Vibe — Privacy Notice (KVKK / GDPR)
Last updated: 05.07.2026
This Privacy Notice is prepared under Article 10 of the Turkish Law No. 6698 on the Protection of Personal Data ("KVKK") and is aligned with GDPR principles. It explains how personal data is processed through the Vibe mobile application and the vibecadde.com website (the "Platform").
1. Data Controller
Your personal data is processed by the data controller identified below:
| Data Controller | Individual developer operating vibecadde.com |
| Website | https://vibecadde.com |
| info@vibecadde.com |
2. Categories of Personal Data Processed
2.1. General personal data
| Category | Data |
|---|---|
| Identity | Name / display name, date of birth, calculated age, gender |
| Contact | Phone number, e-mail address |
| Visual & audio records | Profile photos (up to 6), verification selfie (face), story media, voice messages, voice/video call streams |
| Location | GPS coordinates (lat/long), foreground and —if permitted— background location (geofencing), area verification |
| Transactions | Subscription and purchase records, product/package, transaction date |
| Security | Authentication tokens, device identifier, IP address, push notification token |
| Behavioural / marketing | In-app usage, like/match/pass (swipe) data, screen views and interaction events |
| Profile content | Bio, height, interests, profile prompts |
| Preferences | Language, privacy settings (online status, read receipts, incognito, etc.) |
2.2. Special categories of personal data (KVKK Art. 6)
As the Platform is a dating/social service, the following special-category data may be processed only with your explicit consent and only if you choose to provide it:
- Data concerning sex life — preferred gender/orientation ("who you want to match with") and dating mode;
- Health-related indirect data — optional lifestyle info (smoking, alcohol, exercise).
Providing this data is entirely optional, and consent may be withdrawn at any time.
3. Purposes of Processing
- Creating membership and verifying identity via phone number;
- Providing the dating/matching service (profiles, discovery, likes, matches);
- Enabling messaging and voice/video calls between users;
- Operating story creation and viewing features;
- Location-based matching and distance display;
- Profile verification and enforcement of the 18+ age limit for platform safety;
- Operating blocking and reporting mechanisms; preventing abuse and fake accounts;
- Processing and managing subscriptions and in-app purchases;
- Sending push notifications;
- Measuring, improving and analysing service quality (statistics/analytics);
- Managing requests and complaints; providing user support;
- Fulfilling legal obligations and responding to authorities;
- Information security and protection of legal rights in disputes.
4. Legal Bases
| Legal basis (KVKK) | Example |
|---|---|
| Necessity for the performance of a contract (Art. 5/2-c) | Membership, profiles, location-based matching, messaging, subscriptions |
| Legal obligation (Art. 5/2-ç) | Responses to authorities, statutory retention |
| Establishment/exercise/protection of a right (Art. 5/2-e) | Reports, blocking records, dispute handling |
| Legitimate interest (Art. 5/2-f) | Security, fraud prevention, service improvement/analytics |
| Explicit consent (Art. 5/1 and Art. 6/3) | Special-category data, commercial electronic messages (optional) |
Special-category data is processed primarily on the basis of your explicit consent under KVKK Art. 6/3. Cross-border transfers are carried out under the current Article 9 of the KVKK, as described in §5 below.
5. Recipients and Cross-Border Transfers
To deliver the service, your data may be shared with the following recipients. Due to the technical infrastructure, a significant part of these transfers is made to service providers located abroad:
| Recipient / Provider | Purpose | Data location |
|---|---|---|
| Google / Firebase | Phone verification, push infrastructure | Abroad (USA) |
| Google Sign-In | Social login | Abroad (USA) |
| Apple Sign-In | iOS social login | Abroad (USA) |
| Agora | Real-time transmission of voice/video calls — transient relay (conduit) only; call content is not stored | Abroad (global) |
| RevenueCat | Subscription & in-app purchase management | Abroad (USA) |
| Apple App Store / Google Play | Payments and billing | Abroad |
| Expo / FCM | Push notifications | Abroad (USA) |
| Google Maps | Maps and location display | Abroad (USA) |
| PostHog | Product/usage analytics | Abroad (EU) |
| Public authorities | Legal obligations | Türkiye |
| Advisors (lawyer, accountant, auditor) | Legal/financial processes | Türkiye |
Public elements of your profile (display name, photos, age, bio, interests, etc.) are shown to users who discover or match with you, as inherent to the service.
Cross-border transfers are carried out under Article 9 of the KVKK as in force since 1 June 2024: based on an adequacy decision where one exists; otherwise on the appropriate safeguards provided by law (standard contractual clauses, binding corporate rules or an undertaking with Board authorisation); or within the incidental cases set out in Article 9.
6. How Data Is Collected
Data is collected through the mobile app and website via electronic forms, profile-creation steps, device permissions (camera, gallery, location, microphone, notifications), cookies and similar technologies, using automated and semi-automated methods.
7. Retention
Data is retained for as long as necessary for the processing purposes and any statutory retention periods. When you delete your account, after the 3-day grace period your data is deleted, destroyed or anonymised, except where retention is legally required. Freezing the account does not delete data; the profile is deactivated from visibility to other users.
8. Your Rights (KVKK Art. 11)
You have the right to: learn whether your data is processed; request information; learn the purpose and whether it is used accordingly; know the third parties (domestic/abroad) to whom it is transferred; request correction of incomplete/incorrect data; request erasure/destruction under the conditions in the Law; request that correction/erasure be notified to recipients; object to results arising solely from automated analysis; and claim compensation for damages due to unlawful processing.
9. How to Apply
You may submit your requests via:
- E-mail: info@vibecadde.com
Requests are concluded within 30 days at the latest. A fee from the tariff set by the Personal Data Protection Board may apply where the process entails a cost.
To make your application easier, you can fill in our Data Subject Request Form and send it to info@vibecadde.com.