← Back to Legal

KVKK DISCLOSURE NOTICE

This KVKK Disclosure Notice has been prepared in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) regarding the processing of personal data within mobile games, educational applications, utility applications, websites, and related digital services developed and operated by Safa Başdemir under the Rasanox brand.

This document is not an explicit consent text. Where explicit consent is required, it may be obtained separately and specifically for the relevant processing activity.

Not every application processes the same personal data. Therefore, this notice should be evaluated together with the application-specific data processing table and any additional information provided within the relevant application.

1. Data Controller

These applications are developed and operated by Safa Başdemir under the Rasanox brand.

Brand: Rasanox

Email: inforasanox@gmail.com

Website: https://www.rasanox.com

2. Data Subjects

This notice is intended for natural persons who use applications, games, websites, or other digital services offered under the Rasanox brand.

Such persons may include, for example:

  • Application users,
  • Game users,
  • Users purchasing premium or paid features,
  • Users submitting support requests,
  • Visitors to the website,
  • Users utilizing AI-powered features,
  • Users utilizing advertisement-supported features.

3. Personal Data That May Be Processed

Depending on the features of the application being used, the following categories of personal data may be processed.

Account Information

In applications that require account creation, the following information may be processed:

  • Email address,
  • Full name,
  • Username,
  • User ID,
  • Account creation date,
  • Login information,
  • Platform account connections.

Game and Application Usage Information

In applications that include game or application progress, the following information may be processed:

  • Level,
  • Score,
  • Game progress,
  • Inventory,
  • Virtual currency,
  • Virtual goods,
  • Characters,
  • Maps,
  • Levels,
  • Mission progress,
  • Ranks,
  • Achievements,
  • Badges,
  • Profile preferences,
  • Application settings,
  • Similar in-app usage information.

Premium and Purchase Information

In applications offering premium features, subscriptions, or in-app purchases, the following information may be processed:

  • Purchased product or subscription type,
  • Premium status,
  • Subscription start and end dates,
  • Product ID,
  • Transaction ID,
  • Order number,
  • Purchase token,
  • Platform receipt,
  • Purchase date,
  • Price,
  • Currency,
  • Refund, cancellation, and subscription status.

Payment card or bank card information is generally not stored by Rasanox. Payment transactions are processed by Google Play, Apple App Store, or the relevant platform provider.

Advertising Information

In applications displaying advertisements, the following information may be processed:

  • Advertisement impression information,
  • Advertisement viewing status,
  • Rewarded advertisement verification information,
  • Advertisement interaction information,
  • Device type,
  • Application version,
  • Approximate country/region information,
  • Technical information used to prevent advertising fraud.

Initially, a non-personalized advertising model is preferred.

Technical and Security Information

For operational and security purposes, the following information may be processed:

  • Device model,
  • Operating system,
  • Application version,
  • IP address,
  • Language and region settings,
  • Crash logs,
  • Error logs,
  • Performance logs,
  • Session information,
  • Technical identifiers generated by SDKs.

Support and Communication Information

In support requests, the following information may be processed:

  • Email address,
  • Full name,
  • Message content,
  • Application name,
  • User ID,
  • Device and application version,
  • Purchase information,
  • Error screenshots,
  • Other information related to the support request.

Artificial Intelligence Data

In applications containing AI-powered features, the following information may be processed:

  • Text entered by users,
  • Prompts submitted to AI systems,
  • Translation or response content,
  • Usage time,
  • Technical processing logs.

No such processing activity takes place in applications that do not include AI features.

Notification Information

In applications that use notification features, the following information may be processed:

  • Push token,
  • Notification preferences,
  • Notification permission status,
  • Notification interaction information.

4. Special Categories of Personal Data

Rasanox does not request health information, biometric data, national identification numbers, religious beliefs, political opinions, criminal conviction information, trade union membership, association/foundation membership, or similar special categories of personal data from users.

Users should not share special categories of personal data in support messages, AI interfaces, free-text fields, or any other areas.

If a user voluntarily shares unnecessary or special categories of personal data, such information may be processed only to the extent necessary for evaluating the request, ensuring security, fulfilling legal obligations, or managing the relevant communication. Where possible, such data will be deleted or anonymized.

5. Purposes of Processing Personal Data

Personal data may be processed for the following purposes:

  • Operating applications and games,
  • Creating and managing user accounts,
  • Saving game progress,
  • Storing in-app settings,
  • Managing premium and purchase entitlements,
  • Verifying in-app purchases,
  • Assigning virtual goods to user accounts,
  • Verifying rewarded advertisement views,
  • Displaying non-personalized advertisements,
  • Measuring application performance,
  • Resolving errors and crashes,
  • Ensuring security,
  • Preventing cheating, fraud, and misuse,
  • Responding to support requests,
  • Providing AI-powered features,
  • Sending notifications,
  • Complying with legal obligations,
  • Responding to user requests,
  • Resolving disputes,
  • Protecting our rights,
  • Improving applications and services.

6. Methods of Collecting Personal Data

Personal data may be collected through the following methods:

  • Information entered directly by the user through the application or website,
  • Account registration or login processes,
  • In-app or in-game usage,
  • Purchase and verification information received from Google Play, Apple App Store, or other platforms,
  • Advertising SDKs, analytics SDKs, crash reporting tools, and similar technical tools,
  • Technical records automatically generated by devices, operating systems, and applications,
  • Support emails and communication forms,
  • Text entered by users when using AI-powered features,
  • Server logs and security systems.

7. Legal Grounds for Processing Personal Data

Personal data may be processed based on the following legal grounds under Article 5 of the KVKK.

Activities such as account creation, operation of the application, saving game progress, assigning premium rights, managing subscriptions, and fulfilling in-app purchases may be processed on the legal basis that processing is necessary for the establishment or performance of a contract.

Purchases, invoices, consumer requests, requests from public authorities, legal records, and obligations arising from legislation may be processed on the legal basis that processing is necessary for the data controller to fulfill its legal obligations.

Responding to support requests, resolving disputes, retaining evidence and transaction records may be processed on the legal basis that processing is necessary for the establishment, exercise, or protection of a legal right.

Application security, troubleshooting, performance measurement, prevention of misuse and fraud, displaying non-personalized advertisements, and improving services may be processed on the legal basis of legitimate interests, provided that such processing does not harm the fundamental rights and freedoms of the data subject.

Personalized advertising, commercial electronic communications, certain international data transfers, or other activities requiring explicit consent may be processed based on explicit consent. Where explicit consent is required, it is obtained separately and specifically for the relevant purpose.

8. Persons and Organizations to Whom Personal Data May Be Transferred

Personal data may be transferred, to the extent necessary and relevant to the processing purpose, to the following persons and organizations:

  • Application stores such as Google Play and Apple App Store,
  • Payment and purchase verification infrastructures,
  • Advertising providers and advertising SDK services,
  • Analytics, crash reporting, and performance monitoring services,
  • Cloud server, database, and hosting service providers,
  • Artificial intelligence service providers,
  • Support, communication, and email service providers,
  • Security and fraud prevention service providers,
  • Legal, technical, or financial advisors,
  • Authorized public institutions and judicial/administrative authorities.

Not every application uses the same third-party services. The providers used may be specified in the application-specific data processing table or on the relevant application page.

9. International Transfer of Personal Data

Certain third-party service providers may be located outside Türkiye, or data may be processed on servers located outside Türkiye.

When services such as Google, Apple, advertising providers, analytics services, cloud infrastructures, artificial intelligence service providers, crash reporting tools, or similar services are used, personal data may be transferred abroad or become accessible from abroad.

Where international data transfers are required, the legal mechanisms set forth under Article 9 of the KVKK and related secondary regulations shall be evaluated.

Mechanisms such as transfers based on appropriate safeguards, standard contractual clauses, methods approved by the Personal Data Protection Board, or explicit consent where necessary may be used.

For applications where no international transfer takes place, this section serves solely as general information.

10. Retention Period of Personal Data

Personal data is retained for as long as necessary for the purposes for which it is processed.

When the retention period expires or the reason requiring the processing of the data no longer exists, personal data is deleted, destroyed, or anonymized.

10. Retention Period of Personal Data (Continued)

Account information is retained as long as the account remains active. If a user deletes their account or submits a data deletion request, the request will be processed within a maximum of 30 days.

Unless there is another legal basis requiring retention, account information, profile information, in-app settings, game progress, scores, inventories, and other account-related data will be deleted or anonymized.

In cases where technical reasons prevent immediate deletion, the relevant data will be destroyed within a maximum period of 3 months.

Applications that do not require account creation do not store account-related user data. In such applications, only limited technical data necessary for application functionality, advertisement delivery, rewarded advertisement verification, troubleshooting, security, and technical monitoring may be processed.

These temporary technical records are generally deleted or anonymized within 30 days and, where necessary, no later than 90 days.

Rewarded advertisement verification records may be retained for up to 90 days for the purposes of verifying whether an advertisement was viewed, ensuring rewards are correctly granted, resolving technical issues, and preventing advertising fraud.

Error, crash, and performance logs may be retained for up to 90 days for the purposes of analyzing technical issues, ensuring security, and improving service quality.

Support requests and user communication records may be retained for up to 1 year after the request has been resolved. This retention period is applied to demonstrate that a response was provided, offer support regarding the same issue if necessary, and protect our rights in the event of disputes.

Records relating to terms of use, privacy notices, consents, permissions, and similar acceptance records may be retained for up to 3 years after the end of the user relationship for evidentiary purposes, legal compliance, and dispute resolution.

Premium membership, subscription, virtual goods, in-app purchases, refunds, cancellations, and payment transaction records may be retained for at least 3 years in accordance with consumer protection laws.

Records subject to tax, accounting, or invoicing obligations may generally be retained for 5 years in accordance with applicable laws.

Records relating to cheating, security incidents, misuse, fraud, unauthorized transactions, or payment disputes may be retained for up to 2 years for the purposes of ensuring security, protecting our rights, and preventing misuse.

If there is an ongoing dispute, investigation, official request, or legal proceeding, the relevant records may be retained until the matter is fully resolved.

Records relating to deletion, destruction, or anonymization processes are retained for at least 3 years where required by applicable law.

Certain data may also be processed by Google, Apple, advertising providers, analytics services, artificial intelligence providers, payment platforms, or other third-party service providers. Such providers may apply different retention periods under their own privacy policies.

11. Rights of the Data Subject

Pursuant to Article 11 of the KVKK, you have the following rights regarding your personal data:

  • To learn whether your personal data is being processed,
  • To request information if your personal data has been processed,
  • To learn the purpose of processing and whether your personal data is used in accordance with that purpose,
  • To know the third parties to whom your personal data is transferred domestically or abroad,
  • To request correction of incomplete or inaccurate personal data,
  • To request the deletion or destruction of personal data where the relevant conditions are met,
  • To request notification of correction or deletion actions to third parties to whom personal data has been transferred,
  • To object to any outcome that is to your detriment resulting exclusively from the analysis of processed data through automated systems,
  • To request compensation for damages suffered due to unlawful processing of personal data.

12. Application Procedure

You may submit your requests under the KVKK by using the email address registered in our system and sending your request to inforasanox@gmail.com.

If a request is submitted from an email address that is not registered in our system, additional verification steps may be requested in order to ensure data security.

To facilitate the proper evaluation of your request, it is important that your application includes the following information:

  • Full name,
  • Contact email address,
  • Subject of the request,
  • Name of the application used,
  • User ID or account information, if available,
  • A brief explanation of your request.

Additional information may be requested in order to verify your identity or determine which account or data your request relates to.

Applications will be processed as soon as possible and no later than 30 days, depending on the nature of the request.

13. Children and Users Under the Age of 13

Rasanox applications are not intended for users under the age of 13.

Users under the age of 13 must not use the applications, even with parental or legal guardian permission.

If it is determined that personal data belonging to a user under the age of 13 has been processed, access to the relevant account may be restricted, the account may be terminated, and the related data may be deleted or anonymized, subject to any retention obligations required by applicable law.

Users between the ages of 13 and 18 are encouraged to review this Notice together with their parent or legal guardian before using the applications.

14. Updates to This Notice

This KVKK Disclosure Notice may be updated from time to time.

In the event of significant changes, notifications may be displayed within the application, announcements may be published on the website, or users may be informed again where necessary.

The current version of this Notice becomes effective on the date it is published on the website and/or within the application.