Cookie & Tracking Technologies Notice
Last updated: June 2026
Data Controller: [Company's registered name] (referred to in this text in short as "Gruso" or the "Company")
As Gruso, we use mobile software development kits (SDKs), pixels and similar tracking technologies within our mobile application (the "Platform") in order to optimize your user experience, to ensure information security and to provide you with the most suitable AI-powered travel assistant service.
This Cookie and Tracking Technologies Notice (the "Notice") has been prepared, within the scope of Article 10 of the Personal Data Protection Law No. 6698 (the "Law", i.e. KVKK) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform, in order to inform you about the types of automated technologies used on the Platform, the purposes of processing, the legal grounds and how you can manage them.
For cookies and SDKs other than the strictly necessary tracking technologies used on our Platform, users' explicit consent is obtained and users are given the opportunity to change these preferences at any time they wish. Users can control all technologies via the in-app privacy panel.
1. WHAT ARE TRACKING TECHNOLOGIES (SDKs) IN MOBILE APPLICATIONS?
Cookies are, traditionally, small text files that websites store on your device via browsers. In mobile applications, however, this function is carried out through SDKs (Software Development Kits) integrated into the application's background code architecture and mobile device identifiers (IDFA for iOS, GAID for Android). SDKs serve to measure the Platform's performance, to detect systemic errors (crash reports, etc.), to analyze anonymously which features users use more frequently, and to carry out personalized marketing activities.
2. TECHNOLOGY TYPES BY PURPOSE OF USE AND LEGAL GROUNDS
The tracking technologies used on our Platform are divided into the following categories according to their purposes of use and are processed on the specified legal grounds.
2.1. Strictly Necessary and Technical Technologies (SDK)
These are infrastructure tools that are necessary for navigating the Platform, for membership logins to be carried out securely, for Premium subscription controls to be performed, for AI server connections to be established and for information security to be ensured (preventing unauthorized automated data-scraping attacks such as bots/scraping).
- Legal basis: Article 5(2)(c) of the Law, "Provided that it is directly related to the conclusion or performance of a contract, the processing of personal data belonging to the parties to the contract being necessary", or Article 5(2)(f), "Processing of data being mandatory for the legitimate interests of the data controller".
2.2. Functional and Preference Technologies (SDK)
These are used to make the application more functional and personalized by ensuring that the choices you have made in the past within the Platform (username information, password reminder, preferred language and theme selections, travel-planning start settings, etc.) are remembered.
- Legal basis: Processed by obtaining users' "Explicit Consent" within the scope of Article 5(1) of the Law.
2.3. Performance and Statistical/Analytics Technologies (SDK)
These are tools that provide statistical and anonymous data regarding how users use the Platform (which travel packages are clicked most, frequency of use of group surveys, etc.). They are used to optimize technical performance by detecting in-app slowdowns or crash errors (crash logs) and to make the travel assistant algorithms more functional.
- Legal basis: Processed by obtaining users' "Explicit Consent" within the scope of Article 5(1) of the Law.
2.4. Advertising and Marketing Technologies (SDK)
These are technologies that process your mobile advertising identifiers in order to create a profile of your interests and travel preferences, and to present to you the Premium opportunities and discounts within Gruso, or the travel campaigns offered by our business partners, as advertisements on external platforms (social media networks, search engines or other applications) in the manner most suitable to your interests.
- Legal basis: Processed by obtaining users' "Explicit Consent" within the scope of Article 5(1) of the Law.
3. COOKIE AND SDK INFORMATION USED ON THE GRUSO PLATFORM
The main SDK integrations and cookie-like structures actively used on the Platform, which record data on your device or are obtained from third-party providers for technical support purposes, are as follows:
| Tool / SDK | Type | Purpose | Retention |
|---|---|---|---|
| gruso_session | Strictly necessary | Ensures that the user's secure session within the application stays open. | For the duration of the session |
| gruso_culture | Strictly necessary | Keeps the user's language (Turkish/English, etc.) preference in memory. | Persistent (1 Year) |
| __cf_bm (Cloudflare) | Strictly necessary | Ensures information security by distinguishing human users from malicious bot/scraping software. | 30 Minutes |
| Firebase Crashlytics | Strictly necessary | Reports in real time the technical crashes and software errors occurring in the application. | For the duration of the session |
| Google Firebase Analytics | Analytics | Statistically measures visitors' travel-planning steps and in-app navigation movements. | 1 Year |
| Adjust / AppsFlyer | Marketing | Measures through which advertising channel the application was downloaded and performs campaign performance tracking. | 90 Days |
| Meta (Facebook) SDK | Marketing | Optimizes the Gruso Premium campaigns and travel routes suited to your interests on social media platforms. | 90 Days |
| Google Ads (GAID / IDFA) | Marketing | Performs personalized advertising targeting suited to the user's travel style on the Google search engine and business partner sites. | 180 Days |
| TikTok Pixel / SDK | Marketing | Used to measure the performance of our advertising campaigns and to track Gruso video advertisement interactions on the TikTok platform. | 1 Year |
4. TRANSFER OF PERSONAL DATA AND TRANSFER ABROAD
Within the scope of our activities carried out through cookies and SDKs, your personal data is transferred to our infrastructure suppliers, limited to the purposes of developing Gruso services in a personalized manner for you, ensuring technical optimization, auditing business activities and carrying out marketing processes.
If you give your consent to the third-party analytics, performance and marketing SDKs specified in the table above (e.g. Google Firebase, Meta, Adjust, etc.), your personal data will be processed on servers located abroad through infrastructure providers established abroad, limited to the purposes of data storage, cloud server operations and carrying out analysis activities. In this context, your personal data is processed by global service providers whose servers are located abroad, based on your explicit consent pursuant to Article 9 of the Law (Law No. 6698, Art. 9) and within the assurances of standard contractual clauses (SCC), with the necessary technical/administrative measures taken.
5. MANAGEMENT OF COOKIES AND SDKs
In order to use our Platform, it is not mandatory for you to accept cookies other than the strictly necessary tracking technologies. However, if you turn off the analytics and functional technologies, there may be a decline in the performance of your mobile travel assistant in remembering your past tastes and producing accurate personalized plans. Since technical and strictly necessary cookies/SDKs directly establish the operation of the Platform, if they are turned off, some functions of the application may become completely inoperable.
How Can You Change Your Preferences?
- In-App Privacy Panel: By visiting the "Settings > Privacy and Cookie Preferences" menu within the Gruso mobile application, you can set the operation of all non-mandatory analytics and marketing SDKs to "On" or "Off" at any time you wish, and save your settings.
- Device Settings (iOS): By following the steps Settings > Privacy & Security > Tracking on your device, you can permanently prevent Gruso from accessing your mobile advertising identifier (IDFA).
- Device Settings (Android): By following the steps Settings > Privacy > Ads on your device, you can reset your advertising identifier (GAID) or disable ad personalization.
6. REQUESTS AND RIGHTS OF DATA SUBJECTS
For your rights under Article 11 of the Law (learning whether your personal data is processed, requesting information, rectification, erasure, etc.) and all detailed application procedures regarding the processing of your personal data, you may review the Gruso Customer Privacy Notice.
Gruso reserves the right to update this Cookie Notice at any time in line with technical requirements on the Platform and changes in legislation.
