VENIS PRIVACY POLICY

● Data Controller: Venis Development Team ● E-mail: venisfashionapp@gmail.com If Venis is incorporated as a legal entity in the future, the company name and address will be updated in this Policy.

When you use the App, we may process the following categories of personal data: 1. Identity / Account Data ○ Name and surname (if provided) ○ Username / display name ○ Age or year of birth (including approximate age range) ○ Gender (e.g. female / male / other / prefer not to say) 2. Contact Data ○ E-mail address 3. User Content ○ Photos you upload to the App for AI-powered virtual try-on ○ Profile picture (if any) ○ Clothing preferences, liked items, saved outfits or looks 4. Device and Usage Data ○ Device type, operating system, model, language, time zone ○ IP address, approximate location (country / city level) ○ In-app activity (screens viewed, taps, session duration) ○ Cookies and similar technologies (where applicable) 5. Technical Logs and Identifiers ○ Firebase-generated user / device identifiers ○ Crash and error logs (e.g. Crashlytics) ○ Session identifiers 6. Preference and Marketing Data ○ Notification preferences (push enabled/disabled) ○ Newsletter subscription information (if any) ○ Marketing and campaign consent status 7. Camera and Gallery Access Data ○ Photos taken or selected through the device camera or gallery for the purpose of virtual try-on or profile photo upload ○ Metadata that may accompany the image file (e.g. resolution, format) Sensitive Data: Venis processes the photos uploaded by users solely for the purpose of AI-powered virtual try-on. These photos are considered personal data and are protected under applicable data-protection laws. Venis does not process special categories of personal data or biometric data, and the photos are not used for identification, face recognition, or biometric analysis. All data are processed only to provide the service and are protected in accordance with privacy and security principles.

We process your personal data for the following purposes: Providing the Service and Managing Your Account ○ Enabling core App functions (swiping through outfits, discovering clothes, viewing recommendations) ○ Creating and managing your user account and authentication ○ Handling password reset and e-mail verification AI-Powered Virtual Try-On Feature ○ Sending the photos you upload to an AI model (e.g. Google Gemini API) in order to generate virtual try-on outputs ○ Generating outfit and size recommendations based on your preferences Camera and Gallery Access ○ Allowing you to take new photos or select existing photos for AI processing or profile customization ○ Using device permissions solely for capturing or choosing photos, without accessing or scanning unrelated media files App Improvement, Analytics and Performance ○ Understanding how the App is used (most visited screens, feature usage) ○ Detecting and fixing bugs, improving performance (e.g. using Firebase Analytics and Crashlytics) ○ Experimenting with new features and user experience improvements Security and Abuse Prevention ○ Detecting suspicious login or account activity ○ Preventing spam, fraud, abuse and security incidents ○ Moderating inappropriate content (e.g. nudity, hate, harassment) and enforcing our Terms of Use Communication and Marketing (Based on Your Consent, Where Required) ○ Sending in-app or e-mail notifications about updates, features and campaigns ○ Showing personalized content and recommendations Legal Compliance ○ Responding to lawful requests from authorities ○ Fulfilling record-keeping obligations under applicable law

Depending on the situation, we rely on the following legal bases: • Performance of a contract: To provide and operate the App and its core features. • Legitimate interests: To ensure App security, perform analytics, improve user experience, prevent abuse and protect our rights. • Compliance with legal obligations: To comply with lawful requests and mandatory record-keeping. • Your explicit consent: - For AI-powered photo processing and sending photos to AI providers outside Türkiye. - For camera and gallery access permissions to enable photo upload and try-on features. - For optional marketing communications and notifications. Details are provided in the Information Notice and Explicit Consent Statement.

We share your data only when necessary and with appropriate safeguards, in particular with: Service Providers / Data Processors • Google Firebase (Authentication, Firestore/Realtime Database, Hosting, Analytics, Crashlytics) • Google Gemini API or similar AI providers (AI virtual try-on / image processing) • Cloud hosting providers, e-mail and communication tools These providers act as data processors, meaning they process personal data on our behalf and in accordance with our instructions and agreements. Public Authorities • Courts, regulators and other authorities where required by law or in order to protect our rights or the rights of others. We do not sell your personal data to third parties.

Because we use cloud and AI services operated by companies such as Google, your personal data may be transferred to and stored on servers located outside Türkiye (and possibly outside your country of residence). Where required, we rely on: • Your explicit consent for international transfers, and/or • Appropriate contractual and technical safeguards made available by these providers. You can review the privacy policies of these providers (e.g. Google Firebase and Google Gemini) for more details about their data practices.

We keep your personal data only for as long as necessary for the purposes set out in this Policy, or as required by law. In particular: Account Data: Kept while your account is active. If you delete your account, we aim to remove or anonymize account-level data from our active systems within 30 days, subject to legal retention obligations. AI Photo Data: • On Venis systems, photos are intended to be stored only for the duration needed to perform the AI processing and provide the result, and then deleted within a reasonable technical timeframe. • Third-party providers (such as Google Gemini) may retain logs or security records for limited periods based on their own privacy policies. Camera and Gallery Data: Not stored beyond the period required for the specific upload or processing action. Venis does not access unrelated media or retain photo data permanently. Logs and Analytics Data: Retained typically for 12–24 months to ensure security, prevent abuse and analyze app performance. Marketing Data: Retained until you withdraw your consent or opt out, or after a reasonable period of inactivity. Once retention periods expire, data is deleted, anonymized, or retained in a restricted form where strictly necessary for legal reasons.

We implement technical and organizational measures designed to protect your personal data, including: • Encryption in transit (e.g. HTTPS) and, where possible, at rest • Access controls and authorization measures • Logging and monitoring of system activity • Confidentiality commitments from people who can access the data No security system is perfect, but we aim to maintain protection that is reasonable and appropriate to the nature of the data processed.

Subject to applicable law (including KVKK), you may have the right to: • Learn whether your personal data is being processed, • Request information about such processing, • Learn the purposes of processing and whether your data is used in line with those purposes, • Learn the third parties to whom your data is transferred, • Request correction of incomplete or inaccurate data, • Request deletion or destruction of your data under the conditions set out in the law, • Request that such correction/deletion be notified to third parties to whom your data was transferred, • Object to results that may arise to your detriment from analysis of your data solely via automated systems, • Request compensation for damages you suffer due to unlawful processing. To exercise these rights, you can contact us at venisfashionapp@gmail.com. We may need to verify your identity before responding.

The App is intended for users who are 18 years or older. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child contrary to applicable law, we will take steps to delete such data.

We may update this Policy from time to time. The most current version will be available within the App and/or on our website. If we make material changes, we may notify you via in-app notification or e-mail where appropriate.