TR EN

Data Breach Response Plan

Version: 1.0.0
Last Updated: July 1, 2026

CATCHA MOBILE APPLICATION DATA BREACH RESPONSE PLAN

Last Updated: 06.06.2026
Version: 1.0

1. PURPOSE AND SCOPE OF THE PLAN

This Data Breach Response Plan (Incident Response Plan) has been prepared to establish the technical, administrative, and legal steps to be executed in case of potential data breaches, such as cyber-attacks, unauthorized access, data leaks, or corruption of data integrity within the Catcha mobile application and associated digital services (“Platform”).

This plan ensures that the Platform management and external technical support providers respond to cyber incidents in an agile, coordinated, and fully compliant manner regarding KVKK and GDPR legislations.

2. DETECTION AND EARLY WARNING MECHANISMS

The Catcha technical framework possesses security monitoring structures that continuously scan and generate automated alerts for anomalous activities, brute-force login attempts, unauthorized API queries, and atypical data transfers occurring within the database (Firebase/Cloud) and server architecture.

The exact moment a cyber hazard or suspicious access behavior is identified, an instantaneous early warning alert is delivered to the Platform management, and the event is immediately triaged as a 'Security Incident' for deep investigation.

3. FIRST RESPONSE, ISOLATION, AND CRISIS MANAGEMENT

Once a data breach suspicion is validated, the following emergency countermeasures are executed sequentially to minimize structural damages:

3.1 Isolation: The servers, cloud nodes, or database microservices subjected to the cyber threat are disconnected from the network, current authorization credentials (API tokens, cryptographic secrets) are immediately revoked, and system operations are shifted to secure redundant backup pipelines.

3.2 Service Mitigation: Depending on the scope of the exposure, specific components within the application (e.g., in-app text messaging, AR tracking, or profile modifications) may be temporarily suspended or restricted to stop further data exfiltration until the evaluation is finalized.

4. TECHNICAL ANALYSIS AND FORENSIC INVESTIGATION

After stabilizing the infrastructure, a root cause analysis is performed to evaluate how the threat actors bypassed security perimeters, which IP networks were used during the infiltration, and critically, which categories of personal data (Identity, Communication, Location, or Imagery Assets) and how many user accounts were compromised.

All digital discoveries are logged with secure cryptographic timestamps to ensure traceability and preserve evidentiary integrity for potential judicial actions or official regulatory disclosures.

5. LEGAL NOTIFICATION PROCEDURES AND THE 72-HOUR MANDATE

5.1 KVKK Notification: If the data breach is assessed to pose high risks to the rights and freedoms of the affected data subjects, an official regulatory data breach report is submitted to the Personal Data Protection Board (KVKK) within a maximum of 72 hours from the moment of detection, in compliance with Law No. 6698.

5.2 GDPR and Transnational Filings: If European Union (EU) citizens are among the affected user base, necessary reporting documentation is delivered to the competent European Data Protection Authorities within the mandatory timelines stipulated by the GDPR (General Data Protection Regulation).

6. USER NOTIFICATION AND TRANSPARENCY PROTOCOL

All Platform users affected or potentially endangered by the data security incident are transparently notified so they can mitigate downstream risks and apply personal security updates.

This disclosure is accelerated using registered user email addresses, interactive in-app emergency alert modules, and real-time push notifications. The notification text explicitly outlines the nature of the security incident, compromised data vectors, safety measures implemented by the Platform, and vital personal remediations required by the user (such as immediate password updates or enabling 2FA).

7. PREVENTATIVE ACTIONS AND SYSTEM HARDENING

Following the successful containment of the breach, the identified software vulnerability is permanently patched. Server topologies, cloud database encryption policies (AES-256), and network firewalls are reconfigured.

Security factors that facilitated the initial infiltration are eradicated; API entry points are hardened, Argon2/bcrypt password hashing configurations are refreshed, and all defense perimeters of the Platform are optimized to prevent the recurrence of similar cyber events.

8. CONTINUOUS AUDITING AND PENETRATION TESTING

The Platform management treats data security as an evolving lifecycle rather than a static objective. Accordingly, systematic vulnerability scanning and professional third-party penetration testing are routinely executed against the Platform infrastructure. Cyber defense protocols are updated periodically against modern threat vectors.