Agreements and policy center
We collected Kıvılcım's privacy, usage, premium, payment and community rules under one hub. You can also reach account deletion and support pages from here.
Privacy Policy
This policy explains, at a high level, what data Kıvılcım and its connected web services collect, why it is used, who it is shared with and how long it is retained.
Data categories we collect
Account data: information provided by the user such as name, username, email, phone number and profile photo.
Messaging and content data: one-to-one messages, community posts, drawing content, uploaded media and reported content.
Device and technical data: IP address, device model, operating system, app version, language, network info and session logs.
Location data: approximate or precise location if the user grants permission, for location-based matching, safety and abuse detection.
Operational data: push token, crash records, performance metrics, analytics events, support requests and moderation logs.
Why we process data
• Account creation, sign-in and profile management.
• Providing messaging, drawing sharing and community interactions.
• Preventing spam, fraud, abuse and stalking-like risks.
• Service quality, performance monitoring, crash detection and product improvement.
• Push notifications, support workflows and legal compliance.
Location and message content
• Location data is processed only when explicit permission is granted.
• Message content and shared media may be retained as part of service delivery and safety requirements.
• If end-to-end encryption is not implemented, message content may be operationally accessible.
• Profile photo, IP information, push token and similar data may be stored for security and improvement purposes.
Data sharing
Cloud hosting, database, logging, crash reporting, analytics and push notification providers.
Platforms such as Apple App Store and Google Play for payments and subscriptions.
Authorized public authorities when required by law, court order, official request or fraud prevention.
Relevant parties in mergers, transfers or asset sale scenarios.
Retention periods
Account data may be kept while the account remains active and, after a deletion request, until legally required retention periods expire.
Messages and community content may be stored for service delivery and safety until the user deletes them or the account is fully removed.
Crash, analytics and log records are usually subject to operational retention periods ranging from 30 days to 24 months.
Billing, payment dispute and tax records may be kept longer under applicable law.
Deletion requests and legal exceptions
When a user submits an account deletion request, profile access, sessions, active device links and connected live service access are disabled.
Messages, reports, payment history, fraud review records and tax records may be retained longer for legal obligations, dispute resolution or security reasons.
During the deletion process, anonymization, masking or access restriction steps may be applied.
KVKK and GDPR framework
Kıvılcım should explain processing purposes through an information notice and use consent flows where explicit consent is required.
Users should be able to exercise rights such as access, correction, deletion, portability, restriction and objection through support channels.
Cross-border transfers should be assessed separately based on cloud services and third-party SDK usage.
This section should be finalized with local legal counsel and data protection experts.