Deep Flow Software Services - FZCO  
Privacy Policy  
“Magic Retake”  
01.12.2025  
This Privacy Policy for Deep Flow Software Services - FZCO (“Company”), explains which personal data  
we collect, store, use, and share ("process") when you engage with our services ("Services") in relation  
to Magic Retake application and/or its website (“Application”). This includes instances when you:  
o
o
download, install, registering with, access or use the Application, and its services, or  
interact with us in other related ways, such as through sales, support, or marketing activities.  
This Privacy Policy further describes how and why we collect your personal data; how we intend to  
use, store, protect and share your personal data, and what are your rights and how to exercise them.  
Summary of Key Points  
This summary outlines the key highlights of our Privacy Notice. For more detailed information on any  
specific topic, please refer to the table of contents below to navigate to the relevant sections.  
What personal data do we process? When you use our Services, we may process your personal  
information based on your interactions with us, the choices you make, and the products or features  
that you access. The personal data of users processed by the Company, in particular, are as follows:  
o
your name and surname, e-mail address and phone number which we may receive if you  
contact the Company,  
o
o
o
your profile or social media information if you choose to create an account with us,  
your Internet Protocol Address (IP address),  
messages, posts, communication, statements, information, phrases, entries, text, materials,  
files, documents, images, photos, visual records, links, graphics, media, responses, answers,  
choices, and any content, record or data that you provide, upload, transmit, create, store, use,  
edit or share with or through Application; and voice recordings, audio records and other  
output generated through Application,  
o
o
full photographic image of your face, along with facial feature representations such as  
landmarks (e.g., eyes, nose, mouth), symmetry measurements, facial geometry or other  
facial data,  
your order information if you make a purchase,  
1
o
(if you give us permission) identifier for advertisers designated in your mobile device used in  
accessing our services (The Identifier for Advertisers-IDFA), identifier for vendors/developers  
designated your mobile device (The Identifier for Vendors-IDVF), and Google Advertising ID  
(GAID), identifier for Firebase analytics.  
Do we process sensitive personal data? No, we do not process any sensitive personal data. Please do  
not share with us any content that might have any sensitive personal data.  
How do we process your information? We mainly process your personal data to deliver, enhance, and  
manage our Services, facilitate communication with you, safeguard security, prevent fraud, and  
comply with legal obligations. Additionally, your data may be processed for other purposes with your  
explicit consent. All processing activities are conducted only in accordance with valid legal bases.  
When do we share personal information? We only share your personal data with third parties only  
when necessary to deliver our Services, comply with legal obligations, protect our rights, or prevent  
fraud and security threats. This may include service providers, business partners, and legal authorities.  
All data sharing is carried out in compliance with applicable data protection laws and is subject to  
stringent safeguards to ensure the security of your personal data.  
How do we keep your personal data secure? We implement administrative and technical measures to  
protect your personal data from unauthorized access, disclosure, alteration, or destruction, ensuring  
its security.  
What are your rights? Depending on your region, you may have specific rights concerning your  
personal data. These rights may include the right to access, correct, delete, restrict processing, object  
to processing, and data portability. Additionally, you may have the right to withdraw your consent.  
How can you exercise your rights? You can simply exercise your rights by reaching out to us directly.  
We will diligently review and address any request in compliance with applicable data protection laws.  
Table of Contents  
1. The Data Controller and the Objective  
2. Collection of Personal Data and Method  
3. Purposes of Processing Personal Data and Legal Bases  
4. Third Party Websites/Applications, Cookies and Notifications  
5. Data Storage  
2
6. Technical and Administrative Measures  
7. Age Limitation  
8. Transferring Personal Data to Third Parties  
9. Your Rights as the Data Subject  
10. Contact Information  
11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland  
12. For California Residents  
1.  
The Data Controller and the Objective  
Your personal data, which you provided/will provide to the Company, (see Section 10 for contact  
information), and/or obtained by our Company by any external means, may be processed by our  
Company as “Data Controller”.  
The Company aims to process the personal data of users in accordance with general principles of  
privacy and the provisions of the applicable data protection legislation to the relevant person,  
particularly Law on Personal Data Protection No. 6698 of Turkish Republic, (“PDP Law”) and other  
applicable law and regulations.  
We are committed to complying with this Privacy Policy in accordance with all applicable laws in each  
region in which we operate. To ensure compliance with regional legal requirements, we provide  
additional privacy notices for specific jurisdictions. Accordingly, where applicable, this Privacy Policy  
includes additional information regarding the European Union's General Data Protection Regulation  
(GDPR) (EU Regulation 2016/679). For individuals in the European Economic Area, the United Kingdom,  
and Switzerland, please scroll down to Section 11. For California residents, please scroll down to Section  
12.  
In accordance with this Privacy Policy, personal data are processed by the Company as a data controller  
in line with the basic principles named here: (i) being in accordance with law and good faith, (ii) being  
accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate  
purposes, (iv) being limited for the purpose for which they are processed and data minimization; and  
(v) being stored for the period stipulated in the relevant legislation or required for the purpose for  
which they are processed.  
Capitalized terms in this Privacy Policy shall have the meanings specified in the Terms and Conditions  
unless defined separately in this Privacy Policy.  
3
2.  
Collection of Personal Data and Method  
The Company may process your following data for the purposes specified in this Privacy Policy.  
Identity and Contact Information: When you contact us, such as via e-mail or our phone number, we  
may process your name, surname, phone number and e-mail address, (if relevant) other contact  
information and the content of your communication. If you contact us by post, we may additionally  
process your address if entailed in the communication.  
Technical Information: When you visit, use or engage our Services, we may collect the following  
information from such use of our Services:  
o
Usage Data: We may collect data on how you interact with our Services. This includes  
information about your access to and use of our Application, such as duration of the time spent  
on the Application, information on time and date of access, date/time stamps of your visit,  
visit data, screen recordings, the features you access, contents you view, searches, and actions  
you take within the Application, device event information (for example error reports), in-  
app/web purchase history.  
o
Log Data: We may collect your log data generated while you are using our  
Services/Applications (through our products or third-party products). This log data includes  
internet traffic data, network movements, Internet Protocol (“IP”) address, device name,  
device information, operating system version, visit data, (when website is used) browser type,  
version and settings, language preference, time zone, information about your use of Services,  
the configuration of the Application when utilizing our Service/Application, the time/date of  
your use of the Service/Application, and other statistics.  
o
o
o
Device Information: We may collect data about the device you use to interact with our  
Services, including the device name, device ID, its model, its manufacturer, region information,  
device’s operating system, device identifiers, hardware model.  
Location Information: Please note that we may be able to determine the general area of your  
device's location when it interacts with our Services, based on the information associated with  
your IP address and the region information of the device.  
Identifiers: Unique user ID; and device token ID (particularly, if you allow us to send  
notifications through your device).  
Account Information: If you create an account with us, we will process the following data linked to  
your account.  
4
o
o
Profile Information. If you choose to create an account with us by providing your profile  
information, we may collect your user ID, nickname, username, profile picture, user token,  
open ID, phone number, e-mail address, and password  
Social Media Information. If you choose to register with your social media account on these  
networks, we may collect the following data:  
o
o
o
Through Google: Google user ID, nickname, username, profile picture, user token,  
open ID, phone number, e-mail address,  
Through Apple: Apple user ID, nickname, username profile picture, user token, open  
ID, phone number, e-mail address,  
Through Facebook: Facebook user ID, nickname, username, profile picture, user token,  
open ID, phone number, e-mail address.  
User Content: We process the data that you provide when interacting with our Services, such as when  
you provide an Input to our Services.  
o
This data includes messages, posts, communication, statements, information, phrases, entries,  
text, materials, files, documents, images, photos, visual records, links, emails, graphics, media,  
responses, answers, choices, and any content, record or data that you provide, upload,  
transmit, create, store, use, edit or share with or through Application; and voice recordings,  
audio records and other output generated through Application.  
o
Access to device’s tools. We may ask for your permission to access your device’s photo file or  
gallery app, camera and audio recording tools, in order to provide certain services, when you  
are using the Application, such as to generate Output for photos you share or to transcribe  
your audio recording. You can choose not to allow us to access these tools by either rejecting  
our access or later disabling such access in your mobile device settings. However, you may not  
be able to use certain features of our Services if you choose to opt out.  
o
Note regarding Biometric Data. Biometric Data corresponds to full photographic image of your  
face, along with facial feature representations such as landmarks (e.g., eyes, nose, mouth),  
symmetry measurements, facial geometry or other facial data. We may use your  
Biometric Data to provide you with our Services and to enhance the quality of our  
Services. The Biometric Data is not used for facial recognition, identity verification,  
or any other authentication. Your Biometric Data will not be sold, leased, traded, or  
anyhow be commercially exploited or profited.  
5
o
Note regarding sensitive information. Please do not share any content that might have  
sensitive personal information. Furthermore, please be advised that the provision of any  
financial information, social security numbers, health information, images of other individuals,  
any information on children, or any other sensitive or confidential information via the  
Application is strictly prohibited. Despite this warning and prohibition, however, we recognise  
that our users might inadvertently include such information within the free-form text, images,  
or other content they submit via the Application. If we become aware that we have  
inadvertently received or processed sensitive personal data submitted by you, we will take  
commercially reasonable steps to promptly delete such sensitive data from our systems,  
except where retention is strictly required by applicable law.  
o
Note regarding your rights. Please note that we do store your user content in accordance with  
this Privacy Policy and relevant legislation, especially in order to be able to provide Services.  
At any time, you can request the deletion of this information. Your other rights regarding this  
information are outlined in detail in this Privacy Policy.  
Customer Transaction. We may collect order information directly from you, our marketing vendors or  
our payment processors.  
o
This information includes order date, payment date, subscription type, billing period, billing  
document, payment amount, due amount, payment status and any associated transaction  
identifiers (e.g., billing id, your e-mail address). This information is used to process your orders,  
manage subscriptions, and ensure the proper handling of payments and subscriptions.  
o
Please note that we do not collect your payment method details, such as your credit card  
number, as we do not directly process your payment.  
Marketing Data. When you give us permission, we may collect your Usage Data; and an identifier for  
advertisers designated in your mobile device used in accessing our services (the Identifier for  
Advertisers-IDFA), an identifier for vendors/developers designated to your mobile device (the  
Identifier for Vendors-IDFV), Google advertising ID (GAID); identifier for Firebase analytics.  
Explanation on the Source of Information  
We may collect your above mentioned data directly from you through electronic or physical mediums,  
your device, your browser, third party applications or third party sources which you can access our  
application through these mediums such as Apple App Store, Google Play Store (similar platforms  
together with “App Stores”), or payment processors such as Paddle for the purposes of operation of  
6
our product, compliance with legal obligations, enhancing our services, administering your use of our  
services, as well as enabling you to enjoy and easily navigate our services.  
3.  
Purposes of Processing Personal Data and Legal Bases  
Your personal data will be processed via automatic or non-automatic means for the purposes stated  
below, in accordance with the applicable legislation and Articles 5 and 6 of the PDP Law where it is  
expressly permitted by the laws, the establishment of a contract or direct relation to the execution or  
performance of the contract and for the legitimate interests of the Company provided that  
your fundamental rights and freedoms are protected, and in order to fulfil our legal obligations.  
For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll  
down to Section 11.  
a) Purposes of Processing Personal Data  
Your personal data is processed for the following purposes in accordance with the general principles  
referred to above as well as the legal bases identified below:  
execution of goods/services sales processes,  
execution of agreement processes,  
execution of company/product/service commitment operations,  
operation of our product,  
creating user accounts for the service recipients/application users.  
conducting storage and archive activities,  
execution of communication activities,  
conducting after-sales support services for goods/services,  
execution of activities in compliance with legislation,  
execution/auditing of business activities,  
execution of information security processes,  
conducting audit/ethical activities,  
conducting activities to ensure business continuity,  
compliance with legislation and protection of persons’ rights, privacy and safety,  
providing information to authorized persons, institutions and organizations,  
7
prevention of crimes and other illegal acts,  
conducting activities for customer satisfaction,  
customizing our Services, understanding our users and their preferences to enhance user  
experience and enjoyment using our Services and improve our users’ experience,  
Additionally, if you give us explicit consent, your Marketing Data may be processed for conducting  
marketing analysis studies and executing advertising (including personalised  
advertisements)/campaign/promotion processes. Please note that the GAID will be collected and  
processed based on your explicit consent, only if you are based in a jurisdiction where such consent is  
required for the processing of the GAID (e.g. where PDP Law or GDPR applies).  
If you give us explicit consent, your identity and contact information may be processed for  
communicating with you to send information about marketing and informing about new products,  
services and applications and delivering you information regarding advertisements and promotions,  
Besides, the purposes of processing personal data may be updated in line with our obligations arising  
from our Company policies and legislation; in particular,  
Carrying out digital subscription and in-app purchase processes of service recipients,  
Carrying out the auto-renewable subscriptions for giving users access to content, services, or  
premium features in our Service,  
Conducting the processes of finance and accounting transactions,  
Carrying out strategic planning activities,  
Following up on requests and complaints.  
b) Purpose of Processing and Legal Basis  
Purpose of Processing  
Type of Personal Data  
Legal Basis  
operation of our product, for  
example to provide outputs in  
response to user inputs or provide  
certain features to certain type of  
subscription models  
-
Identity and Contact It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
a
-
-
-
-
Account Information  
Technical Information  
User Content  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract  
Customer Transaction  
8
creating user accounts for the  
-
-
Account Information  
Technical Information  
It is necessary to process your  
personal data, provided that  
service  
users  
recipients/application  
we establish  
a
contractual  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract.  
execution of goods/services sales  
processes (either via in-app  
purchases or through web  
purchases)  
-
Identity and Contact It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
a
-
-
Account Information  
Customer Transaction  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract  
execution of agreement processes  
-
Contact and Identity It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
a
-
-
-
-
-
Account Information  
Technical Information  
Customer Transaction  
User Content  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract.  
execution  
of  
Identity and Contact It is necessary to process your  
company/product/service  
Information  
personal data, provided that  
we establish contractual  
commitment  
operations  
detecting and  
a
-
-
-
Account Information  
User Content  
(including  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract  
correcting technical defects)  
Technical Information  
execution of communication  
activities  
-
Identity and Contact It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
relationship with you, or that it  
a
(This only entails communication  
for the purpose of establishment  
-
-
Account Information  
Customer Transaction  
9
of  
communication related to the  
operation of our  
product/Services. This does not  
entail communication for  
a
contract with you or  
is directly related to our  
performance obligation arising  
from this contract  
-
Technical Information  
marketing purposes which is  
subject to explicit consent)  
conducting after-sales support  
services for goods/services  
-
Identity and Contact It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
a
(for example, to carry out refund  
process or resolving technical  
defects that a user may  
experience)  
-
-
-
-
-
Account Information  
Customer Transaction  
Technical Information  
User Content  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract  
conducting storage and archive  
activities  
Contact and Identity It is necessary to process your  
Information  
personal data, provided that  
we establish contractual  
a
-
-
-
-
-
-
-
Account Information  
User Content  
relationship with you, or that it  
is directly related to our  
performance obligation arising  
from this contract.  
Technical Information  
Customer Transaction  
Technical Information  
Customer Transaction  
User Content  
execution/auditing of business  
activities  
Processing is necessary for our  
legitimate interests, provided  
that your fundamental rights  
and freedoms are not harmed.  
conducting audit activities  
-
-
Technical Information  
Customer Transaction  
Processing is necessary for our  
legitimate interests, provided  
that your fundamental rights  
and freedoms are not harmed.  
conducting activities to ensure  
business continuity  
-
-
Technical Information  
Customer Transaction  
Processing is necessary for our  
legitimate interests, provided  
10  
that your fundamental rights  
and freedoms are not harmed.  
conducting activities for customer  
satisfaction  
-
-
-
-
-
-
-
-
Technical Information  
Customer Transaction  
User Content  
Processing is necessary for our  
legitimate interests, provided  
that your fundamental rights  
and freedoms are not harmed.  
Account Information  
Technical Information  
Customer Transaction  
User Content  
Customizing  
our  
Services,  
Processing is necessary for our  
legitimate interests, provided  
that your fundamental rights  
and freedoms are not harmed.  
understanding our users and their  
preferences to enhance user  
experience and enjoyment using  
our Services and improve our  
users’ experience (this does not  
include processing to train AI  
models)  
Account Information  
execution  
of  
activities  
in  
-
Identity and Contact Conditions that are necessary  
compliance with legislation  
Information  
in order to fulfil our legal  
obligation  
-
-
-
-
-
Account Information  
Technical Information  
User Content  
Customer Transaction  
compliance with legislation and  
protection of persons’ rights,  
privacy and safety  
Contact and Identity Conditions that are necessary  
Information  
in order to fulfill our legal  
obligation; and  
-
-
-
-
Account Information  
Technical Information  
Customer Transaction  
User Content  
where we are not subject to a  
specific legal obligation, we  
may process personal data  
when it is necessary for the  
purposes of our legitimate  
interests.  
This  
includes  
safeguarding our Services  
11  
against abuse, fraud, or  
security risks. Such processing  
may  
involve  
detecting  
potential threats to the security  
and integrity of our Services by  
processing  
technical  
information.  
execution of information security  
processes  
-
Technical Information  
Conditions that are necessary  
in order to fulfill our legal  
obligation; and  
where we are not subject to a  
specific legal obligation, we  
may process personal data  
when it is necessary for the  
purposes of our legitimate  
interests.  
This  
includes  
safeguarding our Services  
against abuse, fraud, or  
security risks. Such processing  
may  
involve  
detecting  
potential threats to the security  
and integrity of our Services by  
processing  
technical  
information.  
providing  
information  
to  
-
-
Account Information  
Conditions that are necessary  
in order to fulfill our legal  
obligation  
authorized persons, institutions  
and organizations  
Contact and Identity  
Information  
-
-
-
Technical Information  
Customer Transaction  
User Content  
12  
prevention of crimes and other  
illegal acts  
-
-
Account Information  
Conditions that are necessary  
in order to fulfill our legal  
obligation; and  
Contact and Identity  
Information  
where we are not subject to a  
specific legal obligation, we  
may process personal data  
when it is necessary for the  
purposes of our legitimate  
-
-
-
Technical Information  
Customer Transaction  
User Content  
interests.  
This  
includes  
safeguarding our Services  
against abuse, fraud, or  
security risks. Such processing  
may involve the detection and  
blocking accounts and contents  
that violate our Community  
Guidelines or pose potential  
threats to the security and  
integrity of our Services.  
In addition to the above purposes, the following personal data may be processed for the following  
purposes in accordance with your explicit consent.  
If you give us explicit consent (acquired via Apple and/or Google and/or within the App), your  
Marketing Data may be processed for conducting marketing analysis studies and execution of  
advertising (including personalised advertisements)/campaign/promotion processes.  
If you give us explicit consent (acquired when you opt- in for marketing communication), your  
Identity and Contact Information may be processed for communicating with you to send  
information about services, products, and applications and delivering you information  
regarding advertisements, promotions and other marketing communication.  
If you give us explicit consent (acquired when you opt-in for model improvement), your User  
Content may be processed to improve our services by training of AI models.  
4.  
Third Party Websites/Applications, Cookies and Notifications  
The Application may contain links to other websites or apps that are unknown to the Company and  
whose content is not controlled. These linked websites or apps may contain terms and conditions other  
13  
than the Company texts. The Company cannot be held responsible for the use or disclosure of  
information that these websites or apps may process. Likewise, the Company shall not have any  
responsibility for any links from other sites or apps provided to the Application owned by the Company.  
We collect information by fair and lawful means, with your knowledge and consent. We also let you  
know why we’re collecting it and how it will be used. You are free to refuse our request for this  
information, with the understanding that we may be unable to provide you with some of your desired  
services without it.  
While using the Application, you may provide information through third party websites and apps to  
the Company, please be aware that your liability and obligations against third party apps or websites  
will continue and the Company shall not be held responsible for any terms, conditions, rules or policies  
determined by third parties.  
While using the Google Workspace and the materials through these services, the use of raw or derived  
user data received from Workspace APIs should adhere to the Google User Data Policy, including the  
Limited Use requirements of Google Workspace.  
Cookies  
Cookies are little text files that are stored on the browser or hard drive of your computer or mobile  
device when you visit a webpage. Cookies allow a website to run more efficiently in addition to  
ensuring the presentation of personalized web pages in order to make you live a faster visit experience  
which is more fit for your specific personal needs and demands. Containing only data on your website  
visit history via the internet, cookies do not collect any information, including your personal data/files  
stored on your computer or mobile device. We may use cookies when it is necessary for operating our  
Services, to enhance our Service performance and functionality, and to deliver content, including ads  
relevant to your interests, on our sites, or third-party sites. You can delete cookies which are already  
present on your computer and prevent the recording/location of cookies on your internet explorer.  
Internet browsers are predefined to automatically accept the cookies as default. As the management  
of cookies varies from browser to browser, you may look at the help menu of the browser or  
application to get detailed information. Please refer to our Cookie Policy.  
Push Notifications  
The Company may occasionally send you push notifications via its mobile applications or website  
regarding Application upgrades or notifications about our Services. You can always edit such  
communication and notifications through the settings on your device and stop receiving such  
communications and notifications.  
14  
5.  
Data Storage  
Your data will be stored for the duration specified in the applicable legislation or until the purpose of  
processing ceases to exist.  
The Company may continue to store your personal data, even after the expiry of the purpose of its use  
provided that it is required by other laws or separately a consent is granted by you in this regard.  
In cases that you allow the Company to store your personal data for additional time by giving your  
consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such  
additional time or once the consent is withdrawn.  
Additionally, your data may be further stored even after the fulfilment of the purpose of processing  
on the legal basis of the necessity of the establishment, execution and protection of our legal rights  
until the end of legal limitation periods (in jurisdictions where the GDPR applies, the storage is based  
on our legal interests).  
Your Biometric Data will be stored for the duration specified in the applicable legislation, until the  
purpose of processing ceases to exist or as long as you maintain using our Services. If you are a passive  
user with free access, then, such Biometric Data is deleted after one month. Premium usersdata is  
kept as long as they pay for our Services. Inference data is deleted after two weeks for all users.  
6.  
Technical and Administrative Measures  
The Company stores the personal data it processes in accordance with relevant legislation for periods  
stipulated in relevant legislation or required for the purpose of processing. The Company undertakes  
to take all necessary technical and administrative measures and to take the due care to ensure the  
confidentiality, integrity and security of personal data. In this context, it takes the necessary measures  
to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure,  
modification or destruction of data.  
Accordingly, the Company takes the following technical and administrative measures regarding the  
personal data it processes:  
Anti-virus application. On all computers and servers in the Company's information technology  
infrastructure, a periodically updated anti-virus application is installed.  
Firewall. The data center and disaster recovery centers hosting the Company servers are protected by  
periodically updated software-loaded firewalls; the relevant next generation firewalls control the  
internet connections of all staff and provide protection against viruses and similar threats during this  
control.  
15  
VPN. Suppliers can access the Company servers or systems through SSL-VPN defined on Firewalls. A  
separate SSL-VPN identification has been made for each supplier; with the identification made, the  
supplier only provides access to the systems that it should use or is authorized to use.  
User identifications. The Company employees' authorization to the Company systems is limited only  
to the extent necessary by job descriptions; in case of any change of authority or duty, systemic  
authorizations are also updated.  
Information security threat and event management. Events that occur on the Company servers and  
firewalls, are transferred to the “Information Security Threat and Event Management” system. This  
system alerts the responsible staff when a security threat occurs and allows them to respond  
immediately to the threat.  
Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through  
environments encrypted with cryptographic methods and cryptographic keys are stored in secure and  
various environments.  
Logging. All transaction records regarding sensitive data are securely logged.  
Two-factor authentication. Remote access to sensitive data and registration/creation of an account is  
allowed through at least two-factor authentication.  
Penetration test. Periodically, penetration tests are performed on servers in the Company system.  
The security gaps created as a result of this test are closed and a verification test is performed to show  
that the relevant security gaps have been closed. Besides, the Information Security Threat and Event  
Management System automatically performs penetration tests. Test results are recorded.  
Information Security Management System (ISMS). At the ISMS meetings made within the Company,  
the topics contained in the control forum are audited monthly by the director of information  
technology and the director of financial operations.  
Training. In order to increase the awareness of the Company employees against various information  
security violations and to minimize the impact of the human factor in information violation incidents,  
training is provided to employees at regular intervals.  
Physical data security. It ensures that personal data on papers is necessarily stored in lockers and  
accessed only by authorized persons. Adequate security measures (for situations such as electric  
leakage, fire, deluge, thievery etc.) are taken based on the nature of the environment where sensitive  
data is stored.  
Backup. Company periodically backs up the data it stores. As a backup mechanism, it uses the backup  
facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops  
16  
when deemed necessary, provided that it is in compliance with relevant legislation and provisions of  
this Policy.  
Non-disclosure agreement. Non-disclosure agreements are concluded with employees taking part in  
sensitive personal data processing.  
Transfer of sensitive personal data. If transfer of sensitive personal data is required through email;  
such transfer is done through (i) encrypted corporate email or (ii) Registered Email.  
In the event that the personal data is damaged as a result of attacks on the Application or on the  
Company system, despite the Company taking the necessary information security measures, or the  
personal data is obtained by unauthorized third parties, the Company notifies this situation to Users  
immediately and, if necessary, to relevant data protection authority and takes necessary measures.  
7.  
Age Limitation  
We do not permit the use of our application by children under the age of 16.  
We do not knowingly collect or process personal data from anyone under the age of 16. If you learn  
that someone under the age of 16 has provided us with personal information, please contact us via  
email.  
Users under 18 must have permission from their parents or legal guardians to use our Services.  
8.  
Transferring Personal Data to Third Parties  
The procedures and principles to be applied for transferring of personal data are regulated in articles  
8 and 9 of the PDP Law, and the personal and special categories of data of the supplier may be  
transferred to third parties within the country or abroad since we may use servers and cloud systems  
located abroad.  
We implement the following mechanisms to ensure your data is transferred abroad securely and in  
accordance with applicable data protection laws:  
We rely on the Standard Contractual Clauses as issued by the Turkish Data Protection Authority  
pursuant to Article 9/4)(c) of the PDP Law.  
Your following personal data may be transferred abroad to our service providers on the legal bases  
explained above (Section 3.b.) and in the respective Standard Contractual Clauses, for the following  
purposes:  
Your Technical Information, Identity and Contact Information, Account Information, Customer  
Information, and User Content for the purpose of conducting storage and archive activities  
(including cloud services and database services) that are required to maintain our operations.  
17  
Your Account Information for the purpose of authentication of user accounts that is required  
to maintain our operations.  
Your Technical Information for the purposes of correction of technical specifications, technical  
errors and defects that are required to maintain our operations.  
The Company may also transfer your Marketing Data to service providers (incl. Google, Apple,  
Facebook SDK, Adjust and Firebase Analytics, which are embedded into our service) for the purpose of  
conducting marketing analysis studies and execution of advertising (including personalised  
advertising)/campaign/promotion processes.  
We may have to share personal information with authorized public institutions and organizations, and  
judiciary bodies for the purpose of complying with our legal obligations and requirements on the legal  
basis that it is necessary in order to fulfill our legal obligation.  
Please note that your Biometric Data will not be shared with any third parties. All Biometric Data is  
securely stored on Google Cloud servers, which offer robust protection measures including encryption,  
controlled access, and monitoring to safeguard user privacy and prevent unauthorized use or access.  
Please note that we may share anonymized data with third-party AI models.  
For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll  
down to Section 11. For individuals in California please scroll down to Section 12.  
9.  
Your Rights as the Data Subject  
Pursuant to Article 11 of the PDP Law, you may request from the Company the exercise of the following  
rights regarding your personal data:  
Learn whether or not your personal data have been processed.  
Demand for information as to if your personal data have been processed.  
Learn the purpose of the processing of personal data and whether data are used in accordance  
with their purpose.  
Know the third parties in the country or abroad to whom your personal data have been  
transferred.  
In case the personal data is processed incompletely or inaccurately, request notification of the  
transactions made under this scope to third parties to whom personal data have been  
transferred.  
18  
Request deletion, destruction or anonymization of personal data if the reasons for the  
processing have disappeared and request notification of the transactions made under this  
scope to third parties to whom personal data have been transferred.  
Object to the occurrence of any result that is to your detriment by means of the analysis of  
personal data exclusively through automated systems.  
Request compensation for the damages in case you incur damages due to unlawful processing  
of your personal data.  
Right to withdraw explicit consent from processing data based on explicit consent at any time.  
In the request where you outline your rights as a data subject and specify the rights you wish to  
exercise, your request must be clear and understandable. If your request pertains to your own personal  
data or if you are acting on behalf of another individual, you must be specifically authorized to do so,  
and such authorization must be properly documented. Additionally, the application must include your  
identity and address details, and supporting documents verifying your identity must be attached.  
Our Company will enable you to file such requests via email. In accordance with Article 13 of the PDP  
Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest,  
depending on the nature of the request. In case the request is rejected, the reason or reasons for the  
rejection will be notified in writing or electronically along with its justification.  
For individuals in the European Economic Area, the United Kingdom, and Switzerland, please scroll  
down to Section 11. For individuals in California please scroll down to Section 12.  
10. Contact Information  
If you have any questions or comments regarding this Privacy Policy that is not covered here or if you  
have any request or would like to exercise your rights, you may contact us via the following email  
address or by post at the following Company address:  
Company Title:  
Deep Flow Software Services - FZCO  
Address:  
IFZA Business Park, DDP, IFZA Property FZCO, Building A1  
3641379065, 53751-001, Dubai Digital Park, Dubai Silicon Oasis,  
Dubai, UAE  
E-mail:  
Tel:  
magicretakes@codeway.co  
+90-212-807-0096  
19  
11. For Individuals in the European Economic Area, the United Kingdom, and Switzerland:  
Where General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal  
Act on Data Protection is applicable, for a complete understanding of our data practices, please read  
this privacy notice together with our Privacy Policy outline above.  
Purposes of Processing Personal Data and Legal Bases  
Your personal data may be processed for the following purposes on the following legal bases.  
Purpose of Processing  
Type of Personal Data  
Legal Basis  
creating and maintaining user  
accounts  
-
-
Account Information  
User Information  
processing is necessary for the  
performance of a contract to  
which the data subject is party  
or in order to take steps at the  
request of the data subject  
prior to entering into  
contract.  
a
providing,  
analysing  
and  
-
Identity and Contact processing is necessary for the  
maintaining our Services with all  
features and functionalities (such  
as to provide outputs in response  
to user inputs or provide certain  
features to certain type of  
Information  
performance of a contract to  
which the data subject is party  
or in order to take steps at the  
request of the data subject  
-
-
-
-
Account Information  
Technical Information  
User Content  
prior to entering into  
contract.  
a
subscription  
models  
and  
Customer Transaction  
conducting archive and storage  
activities).  
This includes personalizing the  
features and functionalities of the  
service (such as displaying the  
Services in a language relevant to  
your general area based on your IP  
address).  
administering and operating our  
business including purposes such  
-
Identity and Contact processing is necessary for the  
Information performance of a contract to  
20  
as  
managing  
subscriptions,  
which the data subject is party  
or in order to take steps at the  
request of the data subject  
-
-
-
-
Account Information  
Technical Information  
User Content  
troubleshooting the technical  
defects and issues.  
prior to entering into  
contract.  
a
Customer Transaction  
communicating with you, including  
to send you information about  
your subscription, and other  
requests (this does not include  
communication for marketing  
purposes).  
-
Identity and Contact processing is necessary for the  
Information  
performance of a contract to  
which the data subject is party  
or in order to take steps at the  
request of the data subject  
-
-
-
Account Information  
Customer Transaction  
Technical Information  
prior to entering into  
contract.  
a
conducting after-sales support for  
goods and services, including  
-
Identity and Contact processing is necessary for the  
Information  
performance of a contract to  
which the data subject is party  
or in order to take steps at the  
request of the data subject  
manage  
refund  
processes,  
-
-
-
-
-
-
-
-
Account Information  
Customer Transaction  
Technical Information  
User Content  
assisting you to manage a technical  
defect, responding to your  
inquiries  
prior to entering into  
contract.  
a
conducting activities to ensure  
Account Information  
Customer Transaction  
Technical Information  
User Content  
processing is necessary for the  
purposes of the legitimate  
interests pursued by the  
controller or by a third party,  
except where such interests  
are overridden by the interests  
or fundamental rights and  
freedoms of the data subject  
which require protection of  
personal data, in particular  
where the data subject is a  
child.  
business  
continuity  
and  
usersatisfaction as well as  
improving our services (this does  
not include processing to train AI  
model)  
21  
complying  
with  
legal  
and  
-
Identity and Contact processing is necessary for  
regulatory obligations  
Information  
compliance with  
a
legal  
obligation to which the  
controller is subject.  
-
-
-
-
-
Account Information  
Technical Information  
User Content  
Customer Transaction  
ensuring safety and security,  
preventing fraud and unlawful  
activities, and protect against the  
misuse of our Services. This  
includes safeguarding our systems,  
securing our business operations,  
and investigating, preventing, and  
detecting prohibited conduct,  
illegal actions, and other security  
or technical issues.  
Identity and Contact processing is necessary for  
Information  
compliance with  
a
legal  
obligation to which the  
controller is subject; and  
-
-
-
-
Account Information  
Technical Information  
User Content  
where we are not subject to a  
specific legal obligation, we  
may process personal data  
when it is necessary for the  
purposes of our legitimate  
Customer Transaction  
interests.  
This  
includes  
safeguarding our Services  
against abuse, fraud, or  
security risks. Such processing  
may involve the detection and  
blocking accounts and contents  
that violate our Community  
Guidelines or pose potential  
threats to the security and  
integrity of our Services.  
complying with legal obligations  
and to protect the rights, privacy,  
safety, or property of our users,  
Company, or third parties  
-
Identity and Contact processing is necessary for  
Information  
compliance with  
a
legal  
obligation to which the  
controller is subject; and where  
we are not subject to a specific  
legal obligation, we may  
process personal data when it  
-
-
-
-
Account Information  
Technical Information  
User Content  
Customer Transaction  
22  
is necessary for the purposes of  
our legitimate interests. This  
includes safeguarding our  
Services against abuse, fraud,  
or  
security  
risks.  
may  
Such  
processing  
involve  
detecting potential threats to  
the security and integrity of our  
Services  
by  
processing  
technical information.  
auditing of business activities  
-
-
-
Technical Information processing is necessary for the  
purposes of the legitimate  
User Content  
interests pursued by the  
Customer Transaction  
controller or by a third party,  
except where such interests  
are overridden by the interests  
or fundamental rights and  
freedoms of the data subject  
which require protection of  
personal data, in particular  
where the data subject is a  
child.  
In addition to the above purposes, we will only process the following personal data with your consent.  
You may withdraw your consent at any time by contacting us via email or as stated below. Withdrawing  
consent will not affect the lawfulness of processing based on consent before its withdrawal.  
If you give us consent (acquired via Apple and/or Google and/or within the App), your  
Marketing Data may be processed for conducting marketing analysis studies and execution of  
advertising (including personalised advertising)/campaign/promotion processes. You can  
withdraw consent through settings of your account.  
If you give us consent (acquired when you opt-in in for marketing communication), your  
Identity and Contact Information may be processed for communicating with you to send  
information about services, products, and applications and delivering you information  
regarding advertisements, promotions and other marketing communication. You can  
23  
withdraw your consent by clicking on "unsubscribe" link in the e-mail that is sent to you or by  
following the procedure specified in the communication.  
If you give us consent (acquired when you opt-in in for model improvement), your User  
Content may be processed to improve our services by training of AI models). You can withdraw  
consent in settings of the App.  
AI Training Disclaimer: This processing may involve retention of your data for a certain period and use  
for algorithmic improvements. We do not use your data for AI training unless you have explicitly  
consented. You can withdraw consent at any time in the settings of the Application or by contacting  
us. The collected Biometric Data is used exclusively to train our internal AI models and enhance the  
quality of user photos. By analysing patterns and imperfections in facial features, our AI learns to  
enhance photos by adjusting lighting, fixing distortions, and refining facial clarity.  
Transferring Personal Data to Third Parties  
We implement the following mechanisms to ensure compliance with applicable data protection laws  
when transferring Personal Data outside the European Economic Area (EEA), Switzerland, or the United  
Kingdom (UK):  
Adequacy Decisions: We rely on adequacy decisions issued by the European Commission in  
accordance with Article 45(1) of the GDPR, when transferring Personal Data to countries that  
have been deemed to provide an adequate level of data protection. You can find the current  
list of adequate countries here.  
Standard Contractual Clauses (SCCs) & Supplementary Measures: For transfers to  
jurisdictions not covered by an adequacy decision, we implement the Standard Contractual  
Clauses as adopted by the European Commission under Article 46(2)(c) of the GDPR. We also  
apply additional safeguards where necessary, such as:  
o
o
o
o
Encryption of personal data in transit & at rest,  
Data minimization & anonymization where possible,  
Technical access controls to limit third-party access,  
Ongoing Transfer Impact Assessments (TIA) to monitor local laws.  
Binding Corporate Rules (BCRs): Where applicable, we rely on Binding Corporate Rules (BCRs)  
as approved by the competent supervisory authority in accordance with Article 46(2)(b) and  
Article 47 of the GDPR.  
24  
Your following personal data may be transferred abroad to our service providers on the legal basis  
explained above for the following purposes:  
Your Technical Information, Contact and Identity Information, Account Information, Customer  
Information, User Content for the purpose of conducting storage and archive activities  
(including cloud services and database services) that are required to maintain our operations.  
Your Account Information for the purpose of authentication of user accounts that is required  
to maintain our operations.  
Your Technical Information for the purposes of correction of technical specifications, technical  
errors and defects that is required to maintain our operations.  
The Company may also transfer your Marketing Data to service providers (incl. Google, Apple,  
Facebook SDK, Adjust and Firebase Analytics which are embedded into our service) for the purpose of  
conducting marketing analysis studies and execution of advertising (including personalised  
advertising)/campaign/promotion processes.  
We may have to share personal information with authorized public institutions and organizations, and  
judiciary bodies for the purpose of complying with our legal obligations and requirements on the legal  
basis that it is necessary in order to fulfill our legal obligation.  
Please note that we may share anonymized data with third-party AI models.  
Your Rights Regarding Data Transfers  
You have the right to request a copy of the safeguards applied (e.g., SCCs, BCRs) by contacting  
us via email.  
If you believe your data has been transferred unlawfully, you can lodge a complaint with your  
local data protection authority or the European Data Protection Supervisor (EDPS).  
Your rights as the Data Subject  
Under the GDPR, you have the following rights:  
Right of Access (Article 15 GDPR) You can request a copy of your personal data and details  
on how we process it.  
Right to Rectification (Article 16 GDPR) - To request the rectification of information that you  
believe is inaccurate or the completion of information that you believe is incomplete by the  
Company.  
25  
Right to Erasure (Article 17 GDPR, “Right to be Forgotten”) You can request deletion of your  
personal data, except when we are required to retain it for legal obligations, public interest,  
or legal claims.  
Right to Restriction of Processing (Article 18 GDPR) To request the restriction of the  
processing of personal data under the conditions stipulated in the GDPR.  
Right to Data Portability (Article 20 GDPR) You can request a copy of your data in a  
structured, commonly used, machine-readable format such as CSV or JSON, or request direct  
transfer to another provider where technically feasible.  
Right to Object (Article 21 GDPR) You can object to processing based on legitimate interests.  
If you object to direct marketing, we will stop processing immediately. For other objections,  
we will assess whether our legitimate interests override your rights.  
Automated Decision-Making and Profiling (Article 22 GDPR) If a decision affecting you is  
made solely by automated means, such as AI-based decisions, you have the right to request  
human intervention, express your views, and contest the decision.  
Right to Withdraw Consent (Article 7(3) GDPR) If we process your data based on consent,  
you can withdraw it at any time. This does not affect prior processing.  
You may exercise these rights by submitting your request via email. We will respond to your request  
within one month, as required under GDPR. If your request is complex, we may extend this by an  
additional two months, in which case we will notify you.  
If you believe that we or someone with whom we have transferred your data is violating your rights,  
you can file  
a
complaint to the local data protection authority in your country  
(https://www.edpb.europa.eu/about-edpb/about-edpb/members_en) and to other competent  
supervisory authorities. For any unresolved complaints relating to the UK you can reach out to the  
Information Commissioner's Office (https://ico.org.uk/) and for Switzerland, to the Federal Data  
Protection and Information Commissioner (https://www.edoeb.admin.ch/en).  
12. For California Residents  
For a complete understanding of our data practices, please read this privacy disclosure together with  
our Privacy Policy outline above.  
Your rights  
If you are a California resident, you have certain rights. These include the right to know what personal  
information we collect, use, disclose, and sell; the right to request deletion of your personal  
26  
information; the right to correct inaccurate personal information; the right to opt out of the sale or  
sharing of your personal information; and the right to limit the use and disclosure of sensitive personal  
information; and right to non-discrimination. We do not sell your personal information in the  
traditional sense, but we may share usage data with third-party service providers for analytics and  
functionality purposes. We do not collect sensitive personal information (please refer to Section 2 for  
more information). To exercise any of these rights, or to designate an authorized agent to make a  
request on your behalf, please contact us via email. We will not discriminate against you for exercising  
any of your privacy rights.  
We may verify your identity before responding to your request to protect your privacy and security.  
Our Services comply with all applicable laws and we ensure that our systems do not violate these laws  
and respect users' constitutional right to privacy.  
Disclosure regarding the collection of personal data  
We may collect the following categories of personal information: identifiers (e.g., name, e-mail  
address, phone number, IP address); personal information described in California Civil Code Section  
1798.80(e) (e.g., s name, contact information (such as phone number), account name, billing  
information); inferences from your personal information to create a profile about your preferences (if  
it is an option in the Application and you choose to personalize services, the information may be used  
to personalise services); network activity information (information how consumers interact with our  
apps and websites).  
Please refer to the Section 2 above for a complete description of what information we collect and how  
we collect it. Please refer to the Section 3 above for which purposes we use your personal information.  
Disclosure regarding the use of third-party tools  
We may use third-party tools such as Google, Apple, Facebook SDK, Adjust and Firebase Analytics to  
understand app usage and improve performance. These tools may collect information such as  
identifiers and in-app events (Please refer to the definition of Marketing Data under Section 2).  
Under California law, the use of certain analytics and advertising tools may be considered a “sale” or  
“sharing” of personal information. We do not sell your personal information for monetary  
compensation, but we may share it for purposes of delivering personalized advertising or measuring  
marketing analytics.  
Prior to using your information for the purposes of delivering personalised ads or measuring marketing  
analytics, we may ask for your permission. California residents may always opt out or withdraw their  
permission by adjusting privacy settings or by contacting us.  
27  
Please refer to Section 8 for more information.  
Retention of Personal Information  
Please refer to Section 5 for how long we retain your personal information.  
Changes to This Privacy Policy  
We may update this Privacy Policy from time to time to reflect changes in our practices, technology,  
legal requirements, or other factors. When we make changes, we will state the date at the top of this  
Policy.  
If we make material changes (changes that significantly affect your rights or the way we handle your  
data), we will provide you with prominent notice before the changes take effect. This notice may be  
provided through the Application interface (e.g., a pop-up notification), by sending an email to the  
address associated with your account (if applicable), or through other reasonable means appropriate  
to the circumstances.  
We encourage you to review this Privacy Policy periodically. Your continued use of the Services after  
the effective date of any revised Privacy Policy constitutes your acknowledgment of the updated terms,  
unless applicable law requires a different form of acceptance (such as explicit consent for certain types  
of changes).  
28