Privacy Policy & KVKK / GDPR Notice

Last updated: April 14, 2026

0. Data Controller

Under Turkish Personal Data Protection Law No. 6698 ("KVKK") and EU General Data Protection Regulation ("GDPR"), your personal data is processed by the following data controller:

• Legal name: [Company legal name not yet set]
• MERSIS No: [MERSIS number not yet set]
• VERBIS Registration No: [VERBIS registration number not yet set]
• KEP Address: [KEP address not yet set]
• Email: [email protected]
• Data Protection Officer: [email protected]

1. Introduction

bitimsiz is a platform committed to protecting the privacy of its users. This Privacy Policy provides information about what personal data we collect, why, on what legal basis, who we share it with, how it is stored and protected, and your rights under KVKK Article 11 and GDPR Articles 15-22.

By using our application, you agree to this policy. Our services are provided in compliance with the Turkish Personal Data Protection Law (KVKK) No. 6698, EU General Data Protection Regulation (GDPR) 2016/679, and related regulations.

2. Data We Collect

Account Information

• Username, display name, and email address
• Phone number (optional, for verification)
• Profile photo and biography
• Date of birth (for age verification)

Usage Data

• In-app interactions (likes, comments, shares)
• Session durations and usage frequency
• Preferred language and notification settings

Device Information

• Device model and operating system version
• Application version
• Unique device identifier (for push notifications)

Module-Specific Data

• Social: Posts, comments, likes, hashtags, stories, bookmarks
• Messaging (E2EE): Encrypted message blobs, metadata (send time, recipient count), key exchange metadata. Message content is NEVER stored as PLAINTEXT on our servers.
• Dating: Gender preference, age range, approximate location, photos, bio. Special category data: Gender preference is processed with explicit consent (KVKK Article 6).
• Investment (Portfolio): Portfolio asset list (type, amount). No financial account or card data is EVER collected. Server only calls anonymous price data APIs.
• Vehicle: Garage info (brand, model, year, plate), maintenance records, fuel consumption, expenses, photos. Marketplace: Listing photos, pricing, vehicle specs, location (city-level for search), view counts, buyer/seller communication (inquiry system).
• Video: Uploaded videos, thumbnails, captions, view metrics.
• Contacts: Phone number hashes (original numbers are never sent to the server, matching is done via SHA-256 hashes only).
• Subscription: Subscription status, anonymous Apple/Google IAP transaction identifiers (NOT card data). Payments are processed via Apple App Store / Google Play; bitimsiz cannot access card information.

3. How We Use Your Data

The data we collect is used for the following purposes:

• Service delivery: Account creation, profile management, and provision of core application features
• Improvement: Enhancing application performance and user experience
• Security: Account security, fraud prevention, and content moderation
• Notifications: Push notifications, in-app alerts, and service updates
• Legal obligations: Compliance with legal processes and regulatory requirements

4. Data Sharing

Your personal data is not shared with third parties except in the following circumstances:

• Service providers: Technical infrastructure providers such as cloud storage (Google Cloud), push notifications (Firebase), and payment processors
• Legal requirements: With authorities when required by court order or legal process
• Security: In cases of fraud, security breaches, or violations of terms of service

We do not sell or rent your data to third parties for advertising purposes.

5. End-to-End Encryption (E2EE)

The bitimsiz messaging service is protected with end-to-end encryption. This means that your messages can only be read by you and your recipients.

• Messages are encrypted on your device and can only be decrypted on the recipient's device
• Our servers only carry and store encrypted data (ciphertext); we have no access to message content
• Encryption keys are stored only on your device
• Key backup is optionally available, encrypted with your PIN

6. Data Retention

• When you delete your account, all personal data is permanently removed within 30 days
• Encrypted message backups are removed from our servers when the account is deleted
• Anonymized statistical data may be retained for service improvement purposes

7. Cookies

The bitimsiz website uses only essential cookies required for basic functionality. No third-party tracking cookies or advertising cookies are used.

8. User Rights

Under the KVKK, you have the following rights:

• Right of access: Request information about which personal data is being processed
• Right of correction: Request correction of inaccurate or incomplete personal data
• Right of deletion: Request the deletion of your personal data
• Right of portability: Request your data to be provided in a structured format
• Right of objection: Object to data processing and request restriction of processing

You can exercise these rights through the in-app settings or by contacting [email protected].

9. Security

We implement the following measures to ensure the security of your data:

• All data transfers are encrypted with SSL/TLS
• Sensitive data is stored encrypted on our servers
• Two-factor authentication (2FA) support
• Regular security audits and vulnerability scanning
• Access control with the principle of least privilege for staff

10. Contact

For questions or requests regarding our privacy policy, you can reach us at:

• Email: [email protected]
• In-app: Settings → Help & Support