Privacy Policy – Superapp Labs

Privacy Policy

Superapp Labs Teknoloji A.Ş.
Last Updated: 12 June 2025

1. Purpose

Superapp Labs Teknoloji A.Ş. ("Superapp Labs" or "Company") processes users' personal data in accordance with applicable data protection laws, including but not limited to the Law on the Protection of Personal Data No. 6698 ("Law No. 6698").

Personal data that you provide to the Company, or which is obtained through other means, may be processed by Superapp Labs as a Data Controller for specific and lawful purposes, in a limited and proportional manner, while ensuring data accuracy and currentness.

The data may be recorded, stored, preserved, reorganized, and transferred to authorized public bodies, or shared with third parties domestically and internationally under legal conditions or your explicit consent when required. It may also be subject to other legal processing methods and procedures.

This Privacy Policy outlines how Superapp Labs ensures compliance with Law No. 6698 and describes the collection, use, protection, sharing, and management of your personal data.

2. Collection of Personal Data and Method

Superapp Labs collects and processes personal data for purposes outlined in this policy. This includes information such as:

  • Name and surname
  • Email address and phone number
  • Purchase and order history (e.g., in-app purchases)
  • Uploaded images (e.g., photos)
  • Advertising ID (IDFA), Vendor ID (IDVF), and IP address
  • Login credentials upon registration (username, email, password)

Data Categories and Types

Category Data Types
Identity Information Name and surname
Contact Information Phone number, email address
Process Security IP address, traffic data, device info, in-app purchase history, IDFA, IDVF, Token ID
Visual and Audio Records Photos uploaded by the user
Customer Transaction Order data
Marketing Data IDFA, IDVF

Data may be collected via electronic or physical means, your device, third-party platforms like App Stores, or tools integrated into our services. Log data such as IP address, device name, OS version, app configuration, and usage timestamps may also be collected automatically.

General Principles

Personal data is processed in accordance with the following principles:

  • Lawfulness and good faith
  • Accuracy and up-to-dateness
  • Specific, clear, and legitimate purposes
  • Proportionality and data minimization
  • Retention as required by law or necessity

3. Purposes and Legal Basis of Processing

3.1 Purposes

  • Legal compliance and enforcement
  • Communication and user support
  • Service improvement and personalization
  • After-sales services and contract performance
  • Information security and business continuity
  • Marketing analysis, campaign and ad management (with consent)
  • Storage, archival, and complaint resolution
  • AI profile training or image processing (facial data, deleted post-use)

3.2 Legal Grounds

  • Contract formation and fulfillment
  • Compliance with legal obligations
  • Legitimate interests that do not override fundamental rights
  • Explicit user consent for marketing and certain data types

4. Third-Party Sites and Applications

Our applications may include links to external websites or services that are not controlled by Superapp Labs. We are not responsible for their content, policies, or practices. Your use of these external services is at your own risk.

5. Cookies

Cookies are small files stored on your device to improve your experience. They do not access your local files and can be managed or deleted via your browser settings.

6. Push Notifications

We may send push notifications related to service updates or alerts. You can manage or disable notifications via your device settings.

7. Data Retention

Personal data is retained as long as required by law or necessary for processing purposes. If you’ve given consent for extended storage, data will be deleted or anonymized once that period ends or the purpose is fulfilled.

8. Security Measures

Superapp Labs applies technical and administrative measures to protect personal data, including:

  • Antivirus and firewall systems
  • VPN for authorized access
  • User role-based access control
  • Encryption and secure transmission
  • Logging and two-factor authentication
  • Penetration testing and SIEM monitoring
  • ISMS audits and employee training
  • Physical security for paper records
  • Backups and cloud disaster recovery
  • Non-disclosure agreements for staff

In the event of a breach, users and the relevant authority will be notified, and corrective actions will be taken.

9. Data Transfers

Personal data may be transferred domestically or internationally for:

  • Archiving and storage
  • Business operations and CRM
  • Compliance with legal obligations
  • Third-party services like Facebook SDK, Adjust, and Firebase Analytics

10. Your Rights

Under Article 11 of Law No. 6698 and the GDPR (where applicable), you may:

  • Request information on whether and how your data is processed
  • Request correction, deletion, or anonymization of your data
  • Object to automated processing or profiling
  • Request data portability and file a complaint to supervisory authorities

To exercise these rights, submit a clear and verifiable request with ID to: support@superapplabs.co

We will respond within 30 days. If your request is rejected, we will provide a justified explanation.

11. Updates to the Policy

Superapp Labs may update this Privacy Policy as needed. Continued use of our services following changes constitutes your acceptance of the new terms.

12. Contact Information

  • Company Name: Superapp Labs Teknoloji A.Ş.
  • Address: EGS BUSINESS PARK BLOK D:251, NO: 12, YESILKOY MAH., ATATURK CADDESI, BAKIRKOY, Istanbul, Turkey
  • Email: support@superapplabs.co
  • Phone: +90 212 909 17 35