Privacy Policy

1. Who this policy applies to

This policy applies to the CheckInDate website, mobile apps, and related services unless a country-specific notice, in-app notice, or store-specific disclosure gives you additional or stronger rights.

CheckInDate is operated by Barış Durmaz as an individual developer (sole trader). The registered business address is 9165/2 Sok. No:16 D:4, Doğanay, Karabağlar, İzmir 35140, Türkiye. Privacy questions and data requests can be sent to [email protected], support questions to [email protected], and general business questions to [email protected]. The same operator details are used for the EU Digital Services Act (Regulation (EU) 2022/2065) trader disclosure on Apple's App Store.

2. Categories of data we process

We may process account and profile data such as your name, email address, date of birth, phone number if you provide it, profile text, preferences, photos, and related account settings.

We also process operational and safety-related data needed to run the service, including messages, blocks, reports, check-in and nearby settings, subscription status, device and session identifiers, support history, and verification-related records when you choose to verify your profile.

Message content is stored so conversations can be delivered, kept available in the app, and used if a safety, fraud, support, or legal issue needs to be investigated. CheckInDate does not routinely open or manually review private messages, but relevant message records may be accessed when reasonably necessary for those limited purposes.

• Account and identity details such as email address, date of birth, profile name, and login credentials or login tokens.
• Profile content such as photos, bio fields, interests, lifestyle information, and visibility settings.
• Special-category personal data collected via optional profile fields: gender identity, sexual orientation (the genders you are interested in matching with), and religious affiliation. These fields are used solely to enable matching and discovery consistent with your preferences and are visible only to other authenticated users in line with normal dating-app usage.
• Usage and service data such as check-in history, nearby settings, device/session identifiers, subscription status, conversation records needed to operate messaging, and product interaction events (screen views, feature usage) collected for service operation, reliability, and product improvement.
• Phone-book contacts uploaded for the optional contact-privacy feature: phone numbers from your address book are normalized and SHA-256 hashed on device before being sent to our servers; raw phone numbers are never transmitted or stored.
• Diagnostic and crash data collected via Firebase Crashlytics, including the user identifier associated with a session, used solely to detect and minimize app crashes.
• Purchase history and subscription state from Apple's App Store, used to provision premium features and reconcile billing events.
• Trust and safety data such as reports, blocks, verification outcomes, device-ban signals, and moderation history.

3. Why we use personal data

We use personal data to create and secure accounts, make profiles available to other eligible users, support nearby discovery and venue check-ins, deliver messaging features, process purchases and subscriptions, and keep your settings available across sessions.

We also use personal data for trust and safety purposes, including profile verification, fraud prevention, abuse detection, moderation, report handling, account enforcement, support operations, and compliance with applicable law.

• Operate account creation, sign-in, profile setup, and in-app preferences.
• Enable nearby discovery, venue check-ins, and distance-based rules.
• Support messaging, subscription handling, and customer support.
• Prevent abuse, investigate reports, apply account restrictions, and protect other users.

4. Location, contacts, verification, and analytics

When location permission is enabled, CheckInDate may process location while the app is in use to support nearby discovery, venue check-ins, and related distance rules. Other users are shown product-level signals such as venue presence or nearby availability rather than your raw coordinates.

If you use contact privacy, phone numbers from your contacts are normalized and hashed on device before upload — raw phone numbers are never transmitted or stored. This allows the app to keep known contacts out of discovery without revealing who is in your address book.

If you choose profile verification, the app records a short selfie video (3–5 seconds) that is reviewed by our moderation team to confirm the face on the profile matches a real person. Because this recording contains facial data, it is treated as special-category / biometric-related data under GDPR Article 9(2)(a) and KVKK Article 6 and is processed only on the basis of your explicit consent given inside the app. Selfie videos are retained for up to 30 days after approval or up to 90 days after rejection (to cover the appeal window), after which they are deleted. You can withdraw consent at any time by contacting [email protected].

The app records first-party product-interaction events (screen views, feature usage, and similar telemetry) to operate the service, monitor reliability, and improve the product. These events are stored on our own infrastructure (Supabase) and are not shared with third-party advertising or tracking networks. Where local law requires opt-in consent for analytics, that consent is requested before non-essential analytics are recorded.

• Location is used while the app is in use for nearby mode, venue check-ins, distance validation, and related safety or functionality rules.
• Contact privacy hashes normalized phone numbers on device; raw numbers are never uploaded or retained.
• Profile verification captures a short selfie video — treated as biometric-related special-category data under GDPR Art. 9(2)(a) / KVKK m.6 — retained 30 days after approval or up to 90 days after rejection.
• First-party product-interaction analytics is collected on our own infrastructure for service operation and product improvement; opt-in consent is requested where local law requires it.

5. Legal bases and sharing

Depending on where you are located and how you use the service, CheckInDate may rely on contract performance, legitimate interests, legal obligations, the protection of vital interests, and consent where consent is required for a feature or processing activity.

We may share personal data with service providers that support hosting, storage, authentication, messaging, subscriptions, support, security, or analytics, with app store or payment partners when you purchase paid features, with legal advisers or authorities when required, and with other users only to the extent the service requires.

The main third-party processors we currently rely on are listed below. Each acts only on our instructions and under contractual data-protection terms, and processes personal data solely to deliver the service.

• Supabase — primary application database, authentication, realtime messaging infrastructure, file storage for profile photos, and edge functions. Data is hosted in EU data centres (Ireland and Stockholm).
• Apple and Google — app store distribution, in-app purchase processing, subscription billing, and receipt validation for paid features.
• Google Sign-In and Apple Sign-In — optional social login; only the identifier and basic profile information needed to create or match an account is received.
• Google Places — venue search and check-in location metadata when you look up or confirm a venue.
• Cloudflare — edge CDN, DNS, bot protection (Turnstile CAPTCHA), and Zero Trust access for our admin tooling.
• Firebase Crashlytics (Google) — crash and stability diagnostics from the mobile app; payloads are limited to technical telemetry.
• Authorities, courts, or advisers where disclosure is required or reasonably necessary.
• Other users only through the product features that make your profile, venue presence, or conversations visible.

6. International transfers and retention

Our primary application data (profiles, messages, photos, check-ins) is stored on Supabase infrastructure located in the European Union — specifically Ireland for the development environment and Stockholm for production. Keeping the core datastore in the EU means EU/EEA user data does not leave the EU for routine operations.

Some of our auxiliary processors (for example crash reporting, analytics, or app-store billing) may operate in countries outside the EU, including the United States. Where applicable law requires safeguards, we rely on the contractual, statutory, or technical measures required for those transfers, including the relevant standard contractual clauses where that framework applies.

We keep different types of data for different periods. Account and profile data may be kept while your account remains active, while safety, billing, verification, security, message, and legal records may be retained longer where necessary for fraud prevention, dispute handling, legal compliance, or the protection of other users.

• Active account and profile data may remain available while you continue using the service.
• Message records may remain stored as part of active conversations and may be retained for a longer period if they are relevant to safety reports, abuse prevention, disputes, or legal obligations.
• Support, billing, moderation, security, and verification records may be retained longer where needed for legal, safety, or fraud-prevention reasons.
• Deletion requests may not remove every record immediately where retention is required by law or legitimate safety needs.

7. Your rights and choices

Depending on your location, you may have rights to access, correct, export, delete, or restrict certain personal data, to object to some processing, or to withdraw consent where consent is the basis for processing. You may also be able to control permissions such as location, camera, contacts, analytics consent, and visibility settings directly in the app or on your device.

Some requests can start inside the app, including account deletion and certain export tools. For broader requests, please use our Privacy Requests page or contact [email protected].

• Access, correction, export, deletion, restriction, and objection rights where local law provides them.
• Consent withdrawal for features that depend on consent.
• In-app or device-level controls for location, camera, contacts, and analytics preferences.
• Support escalation through [email protected] if an in-app option does not cover your request.

8. Security and account protection

CheckInDate uses a combination of product design, access controls, moderation tooling, and technical safeguards to protect account and service data.

No system is completely risk-free, but we aim to limit unauthorized access, fraud, impersonation, and other abuse wherever reasonably possible.

• Account state checks may be used to detect bans, suspensions, or deleted-account conditions.
• Device and session information may be used to support fraud prevention or ban-evasion controls.
• Support and safety records may be used when responding to account or incident investigations.

9. Adults-only service and children

CheckInDate is intended for adults aged 18 and over. The service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 13 (or the equivalent minimum digital-consent age in your jurisdiction where higher).

If we discover that an account has been created by, or contains personal data of, a person under 13 we will take prompt steps to disable the account and delete the associated data. Parents or guardians who believe a child has provided personal data to CheckInDate can contact [email protected] and we will address the request promptly.

If we believe an account otherwise belongs to someone under 18, we may restrict, suspend, or remove that account and related content.

10. Updates to this policy

We may update this policy from time to time. When we do, we will update the date shown at the top of this page and, where required, give additional notice through the app, the website, or other appropriate channels.