This Privacy Policy explains how Kollab Bilişim Teknolojileri ("Kollab", "we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use the Kollab website (kollab.tr), our mobile apps, brands portal (brands.kollab.tr), and related services (collectively, the "Services").
By using Kollab, you agree to the practices described in this Privacy Policy. This policy is governed by the Turkish Personal Data Protection Law No. 6698 (KVKK), the EU General Data Protection Regulation (GDPR), and applicable third-party platform requirements (including Apple App Store, Google Play, TikTok, Instagram, and YouTube).
1. Who We Are (Data Controller)
- Company: Kollab Bilişim Teknolojileri
- Website: https://kollab.tr
- Address: Istanbul, Türkiye
- Privacy contact: kvkk@kollab.tr
- General contact: hello@kollab.tr
2. Information We Collect
We collect only what we need to operate the Services. The categories below match Apple App Privacy and Google Play Data Safety taxonomies.
2.1 Information You Provide
- Account data: name, email address, phone (optional), username (handle), profile picture, bio, city, country.
- Creator profile data: categories you operate in, content samples, media kit images and videos you upload.
- Brand profile data: company name, sector, website, corporate email domain (for verification).
- Communications: brief messages, inquiries, and chat exchanges between brands and creators on the platform.
- Financial data: billing name and address, plan selection. Payment cards are processed by Iyzico or PayTR; we never see or store full card numbers.
2.2 Information from Connected Third-Party Platforms
If you choose to connect a social account, we receive only the data scope you authorize:
- TikTok (via TikTok Login Kit / Display API): open_id, display name, avatar URL, follower count, following count, like count, and public video metadata — only with your explicit OAuth consent. We never post on your behalf and never access private content.
- Instagram (via Instagram Basic Display / Graph API): username, profile picture, follower count, and public post metadata — only with your OAuth consent.
- YouTube (via YouTube Data API): channel name, avatar, subscriber count, and public video stats — only with your OAuth consent.
2.3 Automatically Collected Information
- Device and app data: device model, OS version, language, browser type, anonymous session ID, IP (truncated for analytics).
- Usage data: pages viewed, actions taken, feature usage, timestamps.
- Crash and diagnostic logs: stack traces, error messages, performance metrics.
2.4 We Do Not Collect
- Precise location / GPS coordinates.
- Microphone or audio recordings.
- Contacts or address book.
- Calendar entries.
- Health or fitness data.
- Cross-app tracking identifiers (no IDFA, no AAID).
3. How We Use Your Information
- Create and maintain your Kollab account.
- Display your profile, media kit, and connected social statistics to brands you engage with.
- Facilitate communications, briefs, deals, and payments between brands and creators.
- Process subscription payments and send invoices.
- Send transactional notifications (new brief, accepted deal, payment confirmation).
- Provide customer support and respond to your requests.
- Detect, prevent, and respond to fraud and security incidents.
- Improve the Services through aggregated analytics.
- Comply with legal obligations (tax, KVKK, court orders).
We do not use your information for behavioral advertising, do not sell your data to third parties, and do not track you across other apps or websites.
4. Legal Basis (GDPR / KVKK)
- Performance of a contract — account management, brief delivery, payments.
- Explicit consent — connecting TikTok / Instagram / YouTube, marketing email, public profile visibility.
- Legal obligation — invoices, tax records.
- Legitimate interest — security, fraud prevention, product improvement.
5. How We Share Your Information
- With other Kollab users: public media kits at kollab.tr/[handle] are visible to anyone with the link.
- With service providers (data processors): Supabase (auth, DB, storage — EU), Iyzico and PayTR (payments — Türkiye, BDDK-licensed), Sentry (crash reporting — US), PostHog (analytics — EU), Resend (transactional email — US), OpenAI (anonymous brief text only — US), Apple App Store, Google Play.
- With third-party platforms you connect: only the scopes you approved during OAuth.
- For legal reasons: court order, law enforcement requests, protection of rights/safety.
- In a business transfer: in case of merger or acquisition, subject to this Policy.
We never sell your personal data.
6. International Data Transfers
Some providers (Apple, Google, OpenAI, Sentry, Resend) are based in the US. For these transfers we rely on EU Standard Contractual Clauses (SCC) and explicit user consent under KVKK Article 9. EU-based providers keep your data within the EU.
7. Data Retention
- Account active: full data retained.
- After deletion: personal data removed within 30 days. Invoices retained 10 years (Turkish Commercial Code Art. 82), anonymized.
- Anonymous analytics: 24 months.
- Crash logs: 90 days.
- OAuth tokens: deleted immediately upon disconnect.
8. Data Security
- TLS 1.2+ encryption in transit.
- Bcrypt password hashing via Supabase Auth.
- Row Level Security (RLS) at the database layer.
- Rate limiting and 6-digit OTP for sensitive operations.
- Regular security patches and dependency audits.
- 72-hour breach notification to the Turkish DPA and affected users.
9. Your Rights
- Access the data we hold about you.
- Correct inaccurate data.
- Request deletion (right to be forgotten).
- Restrict or object to certain processing.
- Data portability.
- Withdraw consent at any time.
- Lodge a complaint with the Turkish DPA (kvkk.gov.tr) or your local supervisory authority.
To exercise these rights, email kvkk@kollab.tr. We respond within 30 days. For account deletion see our Data Deletion page.
10. Children's Privacy
Kollab is for users 18+. We do not knowingly collect data from anyone under 18. If we learn we have, we delete it within 30 days.
11. Cookies and Local Storage
Strictly necessary cookies for auth and theme preference only. No advertising or third-party tracking cookies. Mobile apps use only secure on-device storage.
12. Third-Party Platform Connections
- TikTok: tiktok.com/legal/page/row/privacy-policy/en
- Instagram: privacycenter.instagram.com/policy
- YouTube / Google: policies.google.com/privacy
Disconnect any platform from Kollab Settings → Social Accounts. OAuth tokens are deleted immediately upon disconnect.
13. Changes to This Policy
We may update this policy. Material changes are notified via in-app notification and email. Continued use after change = acceptance.
14. Contact
- Privacy: kvkk@kollab.tr
- General: hello@kollab.tr
- Address: Kollab Bilişim Teknolojileri, Istanbul, Türkiye
Kollab Bilişim Teknolojileri © 2026. All rights reserved. See also our Terms of Service, Mobile App Privacy, and Data Deletion.