Privacy Policy

1.Scope and controller information

This policy explains personal data processing when you use NiveLine mobile clients, account creation and login flows, messaging features, media uploads, notifications, support requests, safety tools, and related service domains.

The current controller or operator identity, contact details, and request channels are the ones published in the app store listing, the official website, and the in-app support area.

2.Categories of data we process

Account and profile data: username, verification email address, optional first and last name, profile fields, password hash, passkey registrations, recovery codes, and account preferences.

Device and security data: server-issued device IDs, device names and types, push tokens, session and refresh records, network and IP data, timestamps, attestation results, anti-abuse signals, and security logs.

Messaging and relationship data: conversation IDs, group roles, invites, block or report relationships, delivery and read states, privacy settings, participation states, and service-level message metadata.

Content and media data: message content, attachments, profile photos, bio or status fields, mood fields, group images, optional location or event content, and text supplied in support or abuse reports.

3.How we collect data

Some data is provided directly by you, including usernames, verification email addresses, messages, media, profile information, backups, exports, and support requests.

Some data is generated automatically through device and service use, including device identifiers, push tokens, session data, delivery or read events, network data, and anti-abuse telemetry.

Some data may also come from other users or technical providers, such as reports, blocks, invites, or integrity and notification results returned by Apple or Google systems.

4.Why we process data

We process data to create accounts, authenticate users, manage sessions, enforce device trust, deliver messages and media, run contacts and groups, store preferences, and provide support.

We also process data to detect, limit, and document spam, fake accounts, fraud, abuse, unlawful access attempts, device misuse, and other security events.

Additional purposes include complying with legal obligations, evaluating rights requests, investigating reports, preserving evidence where required, and improving service reliability.

5.Legal bases

Depending on the applicable legal framework, processing may rely on contract formation or performance, legal obligation, legitimate interests, security and fraud prevention needs, and consent or device permissions where required.

Transparency duties apply independently from consent requirements. We therefore aim to explain purposes, sharing categories, collection methods, legal grounds, and user rights at or before collection.

6.Recipients and international transfers

We may share limited data with providers that support hosting, email verification, push delivery, app security, device integrity, object storage, network delivery, and support operations, only to the extent necessary and proportionate.

Apple Push Notification service, Firebase Cloud Messaging, Firebase Analytics, Apple passkey or App Attest systems, Google Play Integrity, Google Play Services identity components, and any cloud backup environment you choose may process data within their own technical role.

Depending on provider configuration, data may be processed in Turkey or in other countries, and we aim to apply the safeguards required by applicable law.

7.Retention and account deletion

Account and service data are retained while your account remains active or as long as necessary to provide the service. Some logs and records may be retained longer for security, fraud prevention, legal defense, or compliance reasons.

When deletion is requested, when an account is closed, or when data is no longer needed, data is deleted, anonymized, or moved into a restricted retention regime where lawful retention remains necessary.

8.Security and encryption approach

We use transport protections, password hashing, field-level encryption, device trust, access restrictions, key protection, anti-abuse monitoring, and audit logging as technical and organizational safeguards.

Some messaging flows may use client-side or end-to-end style encryption, but metadata required for routing, delivery, reporting, group management, notifications, and abuse prevention can still be processed.

No system can guarantee absolute security. Device security, screen locks, exported files, and third-party sharing choices remain partly under the user's control.

9.Your rights and request channels

Depending on applicable law, you may have rights to access, correction, update, deletion, restriction, objection, portability, and withdrawal of consent where consent is the basis.

Some rights can be exercised through in-app settings or account tools where available, and others through in-app support or officially published contact channels. We may require identity verification for security reasons.

10.Changes and contact

This policy may change to reflect new features, legal developments, store requirements, or infrastructure changes. The current version is published in the app and, where appropriate, through official channels.

Requests under Turkish data protection law may be submitted through the in-app support form, the contact details published in store listings, or the official website.