CATCHA MOBILE APPLICATION PERSONAL DATA PROTECTION LAW (KVKK) PRIVACY NOTICE
Last Updated: 24.05.2026
Version: 7.1
Catcha adopts the core principle of protecting the privacy and security of its users' personal data. This Privacy Notice has been prepared by the Platform management/developer as the data controller in compliance with the Personal Data Protection Law No. 6698 (“KVKK”), General Data Protection Regulation (“GDPR”), Law No. 5651, and related digital platform policies. The Catcha ecosystem covers all digital services including the mobile application, web platform, AR features, matching algorithms, and event systems.
1. WHY DO WE PROCESS DATA?
Data processing in Catcha is shaped around three main purposes:
First, for the application to function, user accounts must be created, logged into, and the matching system must operate. Therefore, identity, communication, and basic account information are processed.
Second, to ensure the security of the platform and prevent fake accounts, fraud, or abuse, device information, behavioral data, and log records are used.
Third, location and technical data are processed so that features such as AR (augmented reality) and proximate user/matching systems can work correctly.
These processes are carried out in accordance with legislation to provide a safer and more functional social experience to the user.
2. WHAT DATA DO WE PROCESS?
The personal data processed by Catcha are categorically as follows:
• Identity and Contact Information: First and last name, username, e-mail address, phone number, date of birth, and gender details.
• Profile and Content Data: Profile photos, biography texts, descriptions of user-generated events, uploaded media, and direct messaging contents.
• Technical and Device Data: IP address, device model, operating system version, in-app log records, and usage statistics.
• Location Data: Approximate or exact GPS coordinate data processed with the explicit consent of the user to enable AR features and distance-based matches.
3. LEGAL GROUNDS AND DATA COLLECTION METHODS
Your personal data is collected via completely digital and automated methods through the Platform's mobile application or website.
The legal grounds for processing this data are the establishment and performance of a contract, the legitimate interest of the data controller, the fulfillment of legal obligations pursuant to KVKK Article 5/2, and the Explicit Consent given by the user in specific cases such as location or biometric verification.
4. COMPREHENSIVE AGE VERIFICATION AND CHILD SAFETY
Catcha is only open to use by individuals aged 18 and over. In order to protect child safety at the highest level, selfie verification, liveness checks, or identity verification steps may be requested from the user in suspicious cases or routine controls.
All data belonging to users found to be under the age of 18 will be permanently and immediately deleted from our systems, except for legal retention obligations. In case of suspicion of child sexual abuse (CSAM) or similar illegal activities, the Platform reserves the right to retain relevant data and share it with judicial authorities.
5. WITH WHOM IS YOUR DATA SHARED?
Your personal data is never sold or rented to third parties for commercial purposes. Your data may only be transferred in the following cases:
• Technical Service Providers: Cloud servers (Firebase, etc.) forming the infrastructure of the application, SMS/e-mail distribution systems, and map API providers.
• Judicial and Official Authorities: Data sharing may be carried out for the fulfillment of legal obligations if a legal necessity arises under applicable legislation or if a duly official request is made by authorized administrative/judicial authorities.
6. DATA RETENTION PERIODS AND ACCOUNT DELETION
Your personal data is stored for the period required by the processing purposes or considering the statutes of limitation stipulated in the relevant legal legislation (such as traffic logs within the scope of Law No. 5651).
When a user deletes their account from within the Platform; their profile information, photos, matches, and messages are permanently deleted or anonymized. Log data that must be kept due to legal obligations is automatically destroyed when their periods expire.
7. INTERNATIONAL DATA TRANSFERS
Since the data centers of some server and cloud infrastructure service providers used by the Platform are located abroad, your personal data may be transferred abroad to maintain technical operations. These transfers are protected by data processing agreements and technical security measures in line with KVKK and GDPR standards.
8. USER RIGHTS (KVKK ARTICLE 11)
Pursuant to Article 11 of the KVKK, by applying to the Platform, you have the right to learn whether your personal data is processed, to request information if it has been processed, to learn the purpose of processing and whether it is used appropriately, to know the third parties to whom it is transferred at home or abroad, to request correction if it is incomplete or incorrectly processed, and to request its deletion or destruction.
You can submit your applications regarding all your rights to the data controller through the in-app support mechanisms or designated communication channels.
BRIEF SUMMARY TABLE
Data Category | Why We Use It | Deletion Status |
Identity & Contact | Account creation, Secure login, Age verification | Permanently deleted when account is deleted |
Location | Proximate matching, Distance-based AR display | Processed instantly, Removed when account is deleted |
Profile & Media | User profile generation, Event sharing | Deleted when account is deleted or user removes it |
Technical / Log | System security, Spam prevention, Law 5651 compliance | Automatically destroyed at the end of legal retention |