KVKK Information Notice

Version 1.0 · Effective date: May 7, 2026

Note: KVKK (Law No. 6698 on the Protection of Personal Data) is Turkish legislation. The authoritative version of this notice is the Turkish text at www.capsly.app/kvkk. This English page is provided for convenience only; in case of any discrepancy, the Turkish version prevails.

Data Controller
Personal Data Categories
Processing Purposes
Legal Basis
Transfers
Method of Collection
Data Subject Rights (Article 11)
How to apply

1. Data Controller

Under Law No. 6698 on the Protection of Personal Data ("KVKK"), the Capsly team acts as the data controller. Contact: support@capsly.app

2. Personal Data Categories

Identity: username, optional avatar
Contact: email address
Account / customer transaction: registration date, accepted policy version, OAuth provider identifier (if you sign in with Google/Facebook)
Process security: bcrypt password hash, JWT/refresh token records, IP address, coarse location
Content: uploaded videos and metadata (title, tags, category, scheduled publish time, visibility), auto-generated thumbnails
Interaction: follows, votes (+1/-1), predictions, feed impression records
Device: app version, device type (iOS/Android), FCM push token (if granted)

3. Processing Purposes

Providing the service: account management, video upload/publishing, feed generation
Performance of the membership agreement and user-support processes
Information-security processes (abuse detection, session security)
Notification services (push notifications — based on explicit consent)
Compliance with legal obligations (court / prosecutor / law-enforcement requests)
Service improvement and troubleshooting

4. Legal Basis

Your personal data is processed on the legal grounds set out in KVKK Articles 5/2 and 6/3:

Establishment and performance of a contract (Art. 5/2-c)
Compliance with a legal obligation (Art. 5/2-ç)
Legitimate interest of the data controller (Art. 5/2-f) — security and abuse detection
Explicit consent (Art. 5/1) — for push notifications and other optional data, where the law requires it

5. Transfers

Capsly does not sell personal data. Data is shared with the following service providers for limited purposes:

Amazon Web Services (AWS): hosting, storage (S3), database (Aurora), CDN (CloudFront). Data is primarily kept in AWS Frankfurt — eu-central-1.
Firebase Cloud Messaging (Google): only the device token is shared, to deliver push notifications.
Google and Facebook OAuth (optional): when you choose these providers, a profile identifier is received.

Cross-border transfers are made under appropriate safeguards (contractual undertakings, explicit consent, etc.) consistent with KVKK Article 9. Statutory disclosure obligations to public authorities are reserved.

6. Method of Collection

Personal data is collected by automated or partly-automated means in electronic form, through your installation of the app, registration, content uploads, interactions, and the technical data flows necessary for the service to function.

7. Data Subject Rights (KVKK Article 11)

As a data subject, you may apply to Capsly to exercise the following rights:

Learn whether your personal data is processed
Request information regarding such processing
Learn the purpose of processing and whether the data is used in accordance with the stated purpose
Learn the third parties to whom personal data is transferred, domestically or abroad
Request rectification of incomplete or incorrect data
Request erasure or destruction of personal data within the scope of KVKK Article 7
Request notification of the rectification/erasure/destruction operations to third parties to whom data has been transferred
Object to outcomes adverse to you that arise from analysis of your data exclusively by automated means
Claim compensation for damages arising from unlawful processing

8. How to apply

Under KVKK Article 13 and the Communiqué on the Procedures and Principles for the Application to the Data Controller, you may submit your request as follows:

Email: support@capsly.app (from your registered email, with the subject "KVKK Application")
Your application should include your identity, address, the subject of your request, and any supporting documents.
Your application will be answered within 30 days at the latest. If a fee tariff is set by the Authority, that fee may be charged.

If your application is rejected, the response is unsatisfactory, or no response is provided within the legal time frame, you may file a complaint with the Personal Data Protection Authority within 30 days from learning of the response and within 60 days at the latest from the date of your application.

Related documents: Privacy Policy · Account Deletion · Terms of Use