Privacy Policy — AniBell
Last updated: 2026-06-05
This Privacy Policy explains how Musa Alperen Demir ("we", "us", "our"), the provider of the AniBell mobile and web application (the "App"), collects, uses, and shares your personal data, and the rights you have over it. By creating an account or using the App you acknowledge this Policy.
1. Who is responsible for your data (Data Controller)
The data controller is Musa Alperen Demir. For any privacy question or to exercise your rights, contact us at [email protected].
2. What AniBell is
AniBell lets you track anime shows and receive a push notification when a tracked show's episode begins broadcasting, plus a weekly schedule and an episode tracker. To do this we need an account and a way to send notifications to your device.
3. Personal data we collect
We collect only what the App needs to function:
- Account data: email address, password (stored only as a salted BCrypt hash — we never store or see your plaintext password), username, your chosen avatar (a selection from a built-in catalog — not an uploaded photo), and preferred language.
- Sign-in identifiers: if you use Sign in with Google or Sign in with Apple, the stable account identifier they provide and your email address. (An Apple email may be a private-relay address Apple generates for you.)
- Authentication data: short-lived, hashed one-time codes for email verification and password reset.
- Device & notification data: your device's push-notification token, platform (iOS/Android), and the App version (sent when you submit feedback).
- App content: the shows you track and your watched-episode progress.
- Feedback: any message you choose to send us, with the App version and platform.
- Diagnostics: server error logs, which may contain technical request information.
- Purchases (when in-app purchases are available): the transaction/receipt identifiers and your entitlement status. Payment and card details are handled entirely by Apple or Google — we never receive or store them.
Data we do NOT collect
We do not collect your location, contacts, calendar, camera, photos, microphone, health, financial-account, or biometric data. We do not use an advertising identifier and we do not track you across other apps or websites. AniBell contains no third-party analytics, attribution, or advertising SDKs.
4. Where your data comes from
- Directly from you (account details, feedback, the shows you track).
- From Google or Apple when you choose their sign-in (account id + email).
- Automatically from your device (push token, platform, app version, technical log data).
5. Why we use your data and our legal bases (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Create and operate your account; deliver the core tracking + notification service | Performance of a contract (Art. 6(1)(b)) |
| Send push notifications for episodes/status changes | Performance of a contract + your device-level notification permission |
| Verify your email and process password resets | Performance of a contract / legitimate interests |
| Security, abuse prevention, and rate limiting | Legitimate interests (Art. 6(1)(f)) |
| Respond to and act on your feedback | Legitimate interests |
| Process in-app purchases and manage entitlements (when available) | Performance of a contract |
You can withdraw consent for push notifications at any time in your device settings or by untracking shows.
6. Who we share data with (processors / sub-processors)
We do not sell your personal data. We share it only with service providers that help us run AniBell, each under its own privacy terms:
| Provider | Role | Their privacy policy |
|---|---|---|
| Apple | Sign in with Apple | https://www.apple.com/legal/privacy/ |
| Google sign-in; Android push delivery (Firebase Cloud Messaging) | https://policies.google.com/privacy | |
| Expo | Push-notification delivery | https://expo.dev/privacy |
| Resend | Transactional email (verification, password reset) | https://resend.com/legal/privacy-policy |
| Railway | Application hosting and database | https://railway.com/legal/privacy |
| AniList | Read-only anime information — no personal data is sent to AniList | https://anilist.co/terms |
In-app purchases are not currently offered. If we introduce them, payments will be processed by Apple or Google and we may use a purchase-management provider (RevenueCat, https://www.revenuecat.com/privacy/) to validate purchases and manage entitlements. We will update this Policy and the table above before any such provider becomes active.
We may also disclose data where required by law or to protect our rights, users, or the public.
7. International data transfers
Our hosting and the providers above may process or transfer your data outside your country, including outside the EU/UK. Where required, such transfers rely on appropriate safeguards (e.g. the EU Standard Contractual Clauses).
8. How long we keep your data (retention)
- We keep account data until you delete your account.
- When you delete your account, we delete the associated push tokens, tracked shows, watched-episode progress, and authentication codes.
- Feedback you submitted is anonymized (disconnected from your account) rather than deleted, so the message may be retained without identifying you.
- Server error logs are retained for up to 90 days. Routine database backups may retain data for their rotation period before being overwritten.
- If in-app purchases are introduced in the future, the relevant store (and any purchase-management provider we use) will retain purchase records under their own policies.
9. Your rights
If you are in the EU/UK (GDPR / UK-GDPR)
You have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; and withdraw consent at any time. You may also lodge a complaint with your local data-protection supervisory authority.
If you are in California (CCPA/CPRA)
You have the right to know what we collect, to delete it, to correct it, and to opt out of the "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights ("Do Not Sell or Share My Personal Information").
If you are in Türkiye (KVKK)
AniBell is operated from Türkiye, so the Personal Data Protection Law No. 6698 (KVKK) applies. The data controller (veri sorumlusu) is Musa Alperen Demir. Under Article 11 of the KVKK you may: learn whether your personal data is processed and request information about it; know the purpose of processing and whether it is used accordingly; know the third parties to whom it is transferred; request correction or deletion; and object to results arising from automated analysis. You may also lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu). A Turkish-language clarification notice (Aydınlatma Metni) is provided separately. To exercise KVKK rights, contact [email protected].
How to exercise any right: use in-app account deletion (Profile → Delete account), email us at [email protected], or use the request page at https://anibell.net/delete-account. We respond within the time required by applicable law.
10. Children
AniBell is not directed to children under 13 (or the minimum age of digital consent in your country, which may be up to 16 under the GDPR). We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact [email protected] and we will delete it.
11. Push notifications
We use push notifications to tell you when a tracked show's episode is broadcasting or its status changes. You can turn them off at any time in your device's OS settings, or by untracking shows in the App.
12. Cookies & local storage
The web version of AniBell uses a strictly-necessary, HttpOnly session cookie to keep
you logged in (the login token is never exposed to web page scripts) and browser local storage
for session state. The mobile app stores your login token in the device's secure storage
(expo-secure-store). We do not use advertising or tracking cookies. (If you serve EU users
from the web property, ensure an appropriate cookie/consent notice is present.)
13. How we protect your data
We use industry-standard measures including encryption in transit (HTTPS/TLS), salted password hashing (BCrypt), hashed one-time codes, stateless tokens that can be invalidated, secure on-device token storage, and access controls. No system is perfectly secure, but we work to protect your data appropriately.
14. Changes to this Policy
We may update this Policy. We will revise the "Last updated" date above and, for material changes, provide a more prominent notice. Continued use after changes take effect means you accept the updated Policy.
15. Contact
Questions or requests: [email protected] · https://anibell.net Data controller: Musa Alperen Demir.