Privacy Policy – Superapp Labs

Privacy Policy

Superapp Labs Teknoloji A.Ş.
Last Updated: 28 October 2025

1. Purpose

Superapp Labs Teknoloji A.Ş. ("Superapp Labs" or "Company") processes users' personal data in accordance with applicable data protection laws, including but not limited to the Law on the Protection of Personal Data No. 6698 ("Law No. 6698").

Personal data that you provide to the Company, or which is obtained through other means, may be processed by Superapp Labs as a Data Controller for specific and lawful purposes, in a limited and proportional manner, while ensuring data accuracy and currentness.

The data may be recorded, stored, preserved, reorganized, and transferred to authorized public bodies, or shared with third parties domestically and internationally under legal conditions or your explicit consent when required. It may also be subject to other legal processing methods and procedures.

This Privacy Policy outlines how Superapp Labs ensures compliance with Law No. 6698 and describes the collection, use, protection, sharing, and management of your personal data.

2. Collection of Personal Data and Method

Superapp Labs collects and processes personal data for purposes outlined in this policy. This includes information such as:

  • Name and surname
  • Email address and phone number
  • Purchase and order history (e.g., in-app purchases)
  • Uploaded images (e.g., photos)
  • Advertising ID (IDFA), Vendor ID (IDVF), and IP address
  • Login credentials upon registration (username, email, password)

Data Categories and Types

Category Data Types
Identity Information Name and surname
Contact Information Phone number, email address
Process Security IP address, traffic data, device info, in-app purchase history, IDFA, IDVF, Token ID
Visual and Audio Records Photos uploaded by the user
Customer Transaction Order data
Marketing Data IDFA, IDVF

Data may be collected via electronic or physical means, your device, third-party platforms like App Stores, or tools integrated into our services. Log data such as IP address, device name, OS version, app configuration, and usage timestamps may also be collected automatically.

General Principles

Personal data is processed in accordance with the following principles:

  • Lawfulness and good faith
  • Accuracy and up-to-dateness
  • Specific, clear, and legitimate purposes
  • Proportionality and data minimization
  • Retention as required by law or necessity

3. Processing of Facial Data

3.1 What Facial Data We Collect

When you use features within our applications that involve photo or face processing, the Company may process facial data such as facial geometry, feature points (e.g., eyes, nose, mouth, symmetry measurements), and full-face images. This data is used solely to perform image enhancement or AI-based editing functionalities.

3.2 Purpose of Processing Facial Data

Facial data is processed exclusively to deliver photo editing and AI-based image generation services, improve output quality, and enhance app functionality. The data is not used for identity verification, facial recognition, or authentication.

3.3 Storage and Retention of Facial Data

Facial data is processed in real time and deleted immediately after the inference process is completed. It is not stored, retained, or used for any other purpose. Derived or anonymized non-identifiable model data may be retained solely for statistical or quality-improvement purposes.

3.4 Storage Location and Security

All facial data is processed securely on Google Cloud servers using industry-standard encryption, controlled access, and secure transmission. Data is never stored in a way that allows re-identification.

3.5 Sharing of Facial Data

Superapp Labs does not sell, share, lease, or trade any facial data with third parties. Third-party SDKs such as Adjust, Firebase Analytics, or Facebook SDK do not access facial data.

3.6 Third Parties Handling Facial Data

No third parties store or process identifiable facial data. In cases where anonymized or aggregated data is used for internal AI improvements, it is handled under strict confidentiality and cannot be traced back to an individual.

4. Purposes and Legal Basis of Processing

4.1 Purposes

  • Legal compliance and enforcement
  • Communication and user support
  • Service improvement and personalization
  • After-sales services and contract performance
  • Information security and business continuity
  • Marketing analysis, campaign and ad management (with consent)
  • Storage, archival, and complaint resolution
  • AI-based image processing (facial data deleted post-inference)

4.2 Legal Grounds

  • Contract formation and fulfillment
  • Compliance with legal obligations
  • Legitimate interests that do not override fundamental rights
  • Explicit user consent for marketing and certain data types

5. Third-Party Sites and Applications

Our applications may include links to external websites or services that are not controlled by Superapp Labs. We are not responsible for their content, policies, or practices. Your use of these external services is at your own risk.

6. Cookies

Cookies are small files stored on your device to improve your experience. They do not access your local files and can be managed or deleted via your browser settings.

7. Push Notifications

We may send push notifications related to service updates or alerts. You can manage or disable notifications via your device settings.

8. Data Retention

Personal data is retained only for as long as required by law or necessary for processing purposes. Facial data, however, is deleted immediately after the inference process is completed and is never stored or retained. If you’ve given consent for extended storage of other data types, that data will be deleted or anonymized once the consent period expires or the processing purpose is fulfilled.

9. Security Measures

Superapp Labs applies technical and administrative measures to protect personal data, including:

  • Antivirus and firewall systems
  • VPN for authorized access
  • User role-based access control
  • Encryption and secure transmission
  • Logging and two-factor authentication
  • Penetration testing and SIEM monitoring
  • ISMS audits and employee training
  • Physical security for paper records
  • Backups and cloud disaster recovery
  • Non-disclosure agreements for staff

In the event of a breach, users and the relevant authority will be notified, and corrective actions will be taken.

9. Data Transfers

Personal data may be transferred domestically or internationally for:

  • Archiving and storage
  • Business operations and CRM
  • Compliance with legal obligations
  • Third-party services like Facebook SDK, Adjust, and Firebase Analytics

Facial data is not transferred to any third party or stored internationally.

10. Your Rights

Under Article 11 of Law No. 6698 and the GDPR (where applicable), you may:

  • Request information on whether and how your data is processed
  • Request correction, deletion, or anonymization of your data
  • Object to automated processing or profiling
  • Request data portability and file a complaint to supervisory authorities

To exercise these rights, submit a clear and verifiable request with ID to: support@superapplabs.co

We will respond within 30 days. If your request is rejected, we will provide a justified explanation.

11. Updates to the Policy

Superapp Labs may update this Privacy Policy as needed. Continued use of our services following changes constitutes your acceptance of the new terms.

12. Contact Information

  • Company Name: Superapp Labs Teknoloji A.Ş.
  • Address: EGS BUSINESS PARK BLOK D:251, NO: 12, YESILKOY MAH., ATATURK CADDESI, BAKIRKOY, Istanbul, Turkey
  • Email: support@superapplabs.co
  • Phone: +90 212 909 17 35