MeloMatch – Privacy Policy

Effective Date: December 4, 2024

Last Updated: December 4, 2024

Kovan Apps Ltd (“Company”, “we”, “us”, or “our”) operates the MeloMatch mobile application (“App”, “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By using MeloMatch, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.

1. Information We Collect

We collect several types of information from and about users of our App:

1.1 Information You Provide Directly

When you create an account and use MeloMatch, you provide us with the following information:

Data Category	Specific Information	Purpose
Profile Information	Name, age, gender, bio/description	Create and display your profile to other users
Authentication Data	Phone number	Account creation and login via Firebase Authentication
Photos	Profile pictures and additional photos	Visual representation on your profile, stored in Firebase Storage
Music Preferences	Favorite artists, genres, songs, playlists (via Spotify API if connected)	Matching algorithm to connect users with similar tastes
User Preferences	Age range, distance preferences, gender preferences	Filter and display relevant matches
Communications	Messages, reports, support inquiries	Enable chat functionality, content moderation, customer support

1.2 Information Collected Automatically

When you use MeloMatch, certain information is collected automatically:

• Location Data: GPS coordinates, approximate location based on IP address. We use location data to show you nearby users and provide distance-based matching. You can disable location services through your device settings, but this will limit core functionality.
• Device Information: Device model, operating system version, unique device identifiers (Android ID), mobile network information
• Usage Data: App interactions, features used, time spent on the App, swipe patterns, match interactions
• Log Data: IP address, access times, app errors, crash reports (via Firebase Crashlytics and Sentry)
• Analytics Data: User behavior, feature engagement, conversion metrics (via Firebase Analytics)

1.3 Information from Third Parties

• Spotify: If you connect your Spotify account, we receive your music listening history, favorite artists, top tracks, and playlists according to Spotify’s API permissions
• Google Play Services: Authentication tokens, purchase history for subscription management

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Core Service Functionality

• Create and manage your account
• Authenticate your identity
• Display your profile to other users
• Match you with compatible users based on music preferences and location
• Enable chat and communication features
• Process and manage subscriptions

2.2 Service Improvement and Analytics

• Analyze usage patterns to improve user experience
• Develop new features and functionality
• Conduct research and analytics
• Monitor and analyze performance metrics
• Identify and fix technical issues

2.3 Safety and Security

• Detect and prevent fraud, abuse, and violations of our Terms
• Monitor content for prohibited material using Firebase Cloud Vision API
• Investigate and respond to user reports
• Enforce our Terms and Conditions
• Comply with legal obligations

2.4 Communication

• Send service-related notifications (matches, messages, subscription updates)
• Respond to customer support inquiries
• Send important updates about the Service
• Notify you of changes to our policies

3. Legal Basis for Processing (GDPR/KVKK)

Under GDPR and KVKK, we process your personal data based on the following legal grounds:

• Consent: You provide explicit consent when creating an account and using the Service
• Contractual Necessity: Processing is necessary to perform our contract with you (providing the dating service)
• Legitimate Interests: We have legitimate interests in improving our Service, preventing fraud, and ensuring safety
• Legal Obligations: We may process data to comply with legal requirements

4. How We Share Your Information

We share your information only in the following limited circumstances:

4.1 With Other Users

Your profile information, photos, music preferences, and approximate location are visible to other MeloMatch users for matching and connection purposes. You control what information appears on your profile.

4.2 Service Providers and Business Partners

We share data with trusted third-party service providers who assist us in operating the App:

Service Provider	Purpose	Data Shared
Firebase (Google)	Authentication, database, storage, analytics, crashlytics	Phone number, profile data, photos, usage data, device info, crash reports
RevenueCat	Subscription management	User ID, subscription status, purchase history, device info
Spotify	Music data integration	User ID, authentication tokens (if you connect Spotify)
Sentry	Error tracking and monitoring	Error logs, device info, app version

These service providers are contractually obligated to protect your data and use it only for the purposes we specify. They are bound by confidentiality agreements and comply with applicable data protection laws.

4.3 Legal Requirements and Protection

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms and Conditions
• Protect the rights, property, or safety of Kovan Apps Ltd, our users, or the public
• Detect, prevent, or investigate fraud, security issues, or illegal activity
• Respond to claims of rights violations

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have regarding your information.

5. Data Security

We implement industry-standard security measures to protect your personal information:

5.1 Technical Safeguards

• Encryption: Data transmission is encrypted using SSL/TLS protocols
• Secure Storage: Data at rest is stored on secure Firebase servers with encryption
• Access Controls: Strict authentication and authorization mechanisms
• Regular Security Audits: Ongoing monitoring and testing of security systems
• Firewall Protection: Network-level security measures

5.2 Organizational Safeguards

• Limited employee access to personal data on a need-to-know basis
• Confidentiality agreements with employees and contractors
• Regular security training for personnel
• Incident response procedures

Important Notice: While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: Data is retained while your account is active
• Inactive Accounts: Accounts inactive for 2 years may be automatically deleted
• Deleted Accounts: Upon account deletion, most data is removed within 30 days. Some data may be retained for legal, security, or fraud prevention purposes for up to 90 days
• Legal Requirements: Data may be retained longer if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements)
• Anonymized Data: Aggregated, anonymized analytics data may be retained indefinitely

7. Your Privacy Rights

Depending on your location, you have various rights regarding your personal data:

7.1 Rights Under GDPR (European Users)

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure (“Right to be Forgotten”): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with a supervisory authority

7.3 Rights Under CCPA (California Users)

• Right to Know: Request disclosure of collected personal information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

7.4 How to Exercise Your Rights

To exercise other privacy rights or for data-related requests, contact us at:

Email: info@kovanapps.com
Subject Line: “Privacy Rights Request – [Your Request Type]”

We will respond to your request within:

• GDPR: 30 days (may be extended by 2 months for complex requests)
• KVKK: 30 days maximum
• CCPA: 45 days (may be extended by 45 days with notice)

To verify your identity, we may require additional information before processing your request.

8. Permissions and Device Access

MeloMatch requires certain device permissions to function properly. We only request permissions necessary for specific features:

Permission	Purpose	Required/Optional
Location (GPS)	Show nearby users, enable distance-based matching	Required for core functionality
Camera	Take photos for your profile	Optional – only when you choose to take a photo
Photo Gallery/Storage	Upload existing photos to your profile	Optional – only when you choose to upload photos
Internet Access	Connect to servers, load profiles, enable chat	Required for core functionality
Network State	Check connectivity, optimize data usage	Required for core functionality

You can manage permissions through your device settings. Denying certain permissions may limit functionality.

9. Children’s Privacy

If we discover that a user under 18 has provided personal information, we will:

• Immediately delete all associated data
• Terminate the account permanently
• Block the device from creating future accounts

If you are a parent or guardian and believe your child has provided information to us, please contact us immediately at info@kovanapps.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Turkey and the United States (where Firebase servers are located). These countries may have different data protection laws than your country.

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Privacy Shield Framework compliance (where applicable)
• Other legally valid transfer mechanisms

11. Cookies and Tracking Technologies

MeloMatch uses various tracking technologies:

11.1 Types of Technologies Used

• Analytics Cookies: Firebase Analytics tracks app usage and user behavior
• Performance Cookies: Sentry monitors errors and performance
• Functional Storage: Local device storage for app preferences and session data
• Authentication Tokens: Maintain your logged-in state

11.2 Third-Party Analytics

We use Firebase Analytics and Sentry, which may collect:

• Device information and identifiers
• Usage patterns and interaction data
• App performance metrics
• Crash reports and error logs

You can limit tracking by:

• Disabling analytics in app settings
• Using device-level privacy settings (e.g., “Opt out of Ads Personalization” on Android)
• Resetting your Advertising ID

12. Do Not Track Signals

MeloMatch does not currently respond to “Do Not Track” (DNT) browser signals or similar mechanisms. However, you can control tracking through your device settings as described above.

13. California Privacy Rights (Shine the Light Law)

California residents are entitled to request information about whether we have disclosed personal information to third parties for their direct marketing purposes. As stated in this Privacy Policy, we do not sell or share personal information with third parties for their direct marketing purposes.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the “Last Updated” date at the top
• We will notify you through the App or via email for material changes
• We may request your consent for significant changes that affect your rights

We encourage you to review this Privacy Policy periodically. Your continued use of MeloMatch after changes constitute acceptance of the updated Privacy Policy.

15. Data Breach Notification

In the event of a data breach that may adversely affect your rights and freedoms, we will:

• Notify affected users without undue delay
• Report the breach to relevant supervisory authorities as required by law (within 72 hours under GDPR/KVKK)
• Provide information about the nature of the breach and steps taken to mitigate harm
• Offer guidance on protective measures you can take

16. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Kovan Apps Ltd
Email: info@kovanapps.com
Subject Line: “Privacy Inquiry – MeloMatch”
Response Time: Within 48 hours for general inquiries, within statutory timeframes for rights requests

16.1 Supervisory Authorities

You have the right to lodge a complaint with data protection authorities:

• European Users: Your local Data Protection Authority or the lead supervisory authority in Ireland (where Firebase/Google is based)
• California Users: California Attorney General’s Office
  Website: oag.ca.gov/privacy

17. Third-Party Links and Services

MeloMatch may contain links to third-party websites or integrate with third-party services (e.g., Spotify). This Privacy Policy does not apply to those external sites or services. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing any personal information.

18. Automated Decision-Making and Profiling

MeloMatch uses automated systems for:

• Matching Algorithm: Automatically suggests potential matches based on music preferences, location, and user preferences
• Content Moderation: Firebase Cloud Vision API automatically scans uploaded photos for inappropriate content

These automated processes are designed to enhance your experience and ensure safety. You have the right to:

• Request human review of automated decisions
• Express your point of view regarding automated decisions
• Contest decisions made solely by automated means

Contact us at info@kovanapps.com if you wish to exercise these rights.

19. Your Consent

By using MeloMatch, you consent to:

• The collection, use, and disclosure of your information as described in this Privacy Policy
• The transfer of your data to third-party service providers
• International data transfers as described above
• The use of cookies and tracking technologies

You may withdraw your consent at any time by:

• Deleting your account through the app
• Contacting us at info@kovanapps.com
• Adjusting privacy settings within the app

Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

---

This Privacy Policy is effective as of the date stated at the top and governs our collection and use of your personal information. We are committed to protecting your privacy and handling your data responsibly.

Thank you for trusting MeloMatch with your information.