Privacy Policy

Last updated: May 5, 2026 · Effective: May 5, 2026
Table of Contents 1. Data Controller 2. Scope 3. Personal Data We Collect 4. Purposes of Processing 5. Legal Basis 6. Data Sharing 7. International Transfers 8. Retention Periods 9. Data Security 10. Your Rights 11. Age Limits and Children's Data 12. Pingle App Specific Provisions 13. Changes 14. Contact

1. Data Controller

The data controller under this Privacy Policy is Pentagame Bilişim Limited Şirketi (referred to as "Pentagame", "we", "us", or "the company").

Trade NamePentagame Bilişim Limited Şirketi
MERSIS Number0728081138000001
Tax ID Number7280811380
Registered AddressMerkez Mah. 52140 Sk. Çevik Vitacourt B Blok No: 14B Door No: 1, 33240 Mezitli / Mersin, Türkiye
Email[email protected]
Phone+90 534 453 94 94

2. Scope

This Privacy Policy governs the processing of personal data of users who access our website at pentagame.com.tr, our mobile applications (including but not limited to Pingle), and all our digital services.

This Policy is prepared in compliance with the Turkish Personal Data Protection Law No. 6698 ("KVKK"), the EU General Data Protection Regulation (Regulation 2016/679, "GDPR"), and applicable Apple App Store and Google Play guidelines.

3. Personal Data We Collect

Depending on the nature of the services you use, we may process the following categories of personal data:

3.1. Identity Information

  • Name, surname, username, date of birth, gender

3.2. Contact Information

  • Email address, phone number

3.3. Account and Usage Information

  • Password (stored in irreversibly hashed form), profile photo, user preferences, notification settings

3.4. Location Data

  • GPS-based approximate or precise location, when you grant explicit consent (used for app features)

3.5. Device and Technical Information

  • Device model, operating system version, IP address, push token, language setting, app version

3.6. Usage and Interaction Data

  • In-app activity, navigation logs, screen views, interaction durations

3.7. Content Data

  • Photos, text, messages and other content uploaded by the user

4. Purposes of Processing

Your personal data is processed for the following purposes:

  • Providing our services and managing user accounts
  • Fulfilling our contractual obligations
  • Providing user support services
  • Ensuring account security and preventing fraud
  • Improving service quality and resolving technical issues
  • Complying with legal obligations
  • Promotional, marketing, and informational activities (with your explicit consent)
  • Statistical analysis and reporting

Your personal data is processed based on the following legal grounds set out in Articles 5 and 6 of the KVKK and Article 6 of the GDPR:

  • Necessity for the establishment or performance of a contract (KVKK Art. 5/2-c · GDPR Art. 6(1)(b))
  • Compliance with a legal obligation (KVKK Art. 5/2-ç · GDPR Art. 6(1)(c))
  • Necessity for the establishment, exercise, or protection of a right (KVKK Art. 5/2-e)
  • Legitimate interests pursued by the controller (KVKK Art. 5/2-f · GDPR Art. 6(1)(f))
  • Your explicit consent — particularly for marketing communications and precise location data (KVKK Art. 5/1 · GDPR Art. 6(1)(a))

6. Data Sharing

Your personal data may be shared with the following parties to the extent necessary to provide the services:

  • Cloud service providers (for server infrastructure)
  • Notification service providers (Apple Push Notification, Firebase Cloud Messaging)
  • Analytics service providers (for evaluating usage statistics)
  • Payment institutions (when premium features are purchased)
  • Competent public authorities (where required by legal obligation)
  • Legal, financial, and audit advisors (under confidentiality agreements)

Your data is never sold or rented to third parties for advertising, sales, or marketing purposes.

7. International Transfers

Some of our service providers are located outside Türkiye (in particular, in the European Union and the United States). Personal data may be transferred to such countries pursuant to KVKK Article 9, with your explicit consent or under decisions of the Turkish Personal Data Protection Authority that recognize adequate protection. For GDPR-protected data, transfers are made under Standard Contractual Clauses or other lawful safeguards.

Standard providers used in this scope include Apple Inc., Google LLC, and Cloudflare.

8. Retention Periods

Your personal data is retained for the following periods:

Data CategoryRetention Period
Account informationFor the duration the account is active + 90 days (after deletion request)
Content data (uploaded)While the account is active, unless deleted by the user
Communication and support records3 years from the date of request
Billing / financial records10 years (per Turkish Tax Procedure Law)
Log records1 year (may extend to 2 years per Law No. 5651)
Cookie dataPeriods specified in the Cookie Policy

At the end of the retention period, your personal data is deleted, destroyed, or anonymized.

9. Data Security

We implement appropriate technical and organizational measures pursuant to KVKK Article 12 and GDPR Article 32 to ensure the security of your personal data:

  • TLS/SSL encryption for all connections
  • Storage of passwords using irreversible hash algorithms (bcrypt)
  • Access controls and authorization management
  • Regular security audits and penetration tests
  • Backup and disaster recovery plans
  • Confidentiality undertakings and regular awareness training for personnel

10. Your Rights

Under KVKK Article 11 and GDPR Articles 15–22, as a data subject you have the right to:

  • Learn whether your personal data is being processed
  • Request information regarding the processing
  • Learn the purpose of processing and whether the data is used in accordance with that purpose
  • Know the third parties to whom your data is transferred, domestically or abroad
  • Request the rectification of incomplete or incorrectly processed data
  • Request the deletion or destruction of your personal data under the conditions set out in KVKK Article 7 / GDPR Article 17 (right to erasure / "right to be forgotten")
  • Request that the processing is restricted (GDPR Article 18)
  • Receive your personal data in a structured, commonly used and machine-readable format (data portability — GDPR Article 20)
  • Object to processing based on legitimate interests (GDPR Article 21)
  • Object to a decision made solely by automated processing
  • Claim compensation for damages arising from unlawful processing
  • Lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) or, for GDPR matters, with the relevant supervisory authority

You may exercise these rights by sending a request to [email protected] or to the postal address specified above. Your requests will be answered within 30 days at the latest.

11. Age Limits and Children's Data

The Pingle application is rated 17+ on the Apple App Store and Google Play and is not intended for users under the age of 17. We do not knowingly collect personal data from users under 17 via Pingle. Date-of-birth verification is enforced at registration; underage registrations are rejected.

For our other services, the minimum age is 13. If you become aware that a child under 13 has provided us with personal data, or that a user under 17 has registered for Pingle, please notify us at [email protected]; the relevant account will be closed and the data will be deleted promptly.

12. Pingle App Specific Provisions

Map of your life's moments
ping-le.com

This section sets out additional privacy provisions applicable to Pingle, the location-based social mobile application developed and distributed by Pentagame Bilişim Limited Şirketi. The official website of the Pingle app is ping-le.com. The provisions in this section supplement other sections of this Privacy Policy; in case of conflict, the Pingle-specific provisions prevail.

12.1. App Information

App NamePingle
DeveloperPentagame Bilişim Limited Şirketi
iOS Bundle IDcom.pentagame.pingle
Android Packagecom.pentagame.pingle
DistributionApple App Store, Google Play
CategorySocial · Location-based connection app
Age Rating17+ (Apple) / Mature 17+ (Google)

12.2. Data Collected via Pingle

Account & Authentication:

  • Email or phone number (SMS-OTP verification for phone)
  • Password — stored as an irreversible hash (bcrypt)
  • Optional PIN code (in-app security lock)
  • Social authentication tokens (Google Sign-In and Sign in with Apple)

Profile Data:

  • Name or username, date of birth, gender
  • Profile photos (up to 9)
  • Interests, hobbies, bio text
  • Match preferences (age range, distance, gender preference)

Location Data:

  • Precise (GPS) location for the "radar" feature showing nearby users and venues
  • Venue check-in: explicitly chosen sharing of a visited venue
  • Location services run on Apple Maps, Google Maps, and OpenStreetMap (OSM) infrastructures
  • Location is collected only while the app is open and with explicit user permission; no continuous background tracking

Messaging:

  • Content of messages exchanged between matched users
  • Messages are transmitted over TLS and stored with encryption at rest
  • Message timestamps, delivery, and read receipts
  • Messaging is allowed only between matched users; per-minute rate limits apply

Match Behavior:

  • Like / pass / super-like / rewind records
  • Block and report submissions
  • Match and interaction statistics

Device & Technical Data:

  • Device type, model, OS version, app version
  • Language and region settings
  • Push notification token (FCM / Apple Push Notification)
  • Apple ATT (App Tracking Transparency) selection — required on iOS 14.5+
  • Device integrity check (jailbreak/root detection, anti-fraud purpose)

Biometric Authentication (Local):

  • Pingle supports Face ID / Touch ID on Apple devices and fingerprint / face unlock on Android
  • Biometric data is processed only within the secure hardware enclave (Secure Enclave / TEE) of your device; it is not transmitted to or stored on Pentagame servers
  • Biometric verification is used only to unlock the session token kept locally on the device

Payment Data:

  • Pingle premium subscriptions are charged exclusively via Apple StoreKit (iOS) and Google Play Billing (Android)
  • Credit card or bank account details are never received, viewed, or stored by Pentagame; all payment processes are managed by the relevant platform provider
  • Only purchase outcomes (subscription status, start and renewal dates) are stored on our servers

12.3. Third-Party Service Providers

The following third-party providers are required for Pingle infrastructure to function. Each provider's own privacy policy applies:

ProviderPurposeData Transferred
Apple Inc.Push notification (APN), app distribution, biometric infrastructure, Sign in with Apple, StoreKit paymentsDevice token, anonymous authentication, purchase records
Google LLC (Firebase)Cloud Messaging (FCM), crash analyticsDevice token, anonymous usage metrics
Google Sign-InSocial authenticationEmail, name, profile photo (with user consent)
MapboxMap and location servicesApproximate location, map tile requests
Google Maps PlatformVenue search and geocodingApproximate location, search queries
OpenStreetMapOpen-source map tilesAnonymous map tile requests
CloudflareCDN, DDoS protection, WAFIP address, HTTP request metadata

12.4. Account Deletion

In compliance with Apple App Store and Google Play guidelines, we offer multiple methods to easily delete your account:

  1. In-app: Pingle → Profile → Settings → Delete Account
  2. Web: Submit a request via pentagame.com.tr/account-deletion.html
  3. Email: Send an email titled "Pingle Account Deletion Request" from your registered email address to [email protected]

Your request will be processed within 30 days at most. Subject to legal retention obligations (e.g., billing records, log records under Law No. 5651), your personal data will be deleted, destroyed, or anonymized.

12.5. App Store Privacy Labels

Pingle declares the categories of data collected on its store listings in compliance with Apple App Store "App Privacy" and Google Play "Data Safety" requirements. Should there be a discrepancy between the declared categories and this Privacy Policy, the more comprehensive provision applies.

13. Changes

This Privacy Policy may be updated from time to time in line with changes to our services or applicable law. You will be notified of material changes via in-app notice or email. The most current version is always available on this page.

14. Contact

For questions about our privacy policy or to submit data requests:

Pentagame Bilişim Limited Şirketi
Merkez Mah. 52140 Sk. Çevik Vitacourt B Blok No: 14B Door No: 1, 33240 Mezitli / Mersin, Türkiye
Email: [email protected]
Phone: +90 534 453 94 94
Turkish version: Türkçe sürüm