Privacy Policy
This policy explains how mobile applications developed by Alperen Kişi process personal data. Because each app uses different SDKs and services, each has its own dedicated policy linked below. This document complies with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR"), the Turkish Personal Data Protection Law No. 6698 ("KVKK"), the California Consumer Privacy Act as amended by CPRA ("CCPA"), and the Children's Online Privacy Protection Act ("COPPA").
Last updated: May 9, 2026Applications
Select an app card to view its specific privacy policy.
Data Controller
Alperen Kişi, independent developer, based in Istanbul, Türkiye, acts as the data controller ("veri sorumlusu" under KVKK; "controller" under GDPR Art. 4(7)) for personal data processed through the applications listed above.
Primary contact: privacy@albooren.com
Postal address: A postal correspondence address for formal, signed written requests (e.g., under the KVKK Communiqué procedure) will be provided upon request sent to the email above. We do not publish a home address because the controller is a natural person.
VERBIS (KVKK registry) status: Registration with the Veri Sorumluları Sicili (VERBIS) is not required. Under the Personal Data Protection Board Decisions No. 2018/32, 2018/87 and subsequent decisions, natural-person data controllers whose principal activity is not the processing of personal data, and who do not exceed the financial and employee thresholds published by the Board, are exempt from the registration obligation. This status will be reassessed if processing volume or nature changes.
EU / UK representative: Processing is limited in scale, occasional, and does not include large-scale monitoring or special-category data. Under GDPR Article 27(2)(a) and the UK GDPR, appointment of a representative is therefore not required. If circumstances change, a representative will be appointed and announced here.
Data Protection Officer: Not required under GDPR Article 37 or KVKK, as processing is not of a nature or scale that triggers DPO obligations. For all data-protection matters, contact the email above.
Legal Bases for Processing (GDPR Art. 6 / KVKK Art. 5)
| Purpose | GDPR Art. 6 basis | KVKK Art. 5 basis |
|---|---|---|
| Providing app functionality (gameplay, settings) | (b) Performance of a contract | 5/2(c) Necessary for contract performance |
| Personalised advertising (where ATT/UMP consent given) | (a) Consent | 5/1 Explicit consent (açık rıza) |
| Non-personalised advertising, fraud prevention | (f) Legitimate interests | 5/2(f) Legitimate interests of the controller |
| Online multiplayer room persistence | (b) Performance of a contract | 5/2(c) Contract performance |
| Security logging, rate limiting | (f) Legitimate interests | 5/2(f) Legitimate interests |
| Analytics (King only, where consented) | (a) Consent | 5/1 Explicit consent |
Your Rights
Regardless of where you are located, you have the following rights over your personal data:
- Access — request confirmation and a copy of data we hold about you (GDPR Art. 15 / KVKK Art. 11(a–c))
- Rectification — correct inaccurate or incomplete data (GDPR Art. 16 / KVKK Art. 11(d))
- Erasure — request deletion of your data (GDPR Art. 17 / KVKK Art. 11(e) "right to be forgotten")
- Restriction — limit how we process your data (GDPR Art. 18)
- Portability — receive your data in a machine-readable format (GDPR Art. 20)
- Objection — object to processing based on legitimate interests or direct marketing (GDPR Art. 21 / KVKK Art. 11(g))
- Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal (GDPR Art. 7(3))
- Not be subject to solely automated decisions that produce legal or similarly significant effects (GDPR Art. 22)
- Compensation for harm suffered due to unlawful processing (KVKK Art. 11(h))
To exercise any right, email privacy@albooren.com. We respond within 30 days (KVKK) and without undue delay, at the latest within one month (GDPR Art. 12(3)).
KVKK formal application: Under the Communiqué on Procedures and Principles for Application to the Data Controller (Official Gazette 30356), you may submit requests via written petition, registered electronic mail (KEP), secure electronic signature, mobile signature, or email to the address you previously notified. We accept the email above for Art. 11 requests.
Right to Lodge a Complaint
- Turkey (KVKK): You may file a complaint with the Kişisel Verileri Koruma Kurumu (KVKK) after first contacting us and receiving no response within 30 days, or if the response is unsatisfactory.
- EU/EEA: You may complain to the supervisory authority in your member state of residence, workplace, or the place of the alleged infringement (GDPR Art. 77). A list of EU data-protection authorities is maintained by the European Data Protection Board.
- UK: You may complain to the Information Commissioner's Office (ICO).
California Residents (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information held by us
- Right to correct inaccurate personal information
- Right to opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising these rights
Do Not Sell or Share My Personal Information: We do not knowingly sell personal information for monetary value. However, our use of Google AdMob for advertising may qualify as "sharing" under CCPA. To opt out of personalised advertising, decline the App Tracking Transparency (ATT) prompt on iOS, or reset/limit your advertising ID on Android (Settings → Google → Ads → "Delete advertising ID"). You may also email privacy@albooren.com with the subject "CCPA Opt-Out" for confirmation.
Automated Decision-Making
We do not use personal data for solely automated decisions that produce legal or similarly significant effects within the meaning of GDPR Article 22. Advertising personalisation performed by Google AdMob is based on aggregated signals and does not produce such effects on you.
Children's Privacy
Our applications are not directed to children under 13 (in the United States per COPPA) or under 16 (in the EU, pursuant to GDPR Art. 8 and applicable member state law). We do not knowingly collect personal data from children below these age thresholds.
If you are a parent or legal guardian and believe your child has provided personal data, email privacy@albooren.com. We will promptly delete the data upon verification.
Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and within 72 hours of becoming aware (GDPR Art. 33 / KVKK Art. 12(5)). Where the breach is likely to result in high risk, we will also notify affected individuals directly (GDPR Art. 34).
International Data Transfers
Some processors (Google AdMob, Firebase) may transfer data outside Turkey / the EEA, including to the United States. Such transfers are protected by:
- Standard Contractual Clauses (SCCs) — European Commission Decision 2021/914 (GDPR Art. 46(2)(c))
- EU–US Data Privacy Framework — adequacy decision for Google LLC as a participant
- Additional safeguards per the recommendations of the European Data Protection Board following Schrems II
Changes to This Policy
This policy may be updated when SDKs, legal requirements, or product scope change. Material changes will be announced at least 30 days before they take effect, both in-app and at the top of this page. Non-material changes take effect upon publication. Prior versions are available on request.
Effective Date
This policy is effective from May 9, 2026. Continued use of the applications after the effective date of any update constitutes acceptance of the updated policy.