Privacy Policy

Welcome to Qulo ("App", "we", "us", or "our"). Qulo is a question-based dating application developed by Berkant Çalıkuşu, an individual developer based in Istanbul, Turkey. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Qulo. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the Turkish Personal Data Protection Law (KVKK, Law No. 6698), and other applicable data protection laws. By creating an account or using Qulo, you acknowledge that you have read and understood this Privacy Policy.

We collect the following categories of personal data: • Account Information: Email address, password (bcrypt-hashed — we never store plaintext passwords), date of birth (to verify 18+ eligibility), display name, and gender. • Profile Data: Profile photos, bio text, questions you create (2–10 questions per user), and your answers to other users' questions. • Location Data: GPS coordinates when you use the Discover feature (to show nearby users) and Passport mode (Premium only, to browse users in other locations). Location is collected only while the app is in use and only with your explicit permission. • Usage & Analytics Data: Firebase Analytics collects anonymized app usage data (screens viewed, features used, session duration) with a 14-month retention period. Firebase Crashlytics collects crash reports and device diagnostics with a 90-day retention period. • Transaction Data: In-app purchase history processed through Apple App Store or Google Play via RevenueCat. We do not collect or store payment card details. • Chat Data: Messages exchanged between matched users, including chat questions and their answers. • Diamond & Activity Data: Green diamond earnings, purple diamond purchases, power usage (Oracle, Half, Skip, Time Extend, Hint, Skip All), badges, levels, and gameplay statistics.

We want to be transparent about what we do not collect: • Phone number or phone contacts • Social media accounts or login credentials • Browsing history outside of Qulo • Biometric data (fingerprint, face scan) • Government-issued ID or identity documents • Financial information or credit card numbers • Data from other apps on your device

We process your personal data for the following purposes: • To provide the service (Legal basis: Contract performance) — Creating and maintaining your account, displaying your profile and questions to other users, facilitating matches and conversations. • To enable discovery (Legal basis: Consent) — Using your location to show nearby users and enable the Passport feature. • To process transactions (Legal basis: Contract performance) — Managing diamond economy, processing in-app purchases through RevenueCat, and maintaining subscription status. • To improve the app (Legal basis: Legitimate interest) — Analyzing anonymized usage patterns through Firebase Analytics, fixing bugs using crash reports from Crashlytics. • To send notifications (Legal basis: Consent) — Sending push notifications about new matches, messages, and app updates via Firebase Cloud Messaging. You can disable notifications at any time in your device settings. • To ensure safety (Legal basis: Legitimate interest) — Detecting and preventing fraud, abuse, and violations of our Terms of Service.

We do not sell your personal data. We share data with the following third-party service providers, solely for the purposes described: • Supabase (Database hosting) — Stores your account data, profile, messages, and app data. Supabase servers are located in the EU. Privacy policy: supabase.com/privacy • Firebase / Google (Analytics, Crashlytics, Push Notifications) — Processes anonymized analytics data, crash reports, and delivers push notifications. Privacy policy: firebase.google.com/support/privacy • RevenueCat (In-app purchases) — Manages subscription and purchase validation for Apple App Store and Google Play. Privacy policy: revenuecat.com/privacy • Apple App Store / Google Play (Payment processing) — Processes payments for subscriptions and diamond purchases. Data handling is subject to Apple's and Google's respective privacy policies. All third-party providers are contractually obligated to protect your data and process it only for the specified purposes.

We retain your data for the following periods: • Account data: Until you delete your account. • Chat messages: Until you delete your account or the conversation is deleted by both parties. • Firebase Analytics data: 14 months (Google's default retention). • Firebase Crashlytics data: 90 days. • Transaction records: As required by applicable tax and commercial law (up to 10 years under Turkish Commercial Code). When you delete your account, your personal data is removed from our database immediately. Data held by third-party services (Firebase, RevenueCat) is subject to their respective retention policies.

We take data security seriously and implement the following measures: • All data is transmitted over HTTPS/TLS encryption. • Passwords are hashed using bcrypt — we never store or have access to plaintext passwords. • Authentication uses secure JWT tokens (access + refresh token pattern). • Database access is restricted to authenticated and authorized requests. • Our database is hosted on Supabase infrastructure within the EU. While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Under GDPR and KVKK, you have the following rights regarding your personal data: • Right of access — Request a copy of the personal data we hold about you. • Right to rectification — Request correction of inaccurate or incomplete data. • Right to erasure — Request deletion of your personal data (see Account Deletion below). • Right to restrict processing — Request that we limit how we use your data. • Right to data portability — Request your data in a structured, machine-readable format. • Right to object — Object to processing based on legitimate interests. • Right to withdraw consent — Withdraw consent at any time (e.g., location permissions, push notifications). To exercise any of these rights, contact us at info@socrepho.com. We will respond within 30 days.

You can delete your account at any time from the app settings. When you delete your account: • Your profile, questions, answers, matches, and chat messages are permanently deleted from our Supabase database immediately. • Your account cannot be recovered after deletion. • Data held by third-party services (Firebase, RevenueCat) will be deleted according to their respective data retention policies. • Active subscriptions must be cancelled separately through Apple App Store or Google Play. Deleting your Qulo account does not automatically cancel your subscription billing.

Qulo is strictly for users aged 18 and older. We verify age through date of birth during registration. We do not knowingly collect personal data from anyone under 18. If we discover that we have collected data from a user under 18, we will delete their account and all associated data immediately. If you believe a minor is using Qulo, please contact us at info@socrepho.com.

Qulo uses your device's GPS to provide location-based features: • Discover: Shows users near your current location. Location is collected only while the app is actively in use (foreground only). • Passport Mode (Premium only): Allows you to browse users in a different city or country. Location permission is requested explicitly through your device's permission system. You can revoke location access at any time through your device settings. Without location permission, the Discover feature will not function, but other app features remain available. We do not track your location in the background or maintain a location history.

The Qulo website (quloapp.com) is a static informational site and does not use cookies or tracking technologies. The Qulo mobile app does not use cookies. Firebase Analytics uses device identifiers for anonymized usage analytics, which you can opt out of through your device's advertising settings.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through: • An in-app notification. • An update to the "Last updated" date at the top of this page. Your continued use of Qulo after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.

Under Article 11 of the Turkish Personal Data Protection Law (KVKK No. 6698), you have the following rights: • Learn whether your personal data is being processed • Request information about processing if it has been processed • Learn the purpose of processing and whether it is used accordingly • Know the third parties to whom your data is transferred domestically or abroad • Request correction of incomplete or inaccurate data • Request deletion or destruction under KVKK Article 7 • Request notification of correction/deletion to third parties • Object to a result arising against you through automated analysis • Claim compensation for damages caused by unlawful processing For inquiries: info@socrepho.com

Data Controller: Berkant Çalıkuşu Address: Istanbul, Turkey Email: info@socrepho.com You may submit your requests to the email address above. Your requests will be processed free of charge within 30 days at the latest. If the process requires additional costs, fees may be charged based on the tariff determined by the KVKK Board.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us: Data Controller: Berkant Çalıkuşu Email: info@socrepho.com Address: Istanbul/Beyoglu, Turkey Website: quloapp.com For KVKK-related requests, you may also submit a formal application via registered mail or through the e-government (e-Devlet) system as prescribed by the Turkish Personal Data Protection Authority (KVKK).