Skip to content

Privacy Policy

FavMekan Privacy Policy

Last updated: April 7, 2026

1. Data Controller

Pursuant to Article 10 of the Personal Data Protection Law No. 6698 ("KVKK"):

Data Controller: FavMekan Email: destek@favmekan.app Web: https://favmekan.app

2. Data Collected

The following data may be collected while using the Application:

  • Account information: Name, surname, email, username, profile photo
  • Location: Screen coordinates during map viewing; approximate location if permission is granted
  • Usage: Favorites, collections, follow list, menu viewing history
  • Device: Device model, operating system, app version, notification token
  • Additional for business owners: Tax certificate, tax number, business phone
  • Payment: Subscription status and credit balance (credit card information is not stored by us)

3. Purposes of Data Processing

  • Account creation and service delivery
  • Location-based restaurant display
  • Notifications and support communication
  • Account security and abuse prevention
  • Application improvement
  • Fulfillment of legal obligations

4. Legal Bases (KVKK Art. 5/2)

Your data is processed based on the following legal grounds:

  • Explicit consent — marketing communications, location data
  • Performance of contract — account creation, service delivery, subscription management
  • Legitimate interest — security measures, service improvement
  • Legal obligation — statutory retention periods

5. Data Sharing

Your data may be shared with the following categories of third-party providers to the extent necessary for service delivery:

  • Cloud infrastructure providers (Supabase) — database hosting and server services
  • Map service providers (Google) — location-based services and map display
  • Artificial intelligence service providers (OpenAI, Google) — audio and visual analysis of shared video content
  • Payment processors (Apple) — in-app purchase transactions
  • Notification service providers (Google Firebase) — push notification delivery
  • Subscription management providers (RevenueCat) — subscription status tracking
  • Analytics service providers (PostHog) — anonymous usage statistics

All providers operate in accordance with international security standards. Your data may be processed in the United States (OpenAI, Google, Apple, Firebase, RevenueCat), the European Union (PostHog), and the Asia-Pacific region (Supabase) depending on service requirements. Cross-border data transfers are carried out under appropriate safeguards within the scope of KVKK Article 9.

6. Data Retention

  • Account information is retained until the account is deleted.
  • Usage data is retained for 2 years.
  • Videos uploaded for AI analysis are deleted immediately after processing.
  • Tax documents are retained for 5 years due to legal requirements.
  • Expired data is automatically deleted or anonymized.

7. Data Security

Your data is encrypted during transfer and storage. Database access is restricted by security policies. Passwords are stored as hashes, not in plain text.

8. Children's Privacy

Our Application is not intended for individuals under 16. We do not knowingly collect data from individuals under 16. If data belonging to an individual under 16 is identified, the relevant data will be deleted immediately.

9. Your Rights (KVKK Art. 11)

You have the following rights regarding your personal data:

  1. To learn whether your data is being processed
  2. To request information if it has been processed
  3. To learn the purpose of processing and whether it is used appropriately
  4. To know the third parties to whom it has been transferred
  5. To request correction if it has been processed incompletely or incorrectly
  6. To request its deletion or destruction
  7. To request notification of correction/deletion to third parties
  8. To object to results produced against you through automated analysis
  9. To claim compensation for damages caused by unlawful processing
  10. To request the portability of your data in a structured, commonly used, and machine-readable format (data portability)

You may contact destek@favmekan.app for your requests. Your request will be answered within 30 days at the latest.

10. Data Breach Notification

In the event of a security breach affecting your personal data, the relevant regulatory authorities will be notified within 72 hours. Affected users will be informed as soon as possible via in-app notification or email, depending on the nature of the breach.

11. Cookies

No cookies are used in our mobile application. Only theme, language, and session information are stored locally on the device.

12. Changes

We reserve the right to update this policy. Significant changes will be announced at least 15 days in advance via in-app notification.

13. Contact

Email: destek@favmekan.app

This policy came into effect on April 7, 2026.