Privacy Policy

Last updated: May 20, 2026

1. Controller and Scope

Dilutio is operated by TUUSIX OYUN YAZILIM VE DIŞ TİCARET LİMİTED ŞİRKETİ ("TUUSIX", "we", "us", or "our"). This policy explains how we process personal data in the Dilutio mobile app, the dilut.io website, support channels, and related services.

Registered address: IHLAMURKUYU MAH. KIRKPINAR SK. NO:8 İÇ KAPI NO:3 ÜMRANİYE / İSTANBUL. MERSIS number: 0872159955600001. Tax identification number: 8721599556. Tax office, KEP address, ETBIS status, and VERBIS status must be added before final publication if applicable.

2. Data We Process

  • Account data: email address, authentication identifiers, display name, avatar, age band, and account settings.
  • App content: saved blends, oil cabinet entries, routines, comments, posts, messages, reports, and moderation records.
  • AI feature data: prompts, blend context, scent preferences, and AI responses needed to generate app output when you use AI features.
  • Subscription data: plan, entitlement status, app store transaction metadata, renewal status, and RevenueCat subscriber identifiers.
  • Device and diagnostics: device model, operating system, app version, crash logs, security logs, and abuse-prevention metadata.
  • Website data: support requests, privacy requests, IP address, browser data, and cookie preferences where cookies are used.

3. Purposes and Legal Bases

  • To create and secure your account, provide app features, sync content, and perform our contract with you.
  • To process subscriptions, restore purchases, prevent fraud, and maintain legal and tax records.
  • To provide AI-powered features when you consent to AI data processing.
  • To host community features, receive reports, moderate content, block abusive users, and enforce our terms.
  • To answer support, privacy, copyright, and legal requests.
  • To improve reliability, diagnose crashes, protect the service, and prevent misuse based on legitimate interests where permitted.
  • To comply with legal obligations under applicable consumer, privacy, tax, platform, and intellectual-property rules.

4. AI Processing

AI features are powered by OpenAI API services. When you use AI features, Dilutio sends the prompt and relevant blend context to OpenAI to generate a response. We do not intentionally send your name or email address to OpenAI for AI generation. OpenAI states that API inputs and outputs are not used to train OpenAI models by default unless the API customer opts in.

AI consent can be withdrawn in the app. If you withdraw AI consent, manual blend tools, oil library features, account settings, and community features remain available where otherwise enabled.

5. Processors and Recipients

We use service providers only as needed to operate Dilutio:

  • Supabase for authentication, database, storage-related services, and backend infrastructure.
  • OpenAI for AI response generation.
  • RevenueCat for subscription entitlement management.
  • Apple App Store and Google Play for in-app purchase billing and subscription management.
  • Sentry for crash reporting and diagnostics.
  • Cloudflare R2 for user-uploaded media storage where enabled.
  • Email and support tools used to respond to user requests.

Community content you choose to publish is visible to other users. We do not sell personal data.

6. International Transfers

Personal data may be processed outside your country, including in the United States and the European Economic Area, depending on our processors. For EU/EEA and UK users, we rely on appropriate transfer safeguards such as European Commission standard contractual clauses or other valid transfer mechanisms where required. For Turkish users and Turkiye operations, cross-border transfers must comply with KVKK Article 9, including a valid safeguard or explicit consent where legally required.

7. Retention and Deletion

  • Account and app content are retained while your account is active.
  • When you delete your account in the app, Dilutio starts permanent account deletion and removes or disassociates personal account data unless retention is legally required.
  • Uploaded media and processor-side records are deleted or deletion is requested from processors where technically available; some processor, payment, fraud, tax, or legal records may be retained where required.
  • Community content may be removed or anonymized when associated with a deleted account unless legal retention or moderation records are required.
  • Security, abuse-prevention, audit, tax, and transaction records may be retained for the period required or permitted by law.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing. EU/EEA and UK users may also complain to their local data protection authority. Turkish users may exercise KVKK Article 11 rights as described in our KVKK notice.

Submit requests in the app where available or email hello@tuusix.com.

9. Children and Teens

Dilutio is not intended for children under 13. Users under 16 may be restricted from certain social or messaging features. If you believe a child under 13 provided personal data, contact us so we can review and delete it where required.

10. Security and Contact

We use reasonable technical and organizational safeguards, including access controls, transport encryption, row-level security where applicable, and operational monitoring. No service can be guaranteed completely secure.

Privacy contact: hello@tuusix.com