VENT
Privacy Policy
Last Updated: March 19, 2026
1. Introduction
This Privacy Policy explains how Vent ("we", "our", or "us") collects, uses, and protects your information. We value your privacy and are committed to keeping your data safe.
2. Data Collection
We collect the following types of data to provide and secure the service:
- Account Data: Sign-in provider, user ID, email address, and optional phone verification data.
- Profile Data: Username, avatar, bio, language, and related profile settings.
- Chat Data: Messages and chat metadata are processed for functionality, safety, moderation, and abuse prevention. Active chats are designed to expire after a short period, but safety, fraud, billing, or operational records may be retained for a limited time where needed.
- Device, Diagnostics, and Crash Data: Device/platform details, app version, and diagnostics used to maintain app stability.
- Analytics and Service Events: Limited product usage events such as screen views, matching flow events, session duration, and safety events may be processed only when the relevant consent setting is enabled.
- Advertising Identifiers: Used by advertising SDKs where applicable and subject to platform permissions and consent flows.
3. Third-Party Services
We use trusted third-party services that may collect data on our behalf:
- Google Firebase: For authentication, database, notifications, analytics, and crash reporting.
- Google AdMob: For displaying advertisements, subject to consent and platform permissions where required.
- Apple App Store / Google Play: For subscription billing and transaction processing.
4. Data Security
Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols for security.
Data Sharing
We do not sell your personal messages, private conversations, profile data, or user-level behavioral data.
- We do not sell personal data or user-level sensitive conversation data.
- We may use aggregated and de-identified internal reporting to operate, secure, and improve the service.
- We may disclose information where required by law, to prevent abuse, or to protect users and the platform.
5. Data Retention
We retain data for different periods depending on its purpose:
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Active Chat Messages | 48 hours | Service provision |
| Closed Chat Metadata | 30 days | Fraud prevention |
| Analytics Events | 90 days | Performance improvement |
| Moderation Logs | 180 days | Security & legal obligations |
| User Reports | 1 year | Security & legal obligations |
| Payment Records | 7 years | Tax regulations (Turkish VUK 213) |
| Account Profile Data | Until account deletion | Service provision |
Data is automatically deleted or anonymized after these periods.
6. B2B Data Sharing & Commercial Use
IMPORTANT: Vent does not currently operate a public B2B data product. We never sell your chat messages, personal conversations, or identifiable personal information.
6.1. What We Share
If this layer is activated in the future after privacy and legal readiness is complete, we may share fully anonymized and aggregated (group-level) statistics with business partners:
- Trend data (e.g., "15% increase in anxiety-related conversations")
- Category statistics (including mental health, addiction, trauma - fully anonymized)
- Urgency level distributions (high/medium/low percentages)
- Regional/language distributions
- Platform metrics
- Processed chat content with PII removed (emails, phones, names, URLs replaced with [redacted])
6.2. What We NEVER Share
- ❌ Individual user behaviors or identifiable user IDs
- ❌ Raw chat message content containing PII
- ❌ Personal information (email, phone, real name, location)
- ❌ Groups smaller than 25 people (re-identification risk)
- ❌ Match/partner information (who talked to whom)
6.3. Privacy Safeguards
Any future commercial data sharing would require all of the following safeguards:
- ✅ Minimum sample size of 25 (k-anonymity)
- ✅ PII scrubbing (email, phone, handles, URLs → [redacted])
- ✅ No individual user traceability
- ✅ DPA (Data Processing Agreement) with business partners
7. GDPR & KVKK Rights
For Turkish citizens (KVKK Law 6698) and EU/EEA citizens (GDPR), you have the following rights:
- Right to Access: Learn if your data is processed and access it
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete your data (except legal retention periods)
- Right to Data Portability: Receive data in machine-readable format
- Right to Object: Object to certain data processing activities
- Right to Withdraw Consent: Withdraw analytics/ad consent anytime
Data Controller Information:
Company: [COMPANY NAME]
VERBİS Registration No: [PENDING - will be added after registration]
Address: [ADDRESS]
Email: privacy@vent.fit
Requests will be processed within 30 days. Send requests to privacy@vent.fit.
8. Data Deletion
You can request deletion of your account and associated data by using the in-app delete flow or by visiting our Data Deletion page. Some limited records may be retained for fraud prevention, billing, legal compliance, or security investigations where required.
9. Contact Us
If you have any questions about this Privacy Policy, please contact us at: