Privacy policy (Kumarı Bırak)

This page explains how we handle personal data for the website and app ecosystem. Turkish users are also covered under Turkey's KVKK—the authoritative Turkish text may prevail locally.

Note: This English version is for convenience. If there is a conflict, the Turkish privacy policy reflects the official wording for our Turkey-based operations.

Last updated

11 June 2026

1. Overview

We take privacy seriously. Problem gambling is a sensitive topic, and we aim to collect only what we need to operate accounts, deliver features, respond to you, keep the service secure, and comply with applicable law.

2. Who is responsible

The Kumarı Bırak platform is the controller for the personal data described here.

  • Email: info@kumaribirak.com
  • Website: https://kumaribirak.com

3. Data we may collect

  • Account details you provide (for example email, name, hashed password)
  • Recovery features you create inside the app (check-ins, goals, journal notes—depending on what you enter)
  • Support messages you send via our contact forms
  • Technical information such as IP address, device/browser metadata, and security logs

4. Why we use data

Service delivery

Authenticate you, run core features, and keep your settings in sync.

Support and safety

Answer questions, investigate abuse, and protect accounts.

Improvement

Understand reliability and UX issues in aggregate.

Legal compliance

Meet lawful requests and regulatory obligations where they apply.

5. Legal bases (summary)

Depending on context and jurisdiction, we rely on contract (providing the service you asked for), legitimate interests (security and improvement, balanced against your rights), consent where required, and legal obligation where the law mandates retention or disclosure.

6. How we store data

Personal data collected through the Kumarı Bırak website and mobile app is stored on secure cloud infrastructure. Account details, in-app records (check-ins, goals, journal entries, comments, and similar content), and support messages are held in Supabase-hosted PostgreSQL databases protected by encrypted connections (TLS/SSL).

Passwords are never stored in plain text; they are processed using one-way hashing. Uploaded images and files are stored in secure object storage on the same infrastructure.

The mobile app may keep session tokens and preferences (such as theme settings) locally on your device. This data is not sent to our servers unless required for the feature, and can be removed when you sign out or uninstall the app.

Our infrastructure providers (such as Supabase and hosting partners) may process data in the European Union and/or other secure data centres. Where data is transferred outside your country, we apply appropriate safeguards as required by applicable law.

7. How long we keep data

We retain personal data only for as long as needed for the purposes described in this policy and to meet legal obligations. When the purpose no longer applies or the retention period ends, we delete, anonymise, or archive the data unless the law requires us to keep it longer.

Data typeRetention period
Account information (email, name, profile)While your account is active; permanently deleted within 30 days of an account deletion request
In-app records (check-ins, goals, progress data)While your account is active; deleted within 30 days of account closure
Blog comments and community contentWhile published; removed within 30 days of a deletion request or account closure
Contact and support messagesUp to 2 years after the request is resolved
Security and access logs (IP, session records)Up to 12 months; longer if required for a legal dispute or security investigation
Backup copiesPurged from backups within 90 days after the primary data is deleted

If a legal obligation (court order, official authority request, etc.) requires longer retention, we keep only the relevant data for that obligation. To ask about retention or request early deletion, contact us via the contact form or email info@kumaribirak.com.

8. Security

We use encryption in transit (TLS/SSL), access controls, monitoring, and regular backups appropriate to the risk. Passwords are hashed; administrative access to production systems is restricted to authorised personnel.

9. Your rights

You may have rights to access, correct, delete, object, or port your data—depending on applicable law. If you are in Turkey, KVKK grants specific rights; elsewhere, local privacy law may apply.

Contact

Email info@kumaribirak.com or use the contact form. We aim to respond within a reasonable timeframe.

10. International transfers

Some infrastructure or processors may be located outside your country. Where required, we use appropriate safeguards (such as standard contractual clauses) in line with applicable regulations.

11. Changes

We may update this policy when our practices or the law changes. If the update is material, we will provide notice in a reasonable way—such as posting on this page or emailing registered users.