consent is presented as a separate choice.
2. Information we handle
- Account and profile: email, sign-in provider identifier, name, username, birth date, account status, exam and study preferences, and optional profile image or social links.
- Learning and community: answers, scores, progress, saved words, AI prompts and responses, feedback, messages, reports, and content you deliberately publish.
- Scanner: an image you select from the camera or library, the resulting analysis, and Scanner history linked to your account.
- Website forms: waitlist name, email, exam, language, source page, placement and, if allowed, attribution; contact message, optional email and basic device/browser details.
- Technical and commercial data: app version, device and operating system, network and security records, push token, crash data, consent signals, and subscription or purchase status.
- Consent-based site analytics: random visitor and session IDs, pathname only, query-free external referrer, section views, duration, visibility, screen size, browser details and interaction coordinates. The server stores a one-way IP hash rather than the plain IP.
3. Website analytics, cookies and advertising
Necessary language, region and privacy storage keeps the site working. Google Analytics, Nektar’s first-party site analytics and attribution load only with analytics permission. Meta Pixel and Google AdSense load only with marketing permission. Optional categories are off on the first visit and can be changed from Cookie settings in the footer.
Even when analytics is enabled, full URLs, general query parameters and fragments are not recorded; only allowlisted UTM campaign fields may be retained separately for attribution. This keeps password-recovery tokens and similar sensitive URL parts out of analytics. Optional tracking is disabled on admin, sign-in and password-reset routes.
4. Scanner and AI
When you use Scanner, the selected image may be uploaded to Nektar-controlled storage, sent to an AI provider such as OpenAI or Google Gemini for the analysis you request, and retained in your Scanner history. Camera permission does not provide continuous camera access; only media you select or capture for the feature is processed.
AI explanations may be incomplete, incorrect or biased. They are educational support, not professional advice or a guaranteed exam result. Nektar does not use stored scans to train its own models. A future model-development purpose would need a documented legal basis and, where required, a separate optional choice.
- Do not upload faces, identity documents, health data, confidential documents or another person’s personal information.
- Do not scan copyrighted exam books or private material you are not allowed to reproduce.
5. Providers, recipients and transfers
Depending on the feature, relevant data may be handled by Supabase for hosting and databases; OpenAI and Google Gemini for AI; Apple and Google for authentication and store services; Microsoft Clarity for app analytics; Google AdMob/AdSense and Meta for ads; Expo for notifications; Adapty for subscriptions; and related infrastructure providers.
Some providers may process data outside Türkiye or your country. Nektar must use the transfer route required by applicable law, such as an adequacy decision, standard contract, binding corporate rules, approved undertaking or another suitable safeguard. Consent is not a blanket substitute where another safeguard is required.
6. Retention, security and deletion
We aim not to retain data longer than needed for the purpose, account continuity, security, disputes, payments and legal records. Account and learning data is generally kept while the account is active. Scanner files and learning history may remain until you delete the item or account or request deletion, unless a documented shorter period applies.
The account-deletion flow removes account data and files under Nektar’s direct control. Store transaction records, short-lived security logs, backups or provider copies can follow separate legal and technical schedules. Access controls and transport protections are used, but no system can promise absolute security.
7. Children and teenagers
Enter the correct birth date. Rules vary by country. In the United States, collecting personal information from a child under 13 can require direct parental notice and verifiable parental consent. In Spain, consent-based processing for a child under 14 requires a parent or legal guardian. EEA and UK rules also call for age-appropriate explanations and high-privacy defaults.
A child ticking a statement for an adult is not verified parental permission. Do not create a younger user’s account or send sensitive information until the required guardian process is complete.
8. Choices and rights
You can change profile visibility, notifications and available app privacy choices in the app, and website cookie choices from the footer. Depending on local law, you may have rights of access, correction, deletion, restriction, portability, objection and complaint, and the right to withdraw consent without affecting earlier lawful processing.
Send requests to destek@nektar.dev. We may verify your identity proportionately before acting. Automated learning recommendations personalise study and do not make decisions with legal or similarly significant effects.
9. Changes
Where advance notice is required, material changes will be shown on the website, in the app or through another appropriate channel before they take effect. The date at the top identifies the current version.