NOTIE PRIVACY POLICY

Last Updated: April 2, 2026

NOTIE is committed to protecting and respecting your privacy. In this privacy policy ("Privacy Policy"), we explain how NOTIE collects, uses, discloses and protects the Personal Information you submit to us, including, for example, when accessing and using NOTIE mobile application and website (hereinafter "Platform").

Our Privacy Policy has been drafted to comply with applicable data privacy laws, in particular, the EU General Data Protection Regulation ("GDPR"). If the GDPR does not apply to you, not all terms of this Privacy Policy may be relevant to you.

As used in this Privacy Policy:

"NOTIE", "we," "our" and "us" means KOI APPS YAZILIM LIMITED SIRKETI, and its affiliates and/or subsidiaries.
KOI APPS YAZILIM LIMITED SIRKETI (NOTIE) is located at Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Merkezi A2 Blok, No 151/1B, Esenler, Istanbul, Türkiye, and our contact email is support@ainotetake.com.
"Controller" for the purposes of data protection laws, including the GDPR and other applicable data protection laws in European Union member states, as well as other relevant provisions: means NOTIE.
"Personal Information" generally has the same meaning as personal data or personal identifiable information (PII). Personal Information is defined in the data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.

NOTIE is committed to the following key principles:

1. LEGAL CAPACITY

Minimum age. To provide us with your personal data, you must be at least 18 years old and/or, where applicable, have sufficient legal capacity to use our Platform.

Accuracy. When you provide us with your data to use our services, you guarantee that the data and information provided is real, accurate, up-to-date, and belongs to you and not to third parties.

In addition, you must notify us of any changes to the data provided, and you are responsible for the truthfulness and accuracy of the data provided at all times.

Age and Accuracy Control. NOTIE reserves the right to verify your age and identifying information at any time, if necessary, including by requesting official supporting documentation or an equivalent procedure, and, in the event of detected fraud or suspicion that you are under the indicated age, to delete, temporarily deactivate, and/or cancel your account.

2. WE LIMIT HOW, AND WITH WHOM, WE SHARE YOUR PERSONAL INFORMATION

In general, NOTIE will not disclose your data to third parties.

However, in addition to the transfers that we specifically indicate in the section explaining the characteristics of the different operations (Section 3), we inform you of the communications that we may make, in general, and that affect all of the above processing and its legal basis:

Providers of services essential to the performance of the service we offer you (e.g., computer hosting companies or commercial communication delivery platforms). Notwithstanding the foregoing, these entities have signed the corresponding confidentiality agreements and will only process your data in accordance with our instructions, and may not use it for their own purposes or for purposes other than the service they provide to us.
Public bodies. We may disclose to the competent public authorities any data and other information in our possession or accessible through our systems when there is a legal obligation to do so, as well as when required, for example, when the purpose is to prevent or prosecute abuse of services or fraudulent activities through our Platform. In these cases, the personal data you provide us with will be retained and made available to the administrative or judicial authorities.
In the event of a corporate transaction: In the event of a merger, acquisition, sale of all or part of its assets, or any other type of corporate transaction involving a third party, we may share, disclose, or transfer user data to the successor entity (even during the pre-transaction phase).
To third parties after aggregation or anonymization: We may disclose or use aggregated or anonymized data (i.e., data that cannot be linked to an identified or identifiable natural person) for any purpose.
To third parties with the user's consent or other legitimate basis: In the event that we wish to share data with third parties outside the scope of this Privacy Policy, we will, in all cases, request your consent or inform you of the same and its legitimate basis.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

| Personal Information | Purpose | Legal Basis | |---|---|---| | Identification data (first and last name) and email address. Other information you voluntarily include in communications you send us (i.e. through our "support" section). We may request additional information if necessary to fulfill your request. | To create and support your profile when you register for our service. To answer your requests, e.g., if you contact our support or customer service. | Processing is necessary for the purposes of our legitimate interests, i.e. to attend to your request for information, purchase of products/services or customer service inquiries. | | Audio Data information resulting from: recording calendar meetings, recording face to face meetings, or importing pre-recorded audios. | The Personal Information is used to provide our services through the Platform. For instance, when you use our AI Note Taker, offering seamless recording, transcription, and summarization of your audio content. You can record meetings and phone calls, import podcasts, videos, and more. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Calendar meetings information details like: the subject of your meetings, the emails of the guests to those meetings. | The Personal Information is used to provide our services through the Platform. For instance, we may use the subject of the meeting to name the transcription, or the participants information to send summary reports. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Personal Notes and memos | To provide our Services. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Generated Data: output of audio recordings to generate Summaries, transcripts and texts, created through AI models. Translations of your Summaries or Transcripts, Speaker names. Voice Generation from summaries. Metadata related to AI interactions (e.g., length of calls, length of transcription). | To provide our Services. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Usage data. We collect and log internet or other electronic information on how you access and use our Service. | To administer our service and to improve the features and usability of the Service. To provide account support. To suggest features, products, and services that can enhance your use of our Service. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Device Information: such as IP address, geographic location, operating system information, referral source, pages viewed and navigation paths, device permissions, hardware information, browser type and version, identifiers and others. | Localization & customization of the user experience for each specific device and location. To inform our product development. Marketing efforts and attribution. Tracking of errors and incident management. | The processing is necessary for the performance of a contract to which you are a party or in order to take steps, at your request, to provide our services. | | Name, address, e-mail address and other contact information | To periodically contact you to inform you of new products and/or services we provide or that we consider to be of interest to you. | Your consent. | | Application data, including your name, address, CV, birthdate | Processing is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews. We may retain your Personal Information following your unsuccessful application so that we may contact you in case of future job vacancies. | Primarily, the processing is necessary to take steps for entering into a contract with you. We also have a legitimate interest to (i) store your data for a period of up to 6 years following the conclusion of an unsuccessful application and/or (ii) to share it with the NOTIE group of entities and/or (iii) to retain and use your data as far as necessary for the establishment, exercise or defense of legal claims. | | All of the above | For compliance with legal and regulatory requirements and corporate governance obligations. | Processing is necessary for compliance with legal obligations to which we are subject. |

Where you wish to provide us with Personal Information about another person, including colleagues, participants in the meetings and phone calls, podcasts, videos, etc, or the persons you act on behalf of, you must ensure that you have their prior permission to do this. You must also share with them a copy of this Privacy Policy as well as any other relevant privacy statements before you ask them for this permission.

We collect Personal Information for the purposes described above when you use our Platform and from public sources.

4. DATA PROCESSING AGREEMENT

Data for which you are the "Data Controller". Data Processing Agreement

To provide our Services, we may process (i) collected data from your calendar as well as the subject of your meetings, the emails of the guests to those meetings, (ii) the audio resulting from recording calendar meetings, recording face to face meetings, or importing pre-recorded audios, (iii) generated data (summaries, transcripts and generated texts, created through AI models), and (iv) metadata related to AI interactions (e.g., length of calls, length of transcription).

If the data you collect when using our Services contains Personal Information from third parties, you will be considered the personal data "Controller", and you will need to obtain the prior consent of the data subjects when the applicable regulations require such consent. In such cases, NOTIE will act as "Data Processor", according to the Data Processing Agreement (DPA) that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the Controller.

5. DATA RETENTION

We keep your Personal Information for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above.

The criteria we use to determine data retention periods for Personal Information includes the following:

Retention in case of queries: we will retain it for a reasonable period after the relationship between us has ceased in case of queries from you.
Retention in case of contracting our products/services or contacting our customer service: we will retain it for the time necessary to deliver our product/service to you according to the contract conditions, as well as to attend any of your questions.
Retention in case of claims: we will retain it for the period in which you might legally bring claims against us.
Retention in accordance with legal and regulatory requirements: we will consider whether we need to retain it because of a legal or regulatory requirement, e.g. to comply with tax or fiscal duties.
Retention in case of job applications: if you applied for a job offering with NOTIE and have not been successful, your application data will be retained in our talent pool for a limited period as defined in Section 3.

6. INTERNATIONAL TRANSFERS

NOTIE operates globally, therefore your personal information may be transferred and accessed from around the world from countries where NOTIE affiliates and subsidiaries are located and where our processors operate.

The data will be transferred for the time required to fulfill the purpose for which it is processed. It can be shared with our service providers and NOTIE affiliates for the purposes listed in Section 3. In such cases, NOTIE is the controller of the data, and the service providers are processors or joint controllers, as the case may be.

We may transfer Personal Information to the following categories of recipients:

| Recipient Category | Countries | Purpose of Transfer | Data Types Transferred | |---|---|---|---| | Cloud Service Provider (Google Cloud) | USA | Storage, Analytics, Security | Device Info, User Info | | Customer Support (Intercom) | USA | Customer service and technical support | Device Info, User Info | | Subscription Processor (RevenueCat) | USA | Subscription Management | Device Info, User Id, User Email | | Payment Processors (Stripe) | USA | Processing of subscriptions | User Id, User Email | | Analytics (Appsflyer, Mixpanel, Google Analytics) | USA | User analytics | Device Info, User Info | | Marketing Campaigns (MailChimp) | USA | Email marketing and account alerts | User email | | Internal Communications (Gmail, Slack) | USA | Internal Communications | User Info, Device Info | | Transcription Services (Gladia, Soniox, Replicate) | USA, France | Creation of transcripts | Audio Recording | | Summary Services (Gemini, OpenAI) | USA | Creation of summaries | Transcripts |

Where personal data is transferred to service providers located outside your country of residence, NOTIE applies appropriate safeguards, such as:

The European Commission's Standard Contractual Clauses (SCCs), or
Equivalent contractual mechanisms recognized by the competent authority in the recipient country.

These measures ensure a level of protection consistent with that required by the GDPR.

Depending on where you are located, we implement the appropriate safeguards when transferring Personal Information to these countries.

Information for individuals in the European Economic Area ("EEA") and the United Kingdom ("UK")

NOTIE may transfer personal information from the EEA or the UK to the United States ('US') and other countries.

When NOTIE engages in such transfers of personal information, it relies on:

Adequacy Decisions, as adopted by the European Commission, based on Article 45 of Regulation (EU) 2016/679 (GDPR).
Adequacy Decisions, as adopted by the UK Secretary of State, based on Article 45 of the UK GDPR and Section 17A of the Data Protection Act 2018.
The EC's Standard Contractual Clauses ("SCCs") and the UK Information Commissioner's Office's International Data Transfer Addendum ("IDTA"), as applicable, supplemented by additional security measures as recommended by the European Data Protection Board.

NOTIE performs transfer impact assessments ("TIA") and continually monitors the circumstances surrounding such transfers to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the EEA and UK data protection laws.

Information for individuals from the European Union, UK, Gibraltar and Switzerland: EU-US Data Privacy Framework

As part of our commitment to maintaining high data protection standards when transferring personal information between the US and European Economic Area ("EEA")/UK/Gibraltar/Switzerland, we participate in the EU-US Data Privacy Framework ('EU-US DPF') and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF").

NOTIE and all our affiliates comply with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce.

In compliance with the EU-US DPF and the UK Extension to the EU-US DPF, and the Swiss-US DPF, NOTIE commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU/SWISS DPF Principles. European Union, UK, Gibraltar and Swiss individuals with DPF inquiries or complaints should first contact NOTIE at support@ainotetake.com. We will investigate and attempt to resolve any complaints or disputes regarding processing of personal information within 45 days of receiving your privacy complaint.

Accountability for Onward Transfers. We acknowledge our responsibility for the processing of personal information received and subsequently transferred to our third parties, agents, and service providers. NOTIE remains liable under the DPF Principles if a third party, agent, or service provider processes personal information covered by this Notice in a manner inconsistent with the DPF Principles, except where NOTIE can demonstrate that we are not responsible for the event giving rise to the damages.

Information for individuals in California (CCPA/CPRA)

If you reside in California, the following rights apply under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Right to Know the categories of personal information collected, the purpose of collection, and the categories of third parties with whom it is shared.
Right to Request Deletion of personal information, subject to legal or operational retention obligations.
Right to Opt-Out of the sale or sharing of personal information. NOTIE does not sell or share personal data for monetary value, but we provide this right for transparency.
Right to Non-Discrimination for exercising any privacy rights.

You may exercise these rights by contacting support@ainotetake.com and including "CCPA Request" in the subject line.

Information for individuals in Canada (PIPEDA)

If you reside in Canada, please note that NOTIE complies with the Personal Information Protection and Electronic Documents Act (PIPEDA).

Canadian users have the right to access and correct personal data and to withdraw consent where processing is based on consent.

Complaints may be submitted to the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.

Information for individuals in Australia (APPs)

If you reside in Australia, NOTIE ensures that personal data is processed in line with the Australian Privacy Principles (APPs) established under the Privacy Act 1988.

These frameworks provide rights equivalent to those already described in this Policy (access, rectification, erasure, limitation, objection).

Information for individuals in Türkiye (KVKK)

If you reside in Türkiye, NOTIE processes your personal data in compliance with the Turkish Personal Data Protection Law No. 6698 ("KVKK").

As a data controller registered in Türkiye, NOTIE ensures your rights under KVKK, including:

Right to learn whether your personal data has been processed.
Right to request information about the processing if your data has been processed.
Right to learn the purpose of processing and whether it is used in accordance with its purpose.
Right to know the third parties to whom your personal data is transferred, domestically or abroad.
Right to request rectification if your personal data is incomplete or inaccurately processed.
Right to request deletion or destruction of your personal data under the conditions set forth in Article 7 of KVKK.
Right to object to any result that is to your detriment arising from the analysis of your processed data exclusively through automated systems.
Right to claim compensation for damages arising from the unlawful processing of your personal data.

You may exercise these rights by contacting support@ainotetake.com and including "KVKK Request" in the subject line.

7. GIVE US YOUR FEEDBACK

Our goal is to protect your privacy. To comment or help us improve, please contact us via email (support@ainotetake.com). You may also contact us via written letter at NOTIE's address (Koi Apps Yazılım Limited Şirketi, Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Merkezi A2 Blok, No 151/1B, Esenler, Istanbul, Türkiye). We may ask you to provide a copy of your proof of identity.

If you consider that we are in breach of our obligations under data protection laws, you may lodge a complaint with the competent Data Protection Authority, which may be the supervisory authority in your country of residence, place of work or of an alleged infringement of data protection laws. For individuals in Türkiye, complaints may be submitted to the Personal Data Protection Authority (KVKK Kurumu) at www.kvkk.gov.tr.

8. CHANGES TO THIS PRIVACY POLICY

This privacy policy may be modified from time to time to comply with applicable laws or to conform to our current business practices. We will post any changes to this on our Platform and, where required by law, will notify you via your contact email. When notifying such changes to you, we will also explain what the likely impact of those changes on you will be, if any. We encourage you to revisit the Privacy Statement that is posted on our Platform from time to time to check for updates.

9. ADDITIONAL INFORMATION

Provision of Personal Information / Automated decision making. Please note that the Personal Information we collect from you is necessary to provide the services and our Platform to you. Failure to provide such data may not enable us to provide our services to you or make our Platform accessible. We do not use automatic decision-making or profiling of individuals.

Your Rights. You have various rights under data privacy laws in your country. These may include (as relevant):

Right to request access to the Personal Information we hold about you.
Right to rectification including to require us to correct inaccurate Personal Information.
Right to request restriction of processing concerning you or to object to processing of your Personal Information.
Right to request the erasure of your Personal Information where it is no longer necessary for us to retain it.
Right to data portability including to obtain Personal Information in a commonly used machine-readable format in certain circumstances such as where our processing of it is based on a consent.
Right to object to automated decision-making including profiling (if any) that has a legal or significant effect on you as an individual.
Right to withdraw your consent to any processing for which you have previously given that consent.

Marketing Information. With your consent, where relevant, we will keep your name, address and contact details (including telephone numbers and email addresses) in our databases and may from time to time use that information to make you aware of our related products and services as well as updates on developments in our industry sector generally which may be of interest to you. We may contact you in writing, by telephone or email for this. If at any time you decide that you do not want your contact details used for these purposes, you may object or revoke your consent for receiving marketing communications by following the instructions in the relevant marketing communication (e.g., clicking on the "Unsubscribe" button) or by contacting us (see "Give Us Your Feedback" above).

Security Statement. We take reasonable precautions to protect your information. In particular, we implemented appropriate technical and organizational measures designed to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymization and encryption, (b) protecting the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Information, (c) providing the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and (d) maintaining a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational security measures. When you submit information to us through our Platform, your information is protected both online and offline. All data transferred to/from the NOTIE internal network, from/to an external entity, is encrypted to industry standards. We maintain appropriate physical, electronic and procedural safeguards to ensure the security, integrity and privacy of your personal information within our company. Only those employees who may require your information to perform a specific job are granted access to your identifiable information. Furthermore, all employees are kept up-to-date on our security and privacy practices.

Our Use of Cookies and Analytic Tools. NOTIE may use "cookies" or other tracking and tracing tools as further described in our Cookie Policy. Depending on the country in which you are located, you may be asked to provide your consent for our use of Cookies (except for strictly necessary Cookies).

Third Party Websites. Our Platform may contain links to third-party websites. If you follow these links, you will exit our Platform. This privacy policy does not apply to websites of third parties. NOTIE cannot accept liability for the use of your Personal Information by these third parties. Your use of these websites is at your own risk. For more information on how these third parties treat your Personal Information, please check their privacy policy (if available).

KOI APPS YAZILIM LIMITED SIRKETI — Istanbul, Türkiye Contact: support@ainotetake.com