Privacy Policy

# Privacy Policy for DUO MATCH

**Effective Date: January 1, 2025**  

**Last Updated: March 1, 2025**

## 1. Introduction

Welcome to DUO MATCH, a multi-game platform developed and operated by Doğan Eres, a sole proprietor registered in Turkey with Tax ID: 3540424384 (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application DUO MATCH (the “App”) on iOS and Android platforms.

**By using our App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our App.**

This Privacy Policy complies with applicable privacy laws including GDPR, CCPA, COPPA, and Apple’s App Store Review Guidelines.

## 2. Information We Collect

### 2.1 Personal Information

We may collect the following personal information:

– **Account Information**: Username, email address, profile picture (from camera or gallery), gender, level and experience points

– **Authentication Data**: Google Sign-In information, account verification data

– **Profile Data**: Display name, bio, selected profile frames, owned items, achievements, badges

– **Location Selection**: Province and district information (manually selected by user, not GPS-based)

– **Communication Data**: Messages sent through in-app chat features, friend requests

– **Payment Information**: Purchase history for virtual currency (diamonds/gems), processed by Apple/Google

### 2.2 Game Data

– **Gameplay Statistics**: Game scores, match results, game-specific achievements, win/loss records for each game type

– **Leaderboard Information**: Rankings and competitive statistics

– **Game Preferences**: Language preferences, notification settings

– **Social Interactions**: Friend lists, private chat messages, blocking/reporting actions

– **Virtual Currency**: Diamonds/gems balance, premium membership status and expiration dates

– **Game-Specific Data**: Progress in games like Chess, Sudoku, 15-Puzzle, Word Games, Tic-Tac-Toe, etc.

### 2.3 Technical Information

– **Device Information**: Device model, operating system version

– **App Usage Analytics**: Session duration, crash reports, performance metrics (via Firebase Analytics)

– **Network Information**: Connection type for optimal game performance

– **Firebase Data**: App usage analytics and crash reporting through Google Firebase services

### 2.4 Information from Third Parties

– **Google Sign-In**: Basic profile information (name, email, profile picture) when you choose to sign in with Google

– **Payment Platforms**: Transaction verification data from Apple App Store and Google Play Store for in-app purchases

– **Firebase Services**: Analytics and crash reporting data processed by Google Firebase

## 3. How We Use Your Information

### 3.1 Core App Functionality

– Provide and maintain the App’s gaming services and features

– Enable multiplayer gameplay, matchmaking, and real-time game synchronization

– Manage user accounts, authentication, and profile customization

– Process in-app purchases and manage virtual currency transactions

– Provide customer support and respond to user inquiries

### 3.2 Communication and Social Features

– Enable chat and messaging between users (with appropriate content moderation)

– Facilitate friend connections and social interactions within the App

– Send notifications about game invitations, match results, and App updates

– Provide leaderboards and achievement systems

### 3.3 Improvement and Analytics

– Analyze usage patterns to improve app performance and user experience

– Develop new features and enhance existing gameplay mechanics

– Debug technical issues, optimize performance, and prevent crashes

– Generate anonymized statistics and reports for business purposes

– Conduct A/B testing for feature improvements

### 3.4 Security and Compliance

– Detect and prevent fraud, cheating, and unauthorized access

– Enforce our Terms of Service and community guidelines

– Protect the safety and security of our users and services

– Comply with legal obligations and regulatory requirements

– Investigate potential violations of our policies

### 3.5 Marketing and Personalization (Optional)

– Provide personalized game recommendations and content (with your consent)

– Send promotional communications about new features or events (opt-in only)

– Analyze user preferences to improve our services

## 4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

– **Contract Performance**: To provide the gaming services you’ve requested

– **Legitimate Interests**: To improve our services, ensure security, and prevent fraud

– **Consent**: For marketing communications and personalized advertising (opt-in)

– **Legal Obligation**: To comply with applicable laws and regulations

## 5. Information Sharing and Disclosure

### 5.1 We DO NOT Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary consideration.

### 5.2 Service Providers and Partners

We may share your information with trusted third-party service providers:

**Firebase/Google Cloud Platform**:

– Purpose: Database storage, authentication, analytics, and app performance monitoring

– Data Shared: User profiles, game data, usage analytics

– Location: Global (with data residency options)

– Privacy Policy: https://policies.google.com/privacy

**Apple App Store/Google Play Store**:

– Purpose: In-app purchase processing and app distribution

– Data Shared: Purchase information, app usage data

– Location: Global

– Privacy Policies: Apple (https://www.apple.com/privacy/), Google (https://policies.google.com/privacy)

**Analytics Providers**:

– Purpose: App usage analysis and crash reporting

– Data Shared: Anonymized usage data, device information

– Retention: As per provider policies

### 5.3 Legal Requirements

We may disclose your information if required by law or in response to:

– Valid legal processes, court orders, or government requests

– Protection of our rights, property, or safety, or that of our users

– Investigation of fraud, security breaches, or policy violations

– National security or law enforcement requirements

### 5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction. We will notify users of any such transfer and any changes to this Privacy Policy.

### 5.5 With Your Consent

We may share information with your explicit consent for specific purposes not covered in this policy.

## 6. Data Retention and Deletion

### 6.1 Retention Periods

We retain your personal information for the following periods:

– **Active Account Data**: As long as your account remains active

– **Inactive Accounts**: 3 years after last login, then automatically deleted

– **Game Statistics**: 5 years for leaderboard and achievement purposes

– **Chat Messages**: 1 year, then automatically deleted

– **Purchase Records**: 7 years for legal and tax compliance

– **Analytics Data**: 26 months (aggregated and anonymized)

– **Crash Reports**: 90 days for debugging purposes

### 6.2 Account Deletion

You can delete your account at any time through:

– App Settings → Privacy & Data → Delete Account

– Contacting our support team at info@duomatch.app

When you delete your account:

– Personal information is permanently deleted within 30 days

– Game statistics may be retained in anonymized form for leaderboards

– Legal records (purchases) are retained as required by law

– You will receive confirmation of deletion via email

## 7. Data Storage and Security

### 7.1 Data Storage Locations

Your data is primarily stored on secure Google Firebase servers with global distribution and data residency controls.

### 7.2 Security Measures

We implement industry-standard security measures:

– **Encryption**: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)

– **Access Controls**: Role-based access with multi-factor authentication

– **Network Security**: Firewalls, intrusion detection, and DDoS protection

– **Regular Audits**: Security assessments and penetration testing

– **Data Backup**: Secure, encrypted backups with geographic distribution

### 7.3 Incident Response

In case of a data breach:

– We will notify affected users within 72 hours

– Relevant authorities will be notified as required by law

– We will provide details about the incident and remediation steps

## 8. Children’s Privacy (COPPA Compliance)

### 8.1 Age Restrictions

DUO MATCH is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

### 8.2 Age Verification

We implement age verification during account registration:

– Users must confirm they are 13 or older

– Date of birth verification for account creation

– Parental consent mechanisms for users 13-17 in applicable jurisdictions

### 8.3 Parental Rights

If you are a parent and believe your child under 13 has provided personal information:

– Contact us immediately at info@duomatch.app

– We will delete the information within 24 hours

– The account will be permanently suspended

### 8.4 Special Protections for Minors

For users aged 13-17:

– Limited data collection (only essential for gameplay)

– Enhanced privacy settings by default

– Restricted social features (friends must be approved)

– No targeted advertising

– Additional parental controls available

## 9. International Privacy Rights

### 9.1 European Union (GDPR) Rights

EU users have the following rights:

– **Access**: Request a copy of your personal data

– **Rectification**: Correct inaccurate personal data

– **Erasure**: Request deletion of your personal data

– **Portability**: Receive your data in a structured format

– **Restriction**: Limit how we process your data

– **Objection**: Object to processing based on legitimate interests

– **Automated Decision-Making**: Opt-out of automated profiling

To exercise these rights, contact info@duomatch.app or use our in-app privacy controls.

### 9.2 California (CCPA) Rights

California residents have the right to:

– Know what personal information is collected and how it’s used

– Delete personal information (with certain exceptions)

– Opt-out of the sale of personal information (we don’t sell data)

– Non-discrimination for exercising privacy rights

### 9.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate, including but not limited to Turkey’s Personal Data Protection Law (KVKK) and other regional privacy regulations.

## 10. Cookies and Tracking Technologies

### 10.1 Types of Technologies Used

We use the following tracking technologies:

– **Essential Cookies**: Required for app functionality

– **Analytics Cookies**: To understand app usage (with consent)

– **Performance Cookies**: To improve app performance

– **Advertising Identifiers**: For analytics and attribution (opt-out available)

### 10.2 Your Choices

You can control tracking through:

– Device settings (IDFA/GAID controls)

– App settings → Privacy → Analytics

– Opting out of personalized ads in device settings

## 11. Third-Party Integrations

### 11.1 Social Media Integration

**Google Sign-In**:

– We only access basic profile information (name, email, profile picture)

– No access to contacts, posts, or private information

– You can revoke access anytime through Google Account settings

### 11.2 Analytics and Advertising

**Firebase Analytics**:

– Collects app usage data for improvement purposes

– Data is aggregated and anonymized

– You can opt-out in app settings

**Crash Reporting**:

– Automatically collects crash data to improve stability

– Contains no personal information

– Can be disabled in app settings

## 12. Communication Preferences

### 12.1 Types of Communications

We may send you:

– **Transactional**: Account notifications, purchase confirmations (cannot opt-out)

– **Promotional**: New features, events, special offers (opt-in only)

– **Push Notifications**: Game invitations, match results (can be disabled)

### 12.2 Managing Preferences

Control communications through:

– App Settings → Notifications

– Email unsubscribe links

– Device notification settings

– Account preferences page

## 13. Updates to This Privacy Policy

### 13.1 Policy Changes

We may update this Privacy Policy to reflect:

– Changes in our practices or services

– Legal or regulatory requirements

– User feedback and improvements

### 13.2 Notification of Changes

We will notify you of significant changes through:

– In-app notifications

– Email notifications (if you’ve provided an email)

– Updated effective date at the top of this policy

– Prominent notice on our website

### 13.3 Continued Use

Your continued use of the App after policy changes constitutes acceptance of the updated Privacy Policy.

## 14. Contact Information

### 14.1 Data Controller Information

**Name**: Doğan Eres  

**Tax ID**: 3540424384  

**Business Type**: Sole Proprietor  

**Address**: NURTEPE MAH. YOL SK. Kapı No:4 KAĞITHANE/İSTANBUL, Turkey  

### 14.2 Privacy Questions

For privacy-related questions, concerns, or requests:

**Email**: info@duomatch.app  

**Response Time**: Within 48 hours for general inquiries, 30 days for formal requests

### 14.3 Data Protection Officer

For GDPR-related matters:

**Email**: info@duomatch.app

### 14.4 General Support

**Email**: info@duomatch.app  

**Website**: duomatch.app

## 15. Governing Law

This Privacy Policy is governed by:

– Turkish law for Turkish residents

– EU law (GDPR) for EU residents

– California law (CCPA) for California residents

– Local applicable privacy laws for other jurisdictions

## 16. Additional Information

### 16.1 Data Transfers

When we transfer your data internationally, we ensure adequate protection through:

– Adequacy decisions by relevant authorities

– Standard contractual clauses

– Certification schemes and codes of conduct

### 16.2 Automated Decision-Making

We may use automated processing for:

– Fraud detection and prevention

– Game matchmaking and balance

– Content personalization (with opt-out available)

You have the right to request human review of any automated decisions that significantly affect you.

### 16.3 Accessibility

This Privacy Policy is available in multiple formats for users with disabilities. Contact us for alternative formats.