Back to Home

Privacy Policy

Last updated: January 28, 2026

This Privacy Policy regulates the procedures and principles regarding the processing of personal data shared by users/members/visitors ("Data Subject") with the Company or obtained by the Company during the use of the Site, within the scope of the Personal Data Protection Law No. 6698 ("KVKK"), during the use of the website and mobile application ("Site") with the domain name www.photivu.com operated by ……………………………………………………………. ("Company").

You can also access detailed information about the purposes for which your personal data are processed, legal reasons, scope of transfer, retention periods and your rights under KVKK through the "Personal Data Protection Information Notice". This Privacy Policy is an inseparable complement to the Information Notice.

Which Personal Data Do We Process?

The personal data categories specified below may be processed by the Company within the scope of the use of the Site in compliance with the Personal Data Protection Law No. 6698. Unless otherwise stated, the term "personal data" in this Privacy Policy covers all types of information listed below.

  • Identity and Contact Data: Information that identifies you and enables communication with you, such as first and last name, phone number, e-mail address, address information.
  • Location Data: Precise or approximate location information obtained from your device during your access to the Site, if you grant permission.
  • Transaction Security Data: Session records, IP address, device/access logs and records for ensuring security, and authentication data related to user account (passwords are not stored in plain text).
  • User and Transaction Information and Financial Data: Account registration information, user ID, usage times, in-app interactions, error records; transaction records related to payment and invoicing.
  • Marketing and Profile Information: Preferences, notification permissions, cookie records and digital interaction information related to marketing/analytics activities.
  • Complaint and Request Management Data: Request/complaint/feedback records you have sent through communication channels.
  • Risk and Audit Data: Information such as IP address and systemic monitoring records kept for security purposes
  • Content Shared by User: Event creation information (event name, date, location, etc.) and photographs and content uploaded to the Site.
  • Data for Face Matching Purposes: Data used in face matching processes for identifying content belonging to the relevant person through photographs within the scope of providing Site services and/or data generated as a result of these processes (biometric data may be processed within this scope).

In accordance with the relevant provisions of the Personal Data Protection Law No. 6698, information that has been anonymized in a way that removes its personal data nature is not considered personal data; such data may be used for the purpose of developing the Site, measuring its performance and making statistical analyses.

However, you can submit your requests for information regarding whether your personal data are processed and other applications within the scope of KVKK to the Company in accordance with the procedures specified in the Information Notice.

For What Purposes Are Your Personal Data Processed?

Your personal data are processed for the purpose of conducting the services offered through the Site in a secure and uninterrupted manner. Within this scope, your personal data may be used for purposes of creating and managing user accounts, providing Site functions, operating technical infrastructure and developing services.

Additionally, your personal data may be processed for the purposes of improving user experience, conducting customer support processes, evaluating requests and complaints, measuring Site performance and making analyses for improving service quality.

Processing of your personal data within the scope of marketing, advertising, promotion, profiling and similar activities is only carried out in case the necessary explicit consent is obtained in accordance with the relevant legislation.

You can access more detailed information about the legal reasons for processing personal data, the scope and details of processing purposes through the KVKK Information Notice.

Scope of Sharing Regarding Personal Data Transfer

Your personal data may be shared with third parties in accordance with the relevant legislation and limited to the processing purposes, in order to fulfill the services offered through the Site and ensure their security.

Within this scope, your personal data may be shared with suppliers and service providers from whom the Company receives services for purposes such as hosting, data storage, technical infrastructure, communication, customer support services, conducting payment and invoicing processes and providing consultancy services. Such sharing is carried out only to the extent required by the relevant service and by taking technical and administrative measures to ensure data security.

Your personal data may be shared with the relevant authorities in accordance with proper requests from authorized public institutions and organizations under the legislation and limited to the request.

In cases required by the technical infrastructure of the Site, your personal data may be stored or processed on servers of service providers located abroad, provided that necessary measures regarding data security are taken and the conditions prescribed in Article 9 of Law No. 6698 are complied with. Cross-border data transfer is carried out to countries announced by the Personal Data Protection Board as having adequate protection, or in cases where adequate protection does not exist, based on the safeguards prescribed in the relevant legislation.

Detailed information about the transfer of personal data and legal reasons are provided in the Personal Data Information Notice.

Data Subject Statements and Impact on Service

The Data Subject declares that the personal data shared with the Company through the Site are accurate, up-to-date and belong to them. Ensuring the currency of this information is under the control of the Data Subject; the Company bears limited responsibility for communication and service disruptions that may arise in case the information is not up-to-date, limited to making necessary notifications.

The Data Subject may make requests regarding the processing of personal data by exercising their rights under KVKK. The Data Subject has been informed that these requests may affect the technical provision of some services offered through the Site. This situation is evaluated within the framework of the Company's legal obligations and handled in accordance with the relevant legislation.

Face Matching Technology and Third Party Service Providers

Within the scope of services offered through the Site, technical processes for face matching may be used for the purpose of identifying content belonging to the relevant persons from photographs uploaded by users. These processes are carried out solely for the purpose of providing the service and in accordance with the relevant legislation.

Support may be received from technology infrastructure providers from whom the Company receives services in operating these technical processes. However, personal data processed within this scope are processed in accordance with the Company's instructions and by taking necessary technical and administrative measures regarding data security; they are not independently used by third parties or evaluated outside the processing purposes.

Data obtained as a result of face matching processes are processed in accordance with the relevant legislation and limited to the purposes specified in this Privacy Policy and the KVKK Information Notice. Situations requiring explicit consent regarding these processes are carried out within the scope of the Explicit Consent Form separately obtained from the Data Subject.

Retention Periods for Personal Data

Personal data are retained for the period required by the services offered through the Site and taking into account the statute of limitations and retention periods prescribed in the relevant legislation.

Detailed explanations regarding the retention periods of personal data, the periods determined for different data categories and the deletion, destruction or anonymization methods to be applied when these periods expire are included in the KVKK Information Notice separately published on the Site.

The Company deletes, destroys or anonymizes personal data upon the expiry of retention periods, in accordance with the relevant legislation, either automatically or upon the request of the Data Subject.

Personal Data Protection and Security Measures

The Company takes the necessary technical and administrative measures in accordance with Article 12 of Law No. 6698 in order to prevent unlawful processing of personal data, unauthorized access and risks related to data security.

Within this scope, applications such as limiting access authorizations, implementing data security policies, ensuring the security of information systems, taking protective measures against unauthorized access and performing necessary audits are implemented.

The Company regularly reviews data security measures in line with technological developments, the nature of services and possible risks and makes necessary updates.

Third Party Links

Links to third party websites or applications may be included on the Site to facilitate user access. Platforms accessed through these links are outside the control of the Company; the data processing activities and privacy practices of such third parties are within their own responsibility.

The Company does not have any authority to control the content of platforms belonging to third parties or the data processing activities carried out by these platforms. Therefore, it is recommended to review the privacy policies of the relevant platforms before using services accessed through links belonging to third parties.

Changes to Privacy Policy

This Privacy Policy may be revised in line with changes that may occur in the current legislation or updates made to the Company's data processing activities. The updated Privacy Policy becomes effective from the date of its publication on the Site. In case of substantial changes to the Privacy Policy, Data Subjects may be informed through appropriate communication channels.