RotaTalk Privacy Policy

Last Updated: February 23, 2026

1. Introduction

RotaTalk ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). RotaTalk is the data controller responsible for your personal data.

2. Age Restriction

You must be at least the minimum age of digital consent in your country, or the age specified by the app's local rating on your device's app store (such as the App Store or Google Play), whichever is higher, to use the Service. We do not knowingly collect or process personal data from individuals under this age.

2.1. Child Safety Standards

RotaTalk is committed to maintaining a safe and respectful environment for all users, including minors.

  • We strictly prohibit any content related to child sexual abuse material (CSAM).
  • Users can report any child safety concerns directly within the app.
  • All reports are reviewed promptly, and appropriate actions are taken in compliance with applicable laws.
  • We cooperate with regional and national authorities when necessary to ensure child safety.

For any concerns or reports related to child safety, please contact us at: support@rotatalk.com.

3. Information We Collect and Legal Basis

3.1. Information You Provide

  • Username: Required to ensure unique identification within channels and prevent impersonation (Legal basis: Contractual necessity)
  • Full Name: Optional, helps with user identification (Legal basis: Legitimate interest)
  • Profile Picture: Optional, allows users to present themselves professionally (Legal basis: Consent)
  • Email or Phone: One is required for account creation and verification. You can sign up with either email or phone number, not both (Legal basis: Contractual necessity)
  • Voice Messages: Required for Voice Chat communication (Legal basis: Contractual necessity)
  • Photos and Videos: Image and video files you select from your device gallery to share in posts. Photos are re-encoded as JPEG with embedded metadata (EXIF data) stripped. Videos are compressed and transcoded to MP4 (Legal basis: Consent - explicit action of selecting and publishing)
  • Text Content: Text posts and captions you write for the Social Feed (Legal basis: Consent - explicit action of writing and publishing)
  • Customer Support Communications: Processed when you contact us (Legal basis: Legitimate interest)
  • User Blocking Data: We store blocking relationships (blocker user ID, blocked user ID, and timestamp) to enforce user-to-user blocking for safety and user control. This data enables mutual blocking functionality where blocked users cannot see, hear, or interact with each other (Legal basis: Legitimate interest in providing safety features)
  • Posts: Content you create for the Social Feed, including audio recordings, photos, videos, and text, along with metadata such as duration, dimensions, file size, and creation time (Legal basis: Consent - explicit action of creating and publishing)
  • Post Location Data: Geographic coordinates (latitude, longitude) and location name optionally attached to posts. Enabled by default if location permission granted; can be disabled per post. This data is visible to authenticated users based on post visibility settings (Legal basis: Consent)
  • Post Reactions: Likes, dislikes, and other reactions you give to posts, attributed to your account (Legal basis: Contractual necessity)
  • Post Reports: Content reports you submit including report reason and context (Legal basis: Legitimate interest for platform safety)

Data Controller: The data controller for personal data collected in the RotaTalk service is Nesim Tunc. You can submit your data protection requests to legal@rotatalk.com.

3.2. Automatically Collected Information

  • Device Information: Basic device type and operating system for service optimization (Legal basis: Legitimate interest)
  • Device Identifiers: Device identifiers for security, analytics, and cross-device ban enforcement (Legal basis: Legitimate interest)
  • Location Data: Required for service functionality and user safety (Legal basis: Contractual necessity)
  • Performance Data: App crashes and technical issues for service improvement (Legal basis: Legitimate interest)
  • Analytics Data: User interaction patterns, feature usage, and behavioral analytics for service improvement (Legal basis: Legitimate interest)
  • Post Analytics: Play counts, impression counts, and engagement metrics for posts. These metrics are displayed publicly on posts to authenticated users (Legal basis: Legitimate interest)
  • Media Metadata: Technical metadata from uploaded photos and videos including dimensions, format, duration (for videos), and file size (Legal basis: Legitimate interest)

3.3. Third-Party Analytics and Services

We use the following third-party services that may collect and process your data:

  • Usage Analytics Service: Collects usage analytics to improve our service, including:
    • Usernames: Logged for security monitoring (abuse prevention, ban evasion detection) and service analytics. Usernames are public identifiers within RotaTalk and do not contain personal information
    • Device Identifiers: Partially masked to balance debugging needs with privacy
    • User Interactions: Session data, feature usage, speaking time, and behavioral patterns
    • Public Channel Names: Names of public channels are logged for analytics. Private channel names (Teams) are never logged - only pseudonymous channel IDs are used for private channels to protect your privacy
    • Location Events: We log when location sharing is started/stopped and participant counts, but we do not log GPS coordinates or precise location data to analytics
    • Aggregated Metrics: Total speaking time, session counts, and other usage statistics

    All analytics data is stored in the EU region and retained for 2 years for service improvement purposes

  • Error Tracking Service: Collects crash reports and error logs including device information and application state for service improvement
  • Push Notification Service: Manages push notifications and collects device tokens, user preferences, and notification interaction data
  • Email Service: Handles authentication emails including verification codes, password resets, and account notifications. Processes email addresses and delivery status information
  • Map Service: Displays location data and may collect map interaction statistics
  • Over-the-Air Update Service: Delivers app updates. Collects app version and platform information to provide bug fixes and improvements

Each service operates under their respective privacy policies and may use data for their own analytics purposes.

4. Data Retention

  • Account and profile information: Retained as long as your account is active
  • Location data: Only last known location is stored
  • Voice messages: Deleted immediately after successful delivery
  • Performance data (crash logs): Retained for 90 days
  • Device identifiers: Retained indefinitely for security and ban enforcement
  • Analytics data: Retained for 2 years for service improvement
  • Push notification tokens: Retained until user opts out or app is uninstalled
  • Post media files (audio, photo, video): Retained for up to 2 years from deletion or expiration for legal compliance and safety investigations, regardless of user deletion. Posts are hidden from feed but files retained
  • Text post content: Retained for up to 2 years from deletion or expiration for legal compliance and safety investigations
  • Post metadata (location, channel link, timestamps): Retained indefinitely for service records and compliance
  • Post reaction data: Retained indefinitely for service records
  • Post analytics (plays, impressions): Retained indefinitely for service improvement
  • Post reports: Retained indefinitely for audit and investigation purposes
  • Recently played post IDs: Stored locally on device
  • Upon account deletion request: All personal data is permanently deleted within 30 days, except posts (audio, photo, video, text) which are retained for legal compliance as described above

You can request account deletion through Menu β†’ Account β†’ Account Deletion. Once requested, your account and associated data will be permanently deleted after a 30-day grace period.

5. Location Services

5.1. Manual Location Sharing ("Live Location Sharing")

Complete Control: Location sharing is fully manual and under your control. You must actively tap "Live Location Sharing" to share your location with others in your channel. This sharing is session-based and temporary.

  • Manual Action Required: Location sharing only happens when you tap "Live Location Sharing"
  • Session-Based: Sharing automatically stops when you leave a channel or close the app
  • Mutual Benefit: To see others on the map, you must first share your own location by going "Live"
  • Always Controllable: You can manually stop sharing at any time with the "Stop" button

5.2. Location Permission vs. Location Sharing

There's an important distinction between having location permission and sharing your location:

  • Location Permission: Allows the app to show your own position on the map and provide safety features
  • Location Sharing ("Live Location Sharing"): Makes your location visible to other users in your channel - this requires your explicit action
  • Last Known Location: For safety and emergency purposes, the app may retain your last known location, but this is NOT shared with other users unless you are "Live"

5.3. Post Location Tagging

Optional Location Attachment: Posts (audio, photo, video, text) can include your location (latitude, longitude, location name) at time of creation.

  • Default Setting: Location is attached by default if you have granted location permission
  • User Control: You can disable location for individual posts before publishing
  • Visibility: Location data is visible to authenticated users who can view your post
  • Retention: Location data is retained with post metadata indefinitely for service records
  • Privacy Consideration: Be aware that enabling location reveals your whereabouts at time of recording

6. Device Permissions

Our application requires the following device permissions:

  • Microphone Access: Required for push-to-talk voice communication
  • Photo Library Access: Required for selecting photos and videos from your device to share in posts
  • Location Access: Required for service functionality and user safety as detailed in Section 5
  • Notification Access: Required for push notifications and service updates

You can manage these permissions through your device settings, though some features may not function without required permissions.

7. Voice Communication Security

  • Voice transmissions are secured using Transport Layer Security (TLS) 1.3
  • Live voice communication data is not permanently stored on our servers
  • Voice transmission security is regularly audited and updated

Important Notice - Microphone Usage: While your microphone is active, everything you say can be heard by other users in the channel. RotaTalk does not record, monitor, or supervise any content spoken through your microphone when it is active. You are entirely responsible for when your microphone is turned on and off. Always exercise caution to ensure your microphone is not unintentionally left on. Users are solely responsible for all content spoken or heard during voice communication sessions.

7.1. Post Storage Security

  • Post media files (audio, photos, videos) and text content are encrypted at rest using industry-standard encryption
  • Media files are stored in EU-based cloud storage infrastructure
  • Videos are compressed and transcoded for optimal delivery
  • Access to media files is controlled by access control policies
  • Posts are retained for 2 years for legal compliance, even after user deletion or expiration

Important Notice - Post Permanence: Unlike live voice communication, posts (audio, photos, videos, text) are stored and may be viewed multiple times by authenticated users. Posts are retained for legal compliance even after deletion. Consider this before posting sensitive information.

7.2. Deep Links

Posts may generate shareable deep links. By creating a post:

  • Deep links require app authentication to access content
  • Links may be shared by users but only authenticated app users can view content
  • Linked content follows the same retention and visibility rules

8. International Data Transfers

Our services are hosted on servers located within the European Union. We ensure compliance with GDPR and other applicable data protection laws through:

  • Use of EU-based infrastructure
  • Standard Contractual Clauses with service providers
  • Regular security assessments
  • Appropriate technical and organizational measures

9. Data Security and Breach Notification

We implement appropriate technical and organizational measures to protect your personal data. In the event of a personal data breach, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Inform affected users promptly if the breach is likely to result in a high risk to their rights and freedoms
  • Provide information about the breach and steps taken to mitigate risks
  • Document all breaches and remedial actions taken

10. Tracking Technologies

Our mobile application does not use cookies but does use analytics and error tracking services as described in Section 3.3. Device identifiers and analytics data are collected for service functionality, security, and improvement purposes as outlined in Section 3.2.

10.5. My Teams and Private Communication Data

When you create or join a Team (private channel), we collect and process the following data:

  • Team Membership: Information about which Teams you are a member of
  • Team Metadata: Team name, creation date, and ownership information
  • Member Lists: List of users who are members of each Team
  • Invite Codes: Generated invite codes for Team access (stored until disabled by Team owner)
  • Team Activity Logs: Join/leave timestamps and membership changes for security and moderation

10.5.1. Legal Basis for Processing

  • Team Membership Data: Contractual necessity (required to provide the Teams feature)
  • Team Metadata: Contractual necessity (required for Team functionality)
  • Activity Logs: Legitimate interest (platform security and abuse prevention)

10.5.2. Data Retention

  • Team Membership: Deleted when you leave a Team or delete your account
  • Team Metadata: Deleted when Team is deleted by owner or upon account deletion
  • Activity Logs: Retained for 90 days for security purposes
  • Invite Codes: Deleted when Team owner disables them or Team is deleted

10.5.3. Voice Communication in Teams

The same privacy policies apply to Teams as to public channels:

  • Voice communication is not recorded or stored permanently
  • All voice transmissions are encrypted with TLS 1.3
  • Only session metadata (timestamps, channel IDs) may be retained for security purposes
  • See Section 7 (Voice Communication Security) for complete details

10.5.4. Sharing with Third Parties

  • Team data is not shared with third parties except as required by law
  • Law enforcement may request Team metadata with a valid legal order (see Terms & Conditions Section 8.4.4)
  • Analytics services receive pseudonymous usage statistics only:
    • Private channel names (Teams) are NEVER logged to analytics - we only send pseudonymous channel IDs (UUIDs)
    • Event counts like "Teams feature used X times" are logged without Team names or member lists
    • This ensures your private Teams remain private while allowing us to improve the service

10.5.5. Your Control Over Team Data

  • You can leave a Team at any time, which deletes your membership data
  • Team owners can delete their Team, which removes all associated data
  • Account deletion removes all Team memberships and owned Teams
  • You can request a copy of your Team membership data by contacting support@rotatalk.com

10.6. AI Assistant (RotaBot)

RotaBot is an AI-powered road assistant designed for professional truck drivers. This section explains how your personal data is collected and processed when you use RotaBot.

  • Chat Data: Your messages and RotaBot responses are stored on our servers (EU/Germany) and linked to your account. Legal basis: Contract performance (providing the RotaBot service). Retention: Up to 2 years from the date of the conversation, after which it is automatically deleted. You can delete your conversations at any time from within the app.
  • Location Data: If you have granted location permission, your GPS coordinates and approximate location name are sent with each message to generate location-aware answers (nearby places, fuel prices, border crossing wait times). This data is used only to generate your response and is part of the conversation record subject to the same 2-year retention. No separate location history is maintained. Legal basis: Contract performance.
  • Vehicle Profile: If you create a vehicle profile (truck dimensions, weight, axle count), this data is used alongside your queries to provide accurate truck-specific route calculations. Legal basis: Contract performance. Retention: Until you delete the profile or your account.
  • Daily Usage Quota: Your daily token usage is tracked to enforce fair use limits. This counter is stored on our servers (EU/Germany) and resets automatically each day. Legal basis: Legitimate interest (service fairness and infrastructure protection).
  • Device Identifier: Your device's unique identifier is used to enforce device-level daily usage limits to prevent quota circumvention by creating multiple accounts on the same device. Your device ID is stored in our database (see Section 3.2 β€” Device Identifiers); the RotaBot quota counter linked to it resets daily. Legal basis: Legitimate interest (abuse prevention).
  • Third-Party AI Processors: Your messages are processed by AI language model service providers operating in the USA. Your use of RotaBot constitutes acceptance of this cross-border data transfer. A current list of AI service providers is available upon request at legal@rotatalk.com. Third-party AI providers do not use your chat data to train their underlying models. We may review conversation data and any feedback you provide to improve RotaBot's response quality, routing logic, and usefulness for professional drivers.
  • Third-Party Data Sources: RotaBot may use the following categories of services to answer your queries:
    • Routing and mapping service providers (EU) β€” route calculation and place search
    • EPDK / EU Oil Bulletin β€” fuel price reference data
    • Open-Meteo (CC BY 4.0, open-meteo.com) β€” weather data
  • AI Content Disclaimer: RotaBot responses are AI-generated and may not always be accurate. Route information, fuel prices, border crossing wait times, and traffic data may be outdated or incorrect. Do not rely solely on RotaBot for safety-critical decisions (hazmat routing, border crossing requirements, legal compliance, heavy vehicle restrictions). Always verify with official sources before your journey.

11. Your Rights and How to Exercise Them

Under GDPR and KVKK, you have the following rights:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Object to data processing
  • Request manual export of your profile and account information

To exercise these rights, contact us at support@rotatalk.com. We will respond to your request within 30 days. For account deletion, use Menu β†’ Account β†’ Account Deletion.

Retention Exception: Posts (audio, photo, video, text) and associated data may be retained beyond deletion requests for up to 2 years where required for legal compliance, ongoing investigations, or regulatory purposes. This retention is based on legitimate interest for platform safety and legal compliance.

12. Changes to Privacy Policy

  • We will notify you of any significant changes to this policy
  • Changes will be communicated through in-app notifications
  • 30-day notice will be provided when possible
  • Continued use of the service after changes constitutes acceptance

13. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

support@rotatalk.com

Β© 2026 RotaTalk. All rights reserved.