Back to website Türkçe

Privacy Policy

Odit Teknoloji ve İletişim Hizmetleri Ticaret A.Ş. — Mobile Applications Effective date: 10 June 2026

This Privacy Policy ("Policy") describes how Odit Teknoloji ve İletişim Hizmetleri Ticaret A.Ş., a joint-stock company incorporated under the laws of the Republic of Türkiye and registered at the Istanbul Trade Registry (the "Company", "we", "us", or "our"), collects, uses, discloses, and protects information about you when you download, install, access, or use any of our mobile applications and related services (collectively, the "Applications").

We act as the data controller ("veri sorumlusu") within the meaning of the Turkish Personal Data Protection Law No. 6698 ("KVKK") for personal data processed through the Applications. Where the European Union General Data Protection Regulation 2016/679 ("GDPR") applies, we act as the data controller. Where the California Consumer Privacy Act ("CCPA") applies, we act as the business that determines the purposes and means of processing your personal information.

Please read this Policy carefully. By installing or using the Applications, you acknowledge that you have read and understood the practices described below. If you do not agree, please uninstall the Applications and discontinue use.

1. Information We Collect

1.1 Information you provide directly

We collect information you voluntarily provide when you create an account, configure your profile, communicate with our support team, participate in surveys, or otherwise interact with the Applications. This may include:

  • Account credentials such as email address, display name, and authentication tokens received from third-party identity providers (Apple Sign-In, Google Sign-In).
  • Profile data such as language preference, time zone, country, and content preferences you select inside the Application.
  • User-generated content such as match records, scores, team names, notes, and any other content you enter into the Applications.
  • Support correspondence including the contents of emails or in-app messages you send to our support team.

1.2 Information collected automatically

When you use the Applications, certain information is collected automatically through software development kits ("SDKs") and analytics tools:

  • Device information including device model, operating system and version, screen resolution, language, country, mobile network carrier, and unique device identifiers (Apple IDFV, Android ID).
  • Application logs such as session start and end times, screens viewed, actions taken, error reports, and crash diagnostics.
  • Network information including IP address (truncated where required by law), approximate geolocation derived from IP, and connection type (Wi-Fi, mobile data).
  • Performance metrics such as load times, API response durations, frame rates, and other technical telemetry needed to operate the service.
  • Advertising identifiers (IDFA on iOS, AAID on Android) — only when you grant explicit permission via Apple App Tracking Transparency ("ATT") on iOS, or when you have not opted out of personalized advertising in your Android system settings.

1.3 Information from third parties

We may receive information about you from the following third parties when their services are integrated with our Applications:

  • Identity providers (Apple, Google) provide your email address and unique user identifier when you sign in using their authentication services.
  • Payment processors (Apple App Store, Google Play Store) provide transaction confirmations and receipts when you make in-app purchases. We never receive your full payment card details.
  • Advertising networks (Google AdMob) may share aggregated impression and click data for advertisements served through our Applications.
  • Analytics providers (Firebase Analytics, Firebase Crashlytics) provide aggregated usage and crash data.

2. How We Use Your Information

We use the information we collect for the following purposes, each grounded in a lawful basis as required by KVKK Article 5 and GDPR Article 6:

  • Service delivery. To provide, maintain, and operate the Applications, including authenticating you, syncing data across your devices, processing in-app purchases, and providing customer support. Lawful basis: performance of the contract between you and us (KVKK Art. 5/2-c; GDPR Art. 6(1)(b)).
  • Service improvement. To analyze usage patterns, fix bugs, develop new features, and improve performance, stability, and user experience. Lawful basis: our legitimate interest in operating and improving a sustainable service (KVKK Art. 5/2-f; GDPR Art. 6(1)(f)).
  • Communication. To respond to your inquiries, send service announcements, security alerts, and policy updates. Lawful basis: performance of the contract and our legitimate interest in maintaining a safe service (KVKK Art. 5/2-c, 5/2-f; GDPR Art. 6(1)(b), 6(1)(f)).
  • Advertising. To serve banner and interstitial advertisements in the free version of the Applications. Personalized advertising is enabled only with your explicit consent (ATT on iOS) or where permitted by your platform privacy settings. Lawful basis: explicit consent (KVKK Art. 5/1; GDPR Art. 6(1)(a)).
  • Security and fraud prevention. To detect, investigate, and prevent fraudulent activity, abuse, security incidents, and violations of our User Agreement. Lawful basis: legitimate interest and legal obligation (KVKK Art. 5/2-ç, 5/2-f; GDPR Art. 6(1)(c), 6(1)(f)).
  • Legal compliance. To comply with applicable laws, regulations, court orders, and lawful requests from public authorities. Lawful basis: legal obligation (KVKK Art. 5/2-ç; GDPR Art. 6(1)(c)).

3. Cookies and Similar Technologies

Our mobile Applications do not use traditional browser cookies. However, comparable technologies are used by our integrated SDKs:

  • Persistent local storage (UserDefaults on iOS, SharedPreferences and MMKV on Android) to remember your preferences, authentication state, and unsynced match data.
  • Advertising identifiers (IDFA, AAID) as described in Section 1.2.
  • Analytics identifiers, which are pseudonymous and reset when you uninstall the Application or reset your advertising identifier in device settings.

4. Sharing and Disclosure of Information

We do not sell your personal data. We share information only in the limited circumstances described below:

4.1 Service providers

We share information with third-party service providers that process data on our behalf under contractual data processing agreements. These providers are bound to use your information only to provide services to us, and not for their own purposes. Our current service providers include:

  • Google LLC — Firebase Authentication, Firebase Firestore (cloud storage), Firebase Analytics, Firebase Crashlytics, Firebase Performance Monitoring, Google AdMob (advertising). Data processed in Google data centers globally.
  • Apple Inc. — Apple Sign-In, App Store payment processing, App Tracking Transparency framework.
  • RevenueCat Inc. (where used) — subscription and in-app purchase management.
  • Email service providers used for transactional email and customer support.

4.2 Legal disclosures

We may disclose your information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law or a binding order from a competent court, tribunal, or governmental authority of the Republic of Türkiye or other jurisdiction; (b) enforce our User Agreement or investigate potential violations; (c) protect the rights, property, or safety of Odit Teknoloji, our users, or the public; or (d) detect, prevent, or otherwise address fraud, security, or technical issues.

4.3 Business transfers

In the event of a merger, acquisition, sale of assets, reorganization, bankruptcy, or similar corporate transaction, your information may be transferred to the relevant successor entity. We will provide notice (through the Applications or by email) before your information becomes subject to a different privacy policy.

4.4 With your consent

We may share your information for other purposes with your explicit consent.

5. International Data Transfers

The Applications are operated from the Republic of Türkiye. Some of the service providers listed in Section 4.1 may process data outside Türkiye and the European Economic Area, including in the United States. We take appropriate safeguards to ensure that international transfers of personal data comply with KVKK Articles 9 and 9/A, GDPR Chapter V, and other applicable laws. Safeguards include the use of Standard Contractual Clauses approved by the European Commission, adequacy decisions where available, and binding corporate rules.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may request a copy of the safeguards in place by contacting us at the address in Section 13.

6. Data Retention

We retain personal data only as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law:

  • Account data is retained for as long as your account is active and for up to 6 (six) months after account deletion to allow for recovery and dispute resolution.
  • Match records synced to the cloud are retained while your account is active. Upon account deletion, they are removed from our active databases within 30 (thirty) days and purged from backup systems within 90 (ninety) days.
  • Crash logs and analytics data are retained for up to 14 (fourteen) months in aggregated, pseudonymized form, after which they are deleted.
  • Support correspondence is retained for up to 3 (three) years from the date of last contact, for quality assurance and legal defense purposes.
  • Transaction and receipt data is retained for 10 (ten) years to comply with Turkish Tax Procedure Law and Commercial Code obligations.

7. Security of Information

We implement administrative, technical, and physical safeguards designed to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher between the Applications and our servers.
  • Encryption of data at rest in our cloud databases.
  • Access controls limiting personnel access to personal data on a strict need-to-know basis.
  • Regular security reviews of our SDKs, dependencies, and infrastructure.
  • Mandatory authentication for all administrative access to our systems, with multi-factor authentication where supported.
  • Incident response procedures designed to identify, contain, and remediate security incidents promptly.

Notwithstanding these measures, no security system is perfectly impenetrable. We cannot guarantee absolute security of your personal data. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify the Turkish Personal Data Protection Authority ("KVKK Kurulu") and you, in accordance with KVKK Article 12/5 and, where applicable, GDPR Articles 33 and 34.

8. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

8.1 Rights under KVKK (Article 11)

  • To learn whether your personal data is being processed.
  • To request information about processing if your personal data has been processed.
  • To learn the purposes of processing and whether your data is being used appropriately.
  • To know the third parties to whom your data has been transferred, in Türkiye or abroad.
  • To request the correction of incomplete or inaccurate data.
  • To request the deletion or destruction of your personal data within the conditions stipulated in Article 7 of KVKK.
  • To request notification of correction, deletion, or destruction to third parties to whom data has been transferred.
  • To object to a result against you arising from the analysis of your personal data exclusively by automated systems.
  • To request compensation for damages arising from unlawful processing of your personal data.

8.2 Rights under GDPR (Articles 15-22) — for users in the EEA / UK

  • Right of access — to obtain confirmation and a copy of your personal data we process.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — to request deletion of your data in specified circumstances.
  • Right to restriction of processing — to limit our processing of your data in specified circumstances.
  • Right to data portability — to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to object — to processing based on legitimate interests or for direct marketing.
  • Right not to be subject to automated decision-making — including profiling that produces legal or similarly significant effects.
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior consent-based processing.
  • Right to lodge a complaint with a supervisory authority.

8.3 Rights under CCPA — for users resident in California, USA

  • Right to know what personal information is collected, used, shared, or sold.
  • Right to delete personal information held by us.
  • Right to opt-out of the sale of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising CCPA rights.

8.4 Exercising your rights

To exercise any of the rights described above, please contact us at the email address provided in Section 13. We will respond within 30 (thirty) days from the date we receive your request, as required by KVKK Article 13. Under GDPR, we will respond within 1 (one) month. We may extend these periods by an additional 60 days for complex requests, in which case we will notify you of the extension.

We may request information necessary to verify your identity before fulfilling your request. There is no fee for the first request in a 12-month period; subsequent requests or excessive requests may incur a reasonable administrative fee in accordance with KVKK secondary regulations.

9. Children's Privacy

Our Applications are not directed to children under the age of 13 (or under 16 in some jurisdictions including the European Economic Area, where local law sets a higher minimum age for consent to data processing). We do not knowingly collect personal data from children below the applicable minimum age.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at the address in Section 13. If we become aware that we have collected personal data from a child below the applicable minimum age without verifiable parental consent, we will promptly delete that information.

10. Advertising

Free versions of our Applications display advertisements served through Google AdMob. These ads may be personalized based on your interests if you have granted the necessary permissions:

  • On iOS, personalized advertising is enabled only after you grant permission through the Apple App Tracking Transparency prompt. If you decline, you will continue to see ads, but they will not be personalized using your advertising identifier.
  • On Android, personalized advertising is governed by your device-level "Opt out of Ads Personalization" setting in Google Play services.

AdMob may collect device identifiers, IP address, advertising identifier, and ad-interaction data. AdMob's data practices are governed by Google's Privacy Policy, available at https://policies.google.com/privacy.

You can permanently remove all advertising from the Applications by purchasing Premium (a one-time in-app purchase).

11. In-App Purchases

The Applications may offer in-app purchases ("IAPs"). All payments for IAPs are processed by Apple App Store or Google Play Store, depending on your device platform. We do not receive or store your payment card information, billing address, or any other financial data. We only receive confirmation that a transaction has succeeded, along with an opaque transaction identifier and the product purchased.

Refunds for IAPs are governed by the policies of the respective platform store (Apple or Google), not by Odit Teknoloji. To request a refund, please contact Apple Support (https://support.apple.com/billing) or Google Play Support (https://support.google.com/googleplay).

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will provide notice through the Applications (e.g., via an in-app notice on first launch after the update) and, where required by law, obtain your renewed consent.

The "Effective date" at the top of this Policy indicates when it was last revised. Continued use of the Applications after the effective date constitutes acceptance of the updated Policy.

13. Contact Information

If you have any questions, concerns, or complaints about this Policy or our data practices, or if you wish to exercise any of your rights, please contact us:

  • Data controller: Odit Teknoloji ve İletişim Hizmetleri Ticaret A.Ş.
  • Registered address: MASLAK MAH. AOS 55. SK. 42 MASLAK A BLOK NO: 2 İÇ KAPI NO: 25 SARIYER / İSTANBUL
  • Email: bilgi@bodevoffice.com
  • Mersis number: 0634038001700013

If you are not satisfied with our response, you have the right to lodge a complaint with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurulu) at https://www.kvkk.gov.tr, or, if you are in the European Economic Area, with the supervisory authority of your country of residence or place of alleged infringement.

This Privacy Policy is published in English and Turkish. In the event of any inconsistency between the two versions, the Turkish version shall prevail to the extent that the relationship is governed by Turkish law.