Legal

Privacy Policy

Effective: 29 June 2026 Last updated: 29 June 2026 Applies to: MediByte for iOS

MediByte is a study tool, not a data business. This policy explains, in plain language, exactly what information we collect, why we collect it, who we share it with, and the control you keep over it. We collect the minimum we need to run the service — and we never sell your personal data.

01 Overview

This Privacy Policy describes how SOLVAR YAZILIM VE BİLİŞİM LTD. ŞTİ., the company that operates MediByte ("MediByte", "we", "us" or "our"), collects, uses, discloses and safeguards information about you when you download, access or use the MediByte mobile application and related services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this policy.

We have written it to be readable. Where a section carries specific legal meaning — for example under the EU/UK General Data Protection Regulation ("GDPR") or the California Consumer Privacy Act ("CCPA") — we say so explicitly.

02 Who we are

For the purposes of applicable data-protection law, the controller responsible for your personal data is SOLVAR YAZILIM VE BİLİŞİM LTD. ŞTİ., a company incorporated in the Republic of Türkiye and based in İstanbul. You can reach us at any time at privacy@medi-byte.com.

"Personal data" (or "personal information") means any information that identifies, relates to or could reasonably be linked to you.

03 Information we collect

We collect information in three ways: information you provide, information generated as you use the Service, and information collected automatically by your device.

a. Information you provide

Account information. When you create an account or sign in — including with Sign in with Apple or Google — we receive a basic profile, typically your name and email address, used to create, secure and operate your account.
Communications. If you contact support, submit feedback or report content, we keep what you send us and our reply.

b. Information generated by your use of the Service

Study activity. To power progress tracking, your mistakes bank, the readiness ring and analytics, we store learning data such as questions answered, answers selected, lessons completed, scores, streaks, time studied and feature usage.
Multiplayer & social. If you use MedWars, leaderboards or Champions, we process the match, ranking and result data needed to run those features.
AI tutor & simulations. When you use Dr. MediByte or OSCE simulations, the prompts and conversation content you enter are processed to generate a response.

c. Information collected automatically

Device & technical data. Device model, operating-system version, language, app version, and similar technical identifiers.
Diagnostics. Anonymous crash reports and performance metrics that help us keep the app stable and fast.
Local storage. We use on-device storage to cache content and remember your preferences. MediByte does not use third-party advertising trackers.

d. Payment information

Premium subscriptions are purchased and billed through the Apple App Store. Apple processes your payment; we never receive or store your card details. We receive only the subscription status needed to unlock premium features.

04 How we use your information

To provide, maintain and personalize the Service and your learning experience.
To sync your progress across your devices.
To operate features such as multiplayer, leaderboards, the AI tutor and patient simulations.
To process subscriptions and manage entitlements.
To diagnose problems, prevent fraud and abuse, and keep the Service secure.
To respond to your requests and provide customer support.
To understand, in aggregate, how the Service is used so we can improve it.
To comply with legal obligations and enforce our Terms of Use.

We do not use your personal data to make decisions that produce legal or similarly significant effects about you through solely automated means.

05 Legal bases for processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

Performance of a contract — to deliver the Service you sign up for (your account, progress sync, subscriptions).
Legitimate interests — to secure, debug and improve the Service, prevent abuse and understand usage in aggregate, balanced against your rights.
Consent — where we ask for it (for example, optional features); you may withdraw consent at any time.
Legal obligation — where processing is required to comply with the law.

07 International data transfers

MediByte is offered globally and our providers may process data in countries other than your own. Where personal data is transferred internationally, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an adequacy decision — to ensure your data remains protected to the standard described in this policy.

08 Data retention

We keep your personal data for as long as your account is active and for as long as needed to provide the Service. After you delete your account, we delete or de-identify your personal data within a reasonable period, except where we must retain certain records to comply with legal, tax or accounting obligations, resolve disputes, or enforce our agreements.

09 Security

We use technical and organizational measures designed to protect your information — including encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

10 Your rights & choices

Depending on where you live, you may have some or all of the following rights over your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate or incomplete data.
Erasure — ask us to delete your account and personal data.
Restriction & objection — ask us to limit or stop certain processing.
Portability — receive your data in a portable, machine-readable format.
Withdraw consent — where processing is based on consent.

To exercise any of these, email privacy@medi-byte.com. We will respond within the timeframe required by applicable law and may need to verify your identity first. You also have the right to lodge a complaint with your local data-protection authority.

California residents. We do not sell or "share" your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. You may exercise your access and deletion rights using the contact above, and you will not be discriminated against for doing so.

11 Children's privacy

MediByte is intended for medical and health-sciences students and is not directed at children under 13 (or the minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

12 Third-party services & links

The Service relies on third parties (such as Google Firebase, Apple and AI providers) and may link to external resources. Their handling of your data is governed by their own privacy policies, which we encourage you to review. We are not responsible for the privacy practices of services we do not control.

13 Changes to this policy

We may update this policy as the Service evolves or the law changes. When we make material changes, we will revise the "Last updated" date above and, where appropriate, provide additional notice in the app. Your continued use of the Service after an update means you accept the revised policy.

14 How to contact us

Questions, requests or concerns about this policy or your data? We're a real team and we read everything:

Privacy & data requests — privacy@medi-byte.com
General support — support@medi-byte.com