🛡️ Data Protection Notice
Under Turkish Personal Data Protection Law No. 6698 (KVKK)
Last Updated: March 19, 2026
This notice has been prepared in accordance with Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the Communiqué on Procedures and Principles to be Observed in Fulfilling the Obligation to Inform.
Important: Beyarmudu is a project developed for personal and experimental purposes. It is not a commercial service and provides no guarantees. Users use the application at their own risk and responsibility.
1. Data Controller
The Beyarmudu project is a peer-to-peer communication application developed for personal and experimental purposes. The following information is provided in the capacity of data controller.
2. Personal Data Processed and Purposes
| Personal Data | Processing Purpose | Legal Basis (Art. 5/2) |
|---|
| Username | Account creation and identification | Performance of contract (para. c) |
| Email address | Password reset and account recovery | Performance of contract (para. c) |
| Hashed password | Account security and authentication | Performance of contract (para. c) |
| Avatar, profile photo, banner | Profile display and customization | Explicit consent (para. a) |
| Profile info (bio, status, social links) | Profile display | Explicit consent (para. a) |
| XP score, level, statistics | Gamification system | Legitimate interest (para. f) |
| Invite code | Access control | Performance of contract (para. c) |
| IP address | WebRTC P2P connection setup | Performance of contract (para. c) |
| Invite Code Request System |
| Name / Nickname | Invite code application review | Explicit consent (para. a) |
| Email address | Delivery of invite code | Explicit consent (para. a) |
| Application message (optional) | Application review | Explicit consent (para. a) |
| IP address and country | Abuse prevention, geographic assessment | Legitimate interest (para. f) |
Note: Beyarmudu does not request real identity information (full name, national ID, email, etc.). Using a pseudonym as a username is recommended.
3. Method of Data Collection
- Username, password, and profile info: Directly entered by the user; stored on Cloudflare D1 database.
- Avatar and visual data: User upload; stored in browser localStorage and D1 database.
- IP address: Automatically processed as required by the WebRTC connection protocol; not permanently stored.
- Captcha data: Automatically collected by the Cloudflare Turnstile service.
- XP and statistics: Automatically calculated during application use.
- Invite code request data (name, email, message, IP, country): Collected via the landing page form; stored in Cloudflare KV storage.
4. Transfer of Personal Data
| Recipient | Transfer Purpose | Country |
|---|
| PeerJS (open-source) | P2P signaling server | Variable |
| Cloudflare, Inc. | Web hosting, API, data storage (D1), and bot protection | USA / Global |
| Other users | P2P communication (WebRTC) — profile info, avatar, username | Variable |
Cross-border data transfers are made under KVKK Art. 9, where technically necessary for the provision of the service.
The Developer cannot be held responsible for data breaches or security vulnerabilities in third-party services.
5. Data Retention Period
- localStorage data: Until the user clears their browser data.
- Account and profile data (D1 database): Until account deletion request or after 2 years of account inactivity.
- IP address: For the duration of the connection; not permanently stored.
- Invite code request data: Maximum 30 days from the request date; deleted after review.
6. Your Rights as a Data Subject
Under KVKK Art. 11, you have the following rights:
- To learn whether your personal data is being processed
- To request information about processing if your data has been processed
- To learn the purpose of processing and whether data is used in accordance with its purpose
- To know the third parties to whom your data has been transferred domestically or abroad
- To request correction if your data has been processed incompletely or inaccurately
- To request deletion or destruction of your data under KVKK Art. 7
- To request that correction and deletion operations be notified to third parties
- To object to results arising against you from analysis exclusively through automated systems
- To claim compensation if you suffer damage due to unlawful processing of your data
7. How to Apply
To exercise your rights, you may submit a written application to beyarmudu [at] contact. Your application will be concluded within 30 days at the latest.
8. Changes
This notice may be revised at any time without prior notice in line with legislative changes or application updates. Continued use of the Application constitutes acceptance of the current text.