KVKK DISCLOSURE TEXT
Last updated: June 1, 2026
Protecting the security, confidentiality, and integrity of the personal data of our users, visitors, and members is our highest priority.
This Disclosure Text has been prepared in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK") in Turkey, by Shellix Smart Solutions Bilişim Teknolojileri Yazılım İthalat ve İhracat Anonim Şirketi ("Shellix Bilişim A.Ş.") and our UK affiliate Mistikist LTD ("Mistikist UK") (collectively referred to as the "Group" or "We") acting as joint data controllers, to inform you transparently regarding the purposes, legal grounds, transfer conditions, and your rights concerning your personal data processed when using the Mistikist mobile application, website (mistikist.com), and related digital services.
DATA CO-CONTROLLERS INFORMATION
Shellix Smart Solutions Bilişim Teknolojileri Yazılım İthalat ve İhracat Anonim Şirketi ("Shellix Bilişim A.Ş.")
Mersis No: 0769152927300001
Address: Kötekli Mahallesi Denizli Yolu Bulvarı No:4B/23 Menteşe/MUĞLA, Turkey
Mistikist LTD ("Mistikist UK")
Company Number: 15705777
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Support Email: [email protected]
1. Personal Data We Process & Collection Method
Within the scope of the digital sensory wellbeing, deep focus, sleep, and meditation entrainment frequency services provided by Mistikist; personal data is collected directly from you (electronically when filling registration or billing fields) or automatically during your interaction with the mobile application or website:
- Identity Details: Name, surname, and gender (processed based on your explicit consent for profile personalization).
- Contact Details: Email address, phone number.
- Transaction & Billing Details: Purchased subscription tier, transaction history, and billing addresses (company title, tax ID, or identification number for individual invoices). Note: Detailed credit card variables are processed securely via 256-bit SSL encryption by our PCI-DSS compliant partner Aköde/Tosla. We do not store or save credit card numbers or security CVVs on our databases.
- Visual and Auditory Records: Optional profile photo and personal voice recordings uploaded for customized frequency playbacks.
- System Security & Telemetry Data: Login credentials, IP address, device model, operating system, session timings, and frequency playback stream logs.
2. Purposes and Legal Grounds of Processing
Your personal data is processed securely under the following legal bases set out in Article 5 of the KVKK:
- Activation of Premium packages, transaction collections, and e-mailing digital redemption keys.
- Customer support, responding to feedback, and resolving usage inquiries.
- Satisfying legal information requests from public authorities or regulatory agencies.
- Analytical evaluation of streaming latency and app optimization to enhance user experience.
- Cross-border data transfers to foreign cloud database nodes necessary to run the service.
3. Sub-Processors & Data Transfers
To maintain fluid, global, low-latency sensory wave streams and secure PCI-compliant checkouts, the Group partners with secure cloud infrastructure suppliers and financial sub-processors. Your data is transferred to:
- Hosting and Cloud Sub-Processors: Encrypted data variables are hosted outside of Turkey on secure servers operated by Google Cloud Platform (GCP), Google Firebase, Amazon Web Services (AWS), and Microsoft Azure. This cross-border transfer is necessary to run our service and is performed based on your explicit consent.
- Payment Gateways: Transaction details are processed securely by Stripe (for global USD/EUR/GBP billing under Mistikist LTD) and Aköde/Tosla (for TRY billing under Shellix Bilişim A.Ş.).
- Attribution, Analytics & Telemetry: Yurt dışı yerleşik AppsFlyer (mobile marketing attribution), Microsoft Clarity (user behavior session replays and heatmaps), and Google/Microsoft Analytics (aggregated traffic metrics and usage analysis).
- Legal Authorities: Regulatory entities, courts, and consumer arbitration boards in Turkey within the limits of statutory requests.
4. Your Rights Under Article 11 of the KVKK
As a data subject under Article 11 of the KVKK, you have the right to:
- Learn whether your personal data is processed,
- Request information if your personal data has been processed,
- Learn the purpose of the processing and whether data is used in accordance with its purpose,
- Know the third parties to whom personal data is transferred domestically or abroad,
- Request rectification of personal data if it is incomplete or incorrectly processed,
- Request deletion or destruction of personal data under the conditions laid down in Article 7 of the KVKK,
- Request notification of rectification, deletion, or destruction actions to third parties to whom data has been transferred,
- Object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
- Claim compensation for damages in case you incur loss due to unlawful processing of personal data.
To exercise your rights, you can submit your requests accompanied by identification credentials in writing to our registered corporate seat: Kötekli Mahallesi Denizli Yolu Bulvarı No:4B/23 Menteşe/MUĞLA, Turkey, or electronically via secure email to [email protected]. We will process your requests free of charge within 30 days.