This Privacy Policy explains what personal data Termixa collects, why, how we use it, who we share it with, and the rights you have. It applies to the Termixa mobile app, the desktop and headless connector, and the termixa.com website (together, the “Service”).
The data controller for the Service is Termixa (“we”, “us”), based in Türkiye. For any privacy question or request, contact us at support@termixa.com.
When you sign in with Google or Apple, we receive your email address and a stable user identifier from that provider, which we use to create and identify your account. If you use “Sign in with Apple” and choose “Hide My Email”, we only receive a private Apple relay email address.
If you subscribe to Termixa Pro, Apple processes the payment; we receive and store your subscription status, product identifier, renewal/expiry dates, the original transaction identifier, and the storefront (country) associated with the purchase, so we can unlock Pro features, recognise renewals and cancellations, and understand aggregate revenue by country. We never receive or store your payment card details. We also store the status of any complimentary access we grant.
To enforce the number of devices allowed on your plan and to let you manage them, we store, for each device on your account, a per-app device identifier (Apple’s identifier for vendor, which resets if you reinstall the app), a device name, the platform, and a “last seen” timestamp.
To prevent repeated free-trial abuse, we use Apple’s DeviceCheck to record two bits of information per device — in practice, whether a trial has already been used. This does not expose or store any hardware serial number or personal device information. We also keep an anonymous counter of how many trial requests were denied, with no device or user detail.
To establish a Session, our signaling server briefly processes pairing data (such as a temporary room identifier and PIN) and issues short-lived credentials for relay access. Your IP address is processed transiently to route you to the nearest relay region and for basic abuse-prevention (such as rate-limiting); it is not used to build a profile of you and is not retained for tracking.
When a direct peer-to-peer connection is not possible and an encrypted relay is used, we record the approximate number of bytes relayed for your account per month. This is used to operate the relay fairly, enforce quotas, and prevent abuse. The relay only forwards opaque, encrypted packets and cannot read their contents.
If you email us or use the contact form on our website, we receive the information you provide — such as your name, email address, and message — and, for the web form, the IP address of the request (used to prevent spam and abuse). We use this to respond to you and keep a record of the correspondence. The contact form uses our own self-hosted challenge (“CAPTCHA”) to prevent spam; it does not share your data with a third-party CAPTCHA provider.
Because Sessions are end-to-end encrypted and peer-to-peer first, your Content is technically inaccessible to us. When traffic passes through a relay, it remains encrypted end-to-end and the relay forwards only opaque packets.
Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases:
We operate infrastructure in multiple regions (including the European Union, the United States, and Türkiye) to provide low-latency connections. As a result, your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers. Session Content itself remains end-to-end encrypted and is not accessible to us wherever a relay is located.
We keep your account, entitlement, and device data for as long as your account is active. We keep subscription and transaction records for as long as necessary to comply with legal, tax, and accounting obligations, even after your account is closed. Connection metadata is short-lived and not retained for analytics. Relay-usage totals are kept on a per-month basis for operational and abuse-prevention purposes. Support and contact messages are kept for as long as needed to handle your request and maintain a reasonable record. When data is no longer needed, we delete or anonymise it.
We use technical and organisational measures appropriate to the risk, including end-to-end encryption of Sessions, encrypted transport (TLS) for our web and API traffic, short-lived credentials, hashed refresh tokens, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and your devices secure.
Depending on where you live, you may have some or all of the following rights regarding your personal data: to access it; to correct it; to delete it; to restrict or object to its processing; to data portability; and to withdraw consent where processing is based on consent. Users in Türkiye have the rights provided under the Personal Data Protection Law (KVKK, Law No. 6698); users in the EEA/UK have the rights provided under the GDPR.
You can exercise these rights, including requesting deletion of your account and associated data, by emailing us from your account address at support@termixa.com. Deleting your account removes your stored account, device, and entitlement records; we may retain limited transaction records where required by law, in anonymised form where possible. You also have the right to lodge a complaint with your local data-protection authority (in Türkiye, the Kişisel Verileri Koruma Kurumu).
The Service is not directed to children under 16 (or the equivalent minimum age in your region), and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, contact us and we will delete it.
We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
Questions about your privacy or this Policy? Email us at support@termixa.com.