Privacy Policy

This Privacy Policy explains how Kepp ("we", "us") collects, uses, shares, and protects your personal data when you use the Service. It is designed to comply with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the EU General Data Protection Regulation ("GDPR").

1. Data controller

Kepp is the data controller responsible for your personal data. Contact: privacy@kepp.social.

2. Data we collect

• Account data: email address, username, full name, age (to verify the 16+ requirement), hashed password.
• Content & activity: collections, notes, saved links and their previews, follows, and similar actions you take.
• Optional profile data: bio, avatar/cover images you upload.
• Technical data: IP address, device/browser type, and basic logs needed for security and operation.

We do not sell your personal data. We do not use third-party advertising trackers.

3. Why we use it & legal bases

• To provide the Service (create your account, store and show your collections) — performance of a contract.
• To send essential emails (verification, password reset, security notices) — contract / legitimate interest.
• To keep the Service secure (prevent abuse, fraud, and misuse) — legitimate interest / legal obligation.
• To improve the Service (aggregate, non-identifying analysis) — legitimate interest.

4. Cookies & local storage

We use only strictly necessary cookies and on-device storage to keep you signed in and remember preferences (such as theme). We do not use advertising or cross-site tracking cookies.

5. Sharing & processors

We share data only with service providers acting on our instructions:

• Hosting: our servers and database are hosted in the European Union (Germany).
• Email delivery: a transactional email provider sends verification and password-reset emails.

We may disclose data if required by law or to protect the rights, safety, and security of Kepp and its users. Note: links you save point to third-party platforms; visiting those links is subject to those platforms' own privacy policies, over which we have no control.

6. International transfers

Your data is primarily processed within the EU. Where data is transferred outside Türkiye or the EEA, we rely on appropriate safeguards (such as adequacy decisions or standard contractual clauses) as required by KVKK and GDPR.

7. Retention

We keep your data while your account is active. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must retain certain records to meet legal obligations or resolve disputes.

8. Security

We protect your data with measures such as encryption in transit (HTTPS), hashed passwords (argon2), access controls, and isolated infrastructure. No system is perfectly secure, but we work to safeguard your information and will notify you and authorities of breaches as required by law.

9. Children

The Service is not directed to anyone under 16, and we do not knowingly collect their data. If you believe someone under 16 has provided us data, contact privacy@kepp.social and we will delete it. Users under the age of majority must have parental/guardian consent.

10. Your rights

Under KVKK (Art. 11) and GDPR (Arts. 15–22), you may:

• learn whether we process your data and request access to it;
• request correction of inaccurate data or completion of incomplete data;
• request deletion or anonymization ("right to be forgotten");
• object to or restrict certain processing, and request data portability;
• withdraw consent where processing is based on consent;
• lodge a complaint with the Turkish Data Protection Authority (KVKK Kurumu) or your local EU supervisory authority.

To exercise these rights, email privacy@kepp.social. We respond within the periods required by law.

11. Changes

We may update this Policy and will revise the "Last updated" date. For material changes we will provide reasonable notice.

12. Contact

Privacy questions: privacy@kepp.social.