PettAppPettApp

Türkiye için evcil hayvan hizmetleri platformu. Sadece kedi ve köpek.

Bakım ipuçları, e-postanıza gelsin.

Şirket

HakkımızdaKariyerBasın

Hizmetler

Veteriner KliniğiTımar SalonuEvcil Hayvan OteliKöpek GezdiriciGeçici BakımEvcil Hayvan TaksisiTümünü gör

Yasal

GizlilikŞartlarİade PolitikasıÇerezler

Bağlan

İletişimSSS

© 2026 PettApp. Tüm hakları saklıdır.

Türkiye'de özenle hazırlandı.

PettAppPettApp
Ana SayfaHizmetlerSahiplendirmeKurtarmaHakkımızdaİletişim
Giriş YapBaşlayın

Privacy Policy

Placeholder — replace before launch

This page contains skeleton headings only. The actual policy must be drafted by qualified counsel familiar with KVKK (Turkey) and GDPR. Do not ship this page as-is.

1. Data controller

Identity of the controller; contact details; DPO contact if applicable.

2. Personal data we process

Account data (email, phone, name, locale, city). Pet data (species, breed, medical records — encrypted at rest with AES-256-GCM). Booking data (service, schedule, payment status, total / commission split). Audit logs (hashed IP, user-agent, action, timestamp). 2FA secret if enabled (encrypted at rest).

For a small number of security-sensitive events — specifically the creation of an adoption listing, the creation of a rescue / lost-and-found report, and admin moderation decisions (approve / reject / remove) — we additionally record the raw IP address of the request, alongside the actor and timestamp. This is used solely for security, abuse-prevention and KVKK accountability. These raw IP addresses are kept for at most 12 months and then automatically deleted (see Retention).

3. Legal basis

Contract performance; legal obligation; legitimate interest; consent (analytics).

4. Recipients

Supabase (auth, database, storage); payment processor TBD; email sender TBD.

5. International transfers

List of countries where processors may host data, plus the transfer mechanism (SCCs).

6. Retention

How long each category of data is kept. Audit logs — including any raw IP address recorded for security-sensitive events (adoption listing creation, rescue / lost-and-found report creation, admin moderation decisions) — are retained for 12 months and then automatically deleted by a scheduled job.

7. Your rights

Access, rectification, erasure, portability, objection, withdrawal of consent. You can export your data and delete your account from Profil → Data.

8. Cookies

Essential cookies for the session and 2FA setup. Optional analytics — opt-in via the cookie banner.

9. Security

Industry-standard encryption in transit (HSTS, TLS). At rest, sensitive fields (medical records, TOTP secret) encrypted with AES-256-GCM. Rate limiting and audit logging on sensitive endpoints.

10. Contact

Email / postal address for KVKK / GDPR requests. Supervisory authority info.