Operator. Natty is operated by Muhammed Kılınç, an independent developer based in Türkiye. Contact: hello@muhammedkilinc.com.
In short
- Natty works without a sign-up — the app creates an anonymous account for you automatically. No name, no email.
- Your photos stay on your device. When you ask for a read, the photo is sent for analysis only in that moment, processed in memory, and never stored on our servers or used to train any model.
- The written result of each analysis is stored under your anonymous ID — to monitor quality and, in the future, to sync your archive across devices. It is never tied to your name and never used for advertising.
- No ads. No advertising identifiers. No third-party ad networks.
- We do not sell your personal data.
- Whether you are in the EU, UK, US, Türkiye, or elsewhere, the rights described below apply to you.
This Privacy Policy explains how Natty (“we”, “our”, “us”) handles information when you use the Natty app (the “Service”).
Your photos
Natty is built so that your photos are not collected:
- Photos you shoot are stored only on your device, in the app’s local storage. They are not uploaded to, or kept on, any server we operate.
- To produce a read, a single photo plus your context (for example “dinner” or “work”) is sent over an encrypted connection through our thin proxy to an AI provider, analyzed in memory, and discarded. It is not retained by us or the provider, and is not used to train any model (zero-retention / no-training).
- The written result of the analysis is stored on your device in your calendar archive. It does not leave your device unless you choose to share it.
What we collect
- An anonymous account. On first launch the app creates a pseudonymous user ID (no name, no email, no password). Everything below is keyed to that ID — never to your identity.
- Written analysis results. The text result of each completed analysis (the reading, the suggestion, your selected context and preferences like tone) is stored under your anonymous ID. We use it to monitor and improve the quality of Natty’s reads, and in the future to sync your archive across your devices. The photo itself, your free-text notes, and your outfit history are never stored on our servers.
- On-device data (stays on device). Your photos and your calendar archive live locally on your device. This data is controlled entirely by you and is removed when you delete the app.
- Transient analysis request. The photo and context you submit for a read are processed in memory by our AI provider and not stored (see “Your photos” above).
- Usage counters (no personal data). To enforce the free and premium limits, our server keeps a small counter keyed to your anonymous ID, the current week or day, and a count.
- Anonymous crash reports. If the app crashes, a technical report (stack trace, device model, OS version) is captured by Firebase Crashlytics so we can fix it. It contains no photos and no personal content, and we do not use Firebase Analytics.
- Subscription state. When you subscribe, your purchase and renewal state are managed through the Apple App Store and RevenueCat. We do not see or store your payment details.
What we do NOT do
- No advertising, no Google AdMob, no ad SDKs.
- No advertising identifier (IDFA), no App Tracking Transparency prompt, no cross-app tracking.
- No third-party analytics that profiles you.
- No selling or sharing of personal data.
How we use information
- Provide the style-analysis feature and your on-device archive.
- Manage subscriptions and determine entitlement to Premium.
- Enforce fair-use limits and prevent abuse, via the pseudonymous usage counter.
- Comply with legal obligations.
Legal bases (EU / UK / EEA)
Where GDPR applies, we process data on the following bases:
- Contract — to provide the Premium subscription you purchased.
- Legitimate interests — to keep the Service stable, enforce fair use, and prevent abuse using a pseudonymous counter.
Third-party services
- Anthropic (AI analysis) — The photo and context you submit are processed by Anthropic’s API under a zero-retention, no-training configuration: inputs are not stored and are not used to train models. See Anthropic’s Privacy Policy.
- Supabase — Hosts our thin proxy (which holds the AI key server-side) and the pseudonymous usage counter. Photos are never stored there. See Supabase’s Privacy Policy.
- Firebase Crashlytics (Google) — Anonymous crash reporting only; Firebase Analytics is disabled. See Google’s Privacy Policy.
- RevenueCat — Subscription management and entitlement verification. RevenueCat receives a pseudonymous user ID and purchase receipts. See RevenueCat’s Privacy Policy.
- Apple App Store (StoreKit 2) — Subscription and in-app purchase management.
Data storage, retention, and transfers
Server-side we store only what is described above — written analysis results and usage counters, keyed to your anonymous ID — on managed infrastructure in the EU (Frankfurt). Deleting your account removes all of it. Our processors may process data outside your country and rely on Standard Contractual Clauses or equivalent safeguards for international transfers. Your on-device data (photos, archive) is controlled entirely by you and can be removed by deleting the app.
Your rights
Anyone can request information, correction, or deletion of any data we hold by emailing hello@muhammedkilinc.com. We will respond within 30 days.
EU / UK / EEA residents (GDPR)
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data (“right to be forgotten”).
- Restrict or object to certain processing.
- Receive your data in a portable format.
- Withdraw any consent you previously gave.
- Lodge a complaint with your local supervisory authority.
California residents (CCPA / CPRA)
You have the right to:
- Know what personal information we collect, use, and disclose.
- Delete personal information we hold about you.
- Opt out of any “sale” or “sharing” of your personal information — we do not sell personal data and do not share it for cross-context behavioral advertising.
- Not be discriminated against for exercising any of these rights.
Türkiye residents (KVKK)
Natty operates in compliance with Law No. 6698 on the Protection of Personal Data. Turkish residents have the rights granted under KVKK Article 11, including access, rectification, deletion, and the right to lodge a complaint with the Personal Data Protection Authority (KVKK).
Children
Natty is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Subscriptions
Subscribing to Natty Premium lifts the free analysis limit and unlocks a deeper read. Your calendar and archive are always free and never gated. Subscription details, renewal, and cancellation are managed through your Apple ID; we do not see or store your payment information.
Changes
This policy may be updated from time to time. Material changes will be communicated in the app where appropriate. The “last updated” date at the top of this page reflects the most recent revision.
Contact
Questions about privacy: hello@muhammedkilinc.com.