Privacy Policy
Last updated: April 4, 2026 · Effective immediately
1. Overview
Wivo(“we”, “our”, or “us”) operates the website wivo.life and the Wivo health-data platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with our waitlist or any future services.
We are committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Turkish Law on the Protection of Personal Data (KVKK) No. 6698. By submitting your email address through our waitlist form, you acknowledge that you have read and understood this policy.
2. Data We Collect
We currently collect the following categories of personal data:
| Category | Example | How collected |
|---|---|---|
| Email address | you@example.com | Waitlist signup form |
| IP address | 203.0.113.0 | Automatically on every request |
| reCAPTCHA score | 0.9 | Google reCAPTCHA v3 on form submit |
| Referrer / URL | wivo.life/?ref=instagram | Browser HTTP headers |
We do not collect health data, payment information, or any special-category personal data at this stage.
3. Purpose & Legal Basis
We process your personal data only for the purposes listed below. Each processing activity has an identified lawful basis under GDPR Article 6 and KVKK Article 5.
Waitlist management
Sending you an invitation email when early access becomes available.
Consent (GDPR Art. 6(1)(a) · KVKK Art. 5/1)
Security & fraud prevention
Rate-limiting, bot detection via reCAPTCHA, and IP-based abuse prevention.
Legitimate interests (GDPR Art. 6(1)(f) · KVKK Art. 5/2(f))
Service improvement
Aggregated, anonymised analytics to understand traffic patterns.
Legitimate interests (GDPR Art. 6(1)(f))
Legal compliance
Retaining records as required by applicable law.
Legal obligation (GDPR Art. 6(1)(c) · KVKK Art. 5/2(ç))
4. Data Retention
We retain your email address for as long as necessary to manage the waitlist and notify you of product availability — typically no longer than 24 months from the date you joined.
You may request deletion of your data at any time (see Contact Us). Upon launch of the live product, a separate retention schedule will govern user account data and health metrics, and an updated privacy policy will be issued.
IP addresses collected for security purposes are retained for a maximum of 90 days in server logs, after which they are automatically purged.
6. Security
We implement appropriate technical and organisational measures to protect your data:
- ✓HTTPS (TLS 1.2+) enforced on all connections with HSTS preload
- ✓API keys and secrets stored as environment variables, never in source code
- ✓Same-origin CORS policy on all API endpoints
- ✓IP-based rate limiting to prevent brute-force and enumeration attacks
- ✓Non-root container execution with read-only filesystem where possible
- ✓Access restricted to authorised personnel only
No method of electronic transmission or storage is 100% secure. In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Article 34 and KVKK Article 12.
7. Your Rights
Under the GDPR and KVKK, you have the following rights regarding your personal data. To exercise any of these rights, please contact us at privacy@wivo.life. We will respond within 30 days.
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Have your personal data deleted ("right to be forgotten").
Right to Restriction
Ask us to restrict processing of your data in certain circumstances.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests at any time.
Right to Withdraw Consent
Withdraw consent at any time without affecting prior lawful processing.
Right to Lodge a Complaint
File a complaint with your supervisory authority (CNIL, ICO, KVKK Board, etc.).
8. KVKK — Turkish Data Subjects
If you are located in Turkey, your personal data is also protected by the Kişisel Verilerin Korunması Kanunu (KVKK) No. 6698. In addition to the rights described above, you have the right to:
- ›Learn whether your personal data is being processed (KVKK Art. 11/a)
- ›Request information on the purpose and method of processing (Art. 11/b)
- ›Know third parties to whom data is transferred (Art. 11/ç)
- ›Request correction of incomplete or inaccurate data (Art. 11/d)
- ›Request deletion or destruction of data (Art. 11/e)
- ›Object to processing that causes adverse effects through automated means (Art. 11/g)
- ›Request compensation for damages arising from unlawful processing (Art. 11/ğ)
The data controller within the meaning of KVKK is Wivo. Applications regarding KVKK rights must be submitted in writing or via secure electronic means to privacy@wivo.life. We will respond within 30 days. If your application is rejected or you find the response unsatisfactory, you may apply to the Personal Data Protection Authority (KVKK Kurumu).
Aydınlatma Metni (Bildirim Yükümlülüğü)
KVKK Madde 10 kapsamında: Kişisel veriniz (e-posta adresiniz), erken erişim bekleme listesi amacıyla, açık rızanıza dayanılarak işlenmektedir. Verileriniz yalnızca yukarıda belirtilen alt işleyicilere aktarılmakta olup Wivo tarafından veri sorumlusu sıfatıyla privacy@wivo.life adresi üzerinden yönetilmektedir.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on this page with a revised “Last updated” date. Where required by law, we will notify you by email.
Your continued use of our website after any changes constitutes your acceptance of the revised policy.
11. Contact Us
For any questions about this Privacy Policy, or to exercise your data rights, please contact us:
If you believe your data has been processed unlawfully, you have the right to file a complaint with your local data protection authority. In the EU, a list of supervisory authorities can be found at edpb.europa.eu. In Turkey, the relevant authority is the KVKK Kurumu.