Privacy Policy
How we collect and process your data
Note: This is an explanatory translation. The Turkish version is legally binding under Turkish law (KVKK).
This Privacy Policy explains what data we collect, store, and process while you use ExScore (exscore.app). For the formal disclosure under KVKK, see the KVKK Disclosure page.
1. Data We Collect
Automatically collected
- X (Twitter) profile info — username (handle), display name, profile photo, X user ID. When you sign in via OAuth, X sends these to us.
- Email — collected if provided by X (not required).
- IP address and browser info — temporarily processed via Cloudflare for security.
What you provide
- Phone number — required for verification before writing comments. Not shown to other users; kept solely for abuse prevention.
- Explicit consent — your acceptance and the timestamp are stored.
- Ratings and comments — your ratings and 140-character comments about others.
- Promo code usage — if you use a code like EX10, we record which code and when.
2. Why We Process Data
- Run the service, build your profile, and compute the social reputation score
- Prevent fake accounts, harassment, and abuse
- Comment moderation (regex blocklist + OpenAI Moderation API)
- Compliance with KVKK and other legal obligations
- Statistical improvements (anonymous and aggregate only)
3. Third Parties We Share With
| Third party | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU (Frankfurt) |
| Cloudflare | Hosting, CDN, security | Global |
| X (Twitter) | OAuth sign-in | USA |
| OpenAI | Comment moderation analysis | USA |
| SMS provider | OTP verification (phone) | TR / global |
| İyzico | Payment (VIP) — coming soon | TR |
Sharing with these third parties is limited to the minimum data required to operate the service. No data is sold for advertising or marketing.
4. Retention Periods
- Active account data: as long as the account is active
- Account deletion request: 30-day waiting period → then irreversibly deleted
- Phone OTP records: 7 days (verified) / 1 day (expired)
- IP / log records: 90 days (security)
- Moderation records: with the comment; deleted when the comment is deleted
- Aggregate statistics: indefinite (KVKK art. 28 — anonymous data)
5. Visibility of Ratings
Once you give consent, the numerical ratings about you become permanently visible to all users. These ratings cannot be removed individually — the only way to remove them is to fully close your account. Comments about you are also visible to all users; you have limited delete rights.
6. Cookies and Local Storage
We use cookies / local storage only for the following:
- Session management (Supabase auth token)
- Cloudflare security / bot protection
- App preferences (e.g. last profile viewed)
No third-party analytics or advertising cookies are used.
7. Your Rights
Under KVKK art. 11 you have the right to:
- Learn whether your data is processed
- Learn whether it is processed for its intended purpose
- Request correction
- Request deletion (within the above limits)
- Object to processing
- Demand compensation for damages
Requests: [email protected]
8. Security
Your data is transmitted over encrypted channels (HTTPS / TLS 1.3) and stored encrypted in Supabase. Phone OTP codes are stored as SHA-256 hashes, never in plaintext. Access control is layered with Postgres RLS.
9. Children
ExScore is not suitable for users under 13. Users under 18 should use it with parental consent. If we discover a user under 13 has provided data, we will delete it immediately.
10. Policy Changes
We may update this policy from time to time. For significant changes we'll show an in-app notice and update the "Last updated" date.
Version: v1.0
İletişim
Bu metinle ilgili soruların ya da KVKK kapsamında talep oluşturmak için:
E-posta: [email protected]