Privacy Policy

Last updated: 4 May 2026

This Privacy Policy explains how AZS — Azerbaijan Stickers (the "App") and the stikerler.com website process personal data. Operator: M!RZA, contact: info@stikerler.com.

Data We Collect

• Email address (if you sign in with Google or Apple)
• Display name and avatar URL (from social provider)
• Device identifier (anonymous UUID)
• Firebase Cloud Messaging push token
• Last seen timestamp, locale preference
• Apple / Google Play purchase transaction ID
• AppLovin advertising identifier (anonymous)

Purpose of Collection

• Provide the service and manage your account
• Validate premium subscription status
• Send push notifications (new packs, reminders)
• Grant ad reward (rewarded ad fraud prevention)
• Improve the service (anonymous activity metrics)

Third Parties

We share data with the following providers: Apple (Sign-In + IAP), Google (Sign-In + Play Billing), Firebase (FCM push), AppLovin (ad mediation). We do not sell any data for marketing purposes.

Retention

Data is kept while your account is active. When you delete your account, it is permanently deleted after a 30-day grace period during which you can cancel the deletion.

Gift Request Data

When you use the streak gift redemption feature, any optional contact message you attach to your request (WhatsApp / email handle etc.) is only visible to M!RZA and is used solely to deliver the gift. The message is capped at 500 characters, is never shared with any third party, and is deleted together with the rest of your profile when you delete your account.

Notification History

Push notifications sent to you (admin broadcasts and gift status updates) are stored in the app's "Notifications" screen as a history. For each notification we keep the title, body, creation time, and your read state. This data is used solely to serve your in-app notification centre, is never shared with third parties, and is automatically cleared when you delete your account.

GDPR / KVKK Rights

You have the right to: access, rectification, erasure, portability, objection. Contact info@stikerler.com. The "Delete Account" feature in the app starts deletion immediately.

Cookies

The website uses minimal session cookies only. The mobile app uses no cookies.

Data Security

All traffic is encrypted via HTTPS. Passwords are hashed with bcrypt. API access is gated by Sanctum tokens.

Children

We do not knowingly accept users under 13. If we discover such data, it is deleted immediately (COPPA compliance).

Contact

For inquiries: info@stikerler.com