Privacy Policy for Brolled

Last Updated: 06.05.2026

This Privacy Policy explains how Buğra Günay (“Owner”, “we”, “us”, or “our”) handles information when you use the Brolled mobile application (the “App” or “Service”). It is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and the Turkish Personal Data Protection Law (KVKK — Law No. 6698).

The short version.

Brolled has no user accounts. You don’t give us your name, email, address, or location. The App does collect anonymous usage analytics and crash reports through Google Firebase, plus purchase data through RevenueCat, so we can keep the App stable and improve it. You can switch off analytics in Settings → Privacy at any time. Videos and content you create stay on your device unless you choose to share them yourself.

1. Who We Are (Data Controller)

The data controller responsible for your information under GDPR / KVKK is:

Owner / Veri Sorumlusu: Buğra Günay (Türkiye)
App: Brolled (iOS)
Contact: brolledapp@gmail.com
Website: brolled.com

2. Information We Collect

2.1 Information you provide directly

Brolled has no sign-up flow, no user accounts, no profile, and no contact form inside the App. We do not ask for your name, email address, phone number, postal address, date of birth, or government identifiers. The only way you would send us personal information is if you choose to email brolledapp@gmail.com for support, in which case we process the contents of that email solely to respond to you.

2.2 Information collected automatically

When you use the App, the following categories of data are collected automatically through the third-party services listed in Section 4. None of this is linked to your real-world identity:

Anonymous usage events. Which screens you opened, which features you used, which template you tapped, which export preset you chose, whether your export succeeded or failed, and how long it took. The full event list is published on Firebase’s documentation and we never include the text, image, or video content you create as part of these events.
Anonymous user properties. Your subscription tier (free / premium), a coarse credit-balance bucket (0, 1–5, 6–20, 20+), the App’s UI language, the iOS hardware identifier of your device (e.g. iPhone15,2 — not your serial number, not your IDFA), and a session count.
Crash and stability diagnostics. Stack traces, the iOS version, the App version, and the iOS device model are sent to Firebase Crashlytics when the App crashes or hits a non-fatal error.
Approximate geographic region. Firebase and RevenueCat infer your country from the IP address used at the time of a request. Your precise location is never collected. We do not request the iOS Location permission.
Purchase metadata. When you subscribe or buy a credit pack, RevenueCat receives the App Store transaction receipt, the product identifier, the subscription state, and an anonymous RevenueCat User ID. We never receive or store your payment card details — those are handled by Apple.

2.3 Information that stays on your device

The following data is created and stored locally on your iPhone or iPad and is never transmitted to us:

The videos, images, and text you author inside the App.
Your saved drafts (stored under the App’s Application Support directory).
Your in-app preferences (selected language, haptic toggle, default export quality, watermark settings).
Your remaining credit balance (stored in the iOS Keychain so a reinstall does not re-grant the welcome bonus).
Local counters used to render the “Stats” section of the App.

This data is removed from your device when you delete the App.

3. iOS Permissions We Request

Brolled requests the iOS permissions listed below. All of them can be revoked at any time from the iOS Settings app under Brolled. Denying a permission only disables the related feature; the rest of the App keeps working.

Permission	Why we ask
Photo Library (read)	So you can pick a video from your gallery to edit inside the App.
Photo Library (add)	So the App can save your finished video back to your gallery.
Microphone	Used by the Auto Captions feature when you ask the App to transcribe the speech in a video. The microphone is not used for ambient listening.
Speech Recognition	Used together with Microphone for Auto Captions. See Section 4 for how Apple processes this audio.

We do not ask for Camera, Location, Contacts, Calendar, Bluetooth, Apple Music, or App Tracking Transparency, because we do not use them.

4. Third-Party Services

The following third parties process limited categories of data on our behalf or as independent controllers. Each link points to the third party’s own privacy policy.

4.1 Google Firebase (Analytics, Crashlytics, Remote Config)

Provided by Google LLC, USA. Receives the anonymous usage events, anonymous user properties, crash diagnostics, and IP-derived approximate country described in Section 2.2. Acts as our data processor for analytics and crash reporting and as an independent controller for the limited identifiers Google itself uses (such as the Firebase installation ID). Data is processed on Google’s servers, primarily in the United States. Privacy policy: https://firebase.google.com/support/privacy.

4.2 RevenueCat

Provided by RevenueCat, Inc., USA. Manages our in-app subscriptions and credit-pack purchases. Receives the App Store transaction receipt, product identifier, subscription / entitlement state, and an anonymous RevenueCat User ID, plus the country derived from the IP address of the purchase request. We do not receive your payment-card details from RevenueCat or from Apple. Privacy policy: https://www.revenuecat.com/privacy. Terms: https://www.revenuecat.com/terms.

4.3 Apple App Store (Apple Inc.)

All purchases, refunds, and subscription cancellations are processed by Apple. Apple may collect data about the transaction and your Apple ID. We never receive your full payment information — only the anonymous, aggregated transaction status that Apple shares with developers. Privacy policy: https://www.apple.com/legal/privacy/.

4.4 Apple Speech Recognition

The Auto Captions feature uses Apple’s Speech framework. iOS performs the transcription on-device whenever an on-device language model is available. When iOS does not have an on-device model for the chosen language, Apple may transmit a short audio clip extracted from your video to its speech servers to produce the transcript. The audio is processed by Apple under their privacy policy, not ours, and is not retained by Apple for advertising. Privacy policy: https://www.apple.com/legal/privacy/.

4.5 GIPHY

Provided by GIPHY, Inc. (a Meta company), USA. Used inside the “Stickers & GIFs” feature when you search for a GIF. Receives only your search query, the App’s UI language, and the GIPHY API key. We do not send any user identifiers. Privacy policy: https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy.

5. How We Use Your Information

We process the data described in Section 2.2 strictly to:

Operate and deliver the App and its paid features.
Detect, diagnose, and fix crashes and bugs.
Understand which features users adopt so we can prioritise improvements.
Manage subscriptions, free trials, credit packs, and refunds.
Enforce our Terms and prevent abuse (e.g. credit-balance fraud).
Comply with legal obligations.

We do not sell your personal data, we do not share it with advertising networks, and we do not use it to build a profile about you outside the App.

6. Legal Basis for Processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or another GDPR-aligned jurisdiction, the legal bases on which we rely are:

Contract (Art. 6(1)(b) GDPR) — processing necessary to provide the App, deliver paid features, and fulfil our Terms.
Legitimate interests (Art. 6(1)(f) GDPR) — product analytics in aggregated, non-identifying form, crash diagnostics, and fraud prevention. You can object to legitimate-interest processing at any time using the contact details below.
Consent (Art. 6(1)(a) GDPR) — for the optional analytics described in Section 2.2 to the extent consent is required in your jurisdiction. You can withdraw consent at any time via Settings → Privacy → Anonymous Analytics in the App.
Legal obligation (Art. 6(1)(c) GDPR) — for tax, accounting, and consumer-protection records relating to purchases.

7. Your Choices and Controls

Turn off analytics. Open the App, then Settings → Privacy → Anonymous Analytics, and switch the toggle off. This stops Firebase Analytics and Crashlytics from receiving any further events from your device. Local in-app counters (used to render “Stats”) keep working.
Revoke iOS permissions. Open iOS Settings → Brolled and revoke Photos, Microphone, or Speech Recognition.
Manage subscriptions. Use iOS Settings → [your name] → Subscriptions to cancel, downgrade, or change your plan.
Delete local data. Deleting the App removes all on-device data, including drafts, preferences, and the Keychain credit balance.

8. Data Retention

Anonymous analytics events — retained by Google Firebase for the period configured in our Firebase project (currently 14 months) and then automatically deleted.
Crash diagnostics — retained by Firebase Crashlytics for up to 90 days for non-fatal events and longer for fatal events, in line with Firebase’s defaults.
Purchase records — retained by RevenueCat and by us for the period required for tax, accounting, and consumer-protection purposes (typically up to 10 years under Turkish tax law).
Support email correspondence — retained for as long as needed to handle the issue and a reasonable period afterwards (typically 24 months) for follow-up.

9. International Data Transfers

Firebase, RevenueCat, GIPHY, and Apple are based in the United States and process data on servers located in the United States and other regions. When you use the App from the EEA, the United Kingdom, or Turkey, this means your data may be transferred outside your country of residence. These transfers rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent KVKK safeguards. You can request a copy of the relevant safeguards by emailing brolledapp@gmail.com.

10. Your Rights Under GDPR / UK GDPR

If you are in the EEA or the United Kingdom, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate personal data.
Request deletion of your personal data (the “right to be forgotten”).
Restrict or object to certain processing, including direct marketing (we do not currently do direct marketing) and processing based on legitimate interests.
Receive a copy of your data in a structured, machine-readable format (data portability).
Withdraw consent at any time, where processing is based on consent.
Lodge a complaint with your supervisory authority (in the UK: the ICO; in the EEA: your national DPA).

To exercise any of these rights, email brolledapp@gmail.com. We will respond within one month. Because the App does not collect direct identifiers, you may need to share information that lets us match the request to your data (for example, the anonymous Firebase Installation ID shown in the App’s diagnostic screen, or the date and approximate device model of a relevant purchase).

11. Your Rights Under KVKK (Türkiye)

KVKK, 6698 sayılı Kişisel Verilerin Korunması Kanunu’nun 11. maddesi kapsamında veri sahibi olarak aşağıdaki haklara sahipsiniz:

Kişisel verilerinizin işlenip işlenmediğini öğrenme.
İşlenmişse buna ilişkin bilgi talep etme.
Kişisel verilerinizin işlenme amacını ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme.
Yurt içinde veya yurt dışında kişisel verilerinizin aktarıldığı üçüncü kişileri bilme.
Kişisel verilerinizin eksik veya yanlış işlenmiş olması hâlinde bunların düzeltilmesini isteme.
İlgili mevzuatta öngörülen şartlar çerçevesinde kişisel verilerinizin silinmesini veya yok edilmesini isteme.
Düzeltme, silme, yok etme işlemlerinin kişisel verilerin aktarıldığı üçüncü kişilere bildirilmesini isteme.
İşlenen verilerinizin münhasıran otomatik sistemler vasıtasıyla analiz edilmesi suretiyle aleyhinize bir sonucun ortaya çıkmasına itiraz etme.
Kişisel verilerinizin kanuna aykırı olarak işlenmesi sebebiyle zarara uğramanız hâlinde zararın giderilmesini talep etme.

Bu haklarınızı kullanmak için brolledapp@gmail.com adresine yazılı başvuruda bulunabilirsiniz. Talebiniz, en geç 30 (otuz) gün içerisinde sonuçlandırılacaktır. Veri sahibi olarak haklarınız ihlal edildiğinde Kişisel Verileri Koruma Kurulu’na (KVKK) şikâyette bulunma hakkınız saklıdır.

12. Your Rights Under CCPA / CPRA (California)

If you are a California resident, you have the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, the right to opt out of the “sale” or “sharing” of personal information, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. To exercise your California rights, email brolledapp@gmail.com.

13. Children’s Privacy

Brolled is not directed to children under the age of 13 (or under 16 in the EEA / United Kingdom, where applicable). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact brolledapp@gmail.com and we will delete it.

14. Security

The App relies on iOS file-protection, the iOS Keychain, and HTTPS for all network requests to Firebase, RevenueCat, GIPHY, and Apple. Despite reasonable safeguards, no method of transmission over the Internet or method of electronic storage is 100% secure; we cannot guarantee absolute security.

15. Apple Privacy Manifest

Per Apple’s 2024 transparency requirements, the App ships a Privacy Manifest (PrivacyInfo.xcprivacy) that declares the data types it collects, the API access reasons it uses, and the third-party SDK manifests it bundles. The most recent declarations align with this Privacy Policy.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App, in our third-party processors, or in applicable law. The “Last Updated” date at the top of the page is the authoritative version date. Material changes will be highlighted in the App’s release notes when the change ships. Continued use of the App after a change takes effect means you accept the updated policy.

17. Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our data practices, please contact:

Email: brolledapp@gmail.com
Website: brolled.com

Back to Home