Movo Privacy Policy
Last Updated: April 24, 2026 Effective Date: April 24, 2026
This Privacy Policy describes how GG Tech Teknoloji Sanayi ve Ticaret Limited Şirketi ("GGTech", "Company", "we", "us", "our") collects, uses, stores and protects your personal data when you use the Movo mobile application ("Movo" or the "App"). It is prepared in accordance with the Turkish Personal Data Protection Law No. 6698 ("KVKK") and applicable regulations, and is designed to align with the General Data Protection Regulation ("GDPR") where applicable.
1. Data Controller
The Movo application is operated by GG Tech Teknoloji Sanayi ve Ticaret Limited Şirketi. We act as the data controller for personal data processed through the App.
- Legal Name: GG Tech Teknoloji Sanayi ve Ticaret Limited Şirketi
- Address: Sahrayıcedid Mah. Kireçhaneler Sok. No:6/2 D:5 Kadıköy / Istanbul, Türkiye
- MERSİS No: 0395241549600001
- Trade Registry No: 1029078
- Tax Office / Tax ID: Erenköy Tax Office / 3952415496
- Registered E-mail (KEP): ggtech@hs01.kep.tr
- Contact E-mail: info@ggtech.co
2. Categories of Personal Data Processed
Your personal data may be processed in the following categories while using the App:
| Category | Example Data |
|---|---|
| Identity | Name (optional), username |
| Contact | E-mail address |
| Customer Transaction | Subscription status, credit balance, purchase history |
| Security | Device ID, IP address, session logs, authentication tokens |
| Audio-Visual Records | Photos and videos you upload, generated outputs |
| Marketing | Notification preferences, campaign interactions |
| Technical | App version, device model, OS version, language and region, crash logs |
Special Category Data: Images you upload may contain your face or biometrically identifiable information. Such data is considered "special category personal data" under KVKK Article 6 and is processed only with your explicit consent. You are separately informed and your consent is obtained within the registration/usage flow.
3. Purposes and Legal Basis for Processing
Your personal data is processed on the legal grounds set out in KVKK Articles 5 and 6 (and the equivalent GDPR Article 6 bases where applicable) for the following purposes:
| Purpose | Legal Basis (KVKK / GDPR) |
|---|---|
| Account creation and authentication | Performance of contract (Art. 5/2-c / GDPR 6(1)(b)) |
| Generating AI outputs from your uploaded content | Explicit consent (Art. 5/1, 6/2 / GDPR 6(1)(a), 9(2)(a)) |
| Processing subscription and credit pack purchases | Performance of contract; legal obligation (Art. 5/2-c,ç / GDPR 6(1)(b),(c)) |
| Invoicing and fulfilling tax obligations | Legal obligation (Art. 5/2-ç / GDPR 6(1)(c)) |
| User support and complaint management | Legitimate interest (Art. 5/2-f / GDPR 6(1)(f)) |
| Fraud and abuse prevention | Legitimate interest (Art. 5/2-f / GDPR 6(1)(f)) |
| Service performance, crash analytics | Legitimate interest (Art. 5/2-f / GDPR 6(1)(f)) |
| Marketing, push notifications and campaigns | Explicit consent (Art. 5/1 / GDPR 6(1)(a)) |
4. How We Collect Your Data
Your data is collected electronically through in-app forms and actions, identity providers (Apple ID, Google sign-in, etc.), purchases via the app stores, and automatic technical logs from your device.
5. Parties with Whom We Share Data
Your data may be shared with the following third-party categories in order to provide the service:
- Cloud infrastructure and authentication providers (Firebase / Google LLC) — account management, data storage.
- AI service providers (e.g., fal.ai) — processing your uploaded content to generate outputs.
- Payment and subscription providers (Apple App Store, Google Play, RevenueCat) — subscription and credit pack transactions; purchase data held on device/store side.
- Analytics and crash reporting providers — monitoring app stability.
- Competent public authorities — where legally required.
6. International Transfers
Some of the above providers' servers may be located outside of Türkiye (primarily in the United States and the European Union). Such transfers are made in compliance with KVKK Article 9 — and, for transfers outside countries deemed adequate by the Turkish Personal Data Protection Authority, based on your explicit consent. Consent can be withdrawn at any time. For EU residents, transfers are performed pursuant to applicable GDPR mechanisms (such as Standard Contractual Clauses) where required.
7. Retention Periods
Personal data is retained for the period necessary to fulfil the processing purposes and in line with minimum statutory retention periods (e.g., up to 10 years under Turkish Tax Procedure Law, Commercial Code and Consumer Protection legislation). When the purpose ceases or the period expires, data is deleted, destroyed or anonymised pursuant to KVKK Article 7.
Raw images/videos you upload (source input) are deleted or anonymised from our systems after the AI output is produced. The resulting output files are made available in your in-app gallery and retained until you delete them or close your account. When you delete your account, your personal data and all generated outputs are deleted within a reasonable time, except where a statutory retention obligation applies.
8. Rights of the Data Subject (KVKK Article 11 / GDPR Articles 15–22)
You have the right to:
a) Learn whether your personal data is being processed, b) Request information about processing, c) Learn the purpose of processing and whether data is used accordingly, d) Know the third parties to whom data is transferred within or outside the country, e) Request correction of incomplete/incorrect data, f) Request erasure/destruction pursuant to KVKK Art. 7 (GDPR "right to be forgotten"), g) Request notification of actions (d) and (e) to third parties, h) Object to automated decision-making affecting you adversely, i) Claim damages suffered due to unlawful processing.
To exercise these rights, contact info@ggtech.co in writing or use other methods set out in the Communiqué on Application to the Data Controller. Your requests will be resolved free of charge within 30 days; where a cost is justified, the fee set by the Personal Data Protection Board may apply.
9. Data Security
GGTech implements appropriate technical and administrative measures under KVKK Article 12 to prevent unlawful processing, access and storage of your personal data. These include encrypted transport (TLS), access authorization, log records, staff confidentiality undertakings, and regular security reviews.
10. Cookies and Similar Technologies
The mobile application does not use traditional cookies, but may use session tokens, device identifiers (IDFA/GAID, etc.) and local storage (AsyncStorage/Keychain). Analytics and advertising identifiers are processed only within the consent you provide via device settings (Apple ATT / Android advertising ID settings).
11. Children's Data
Movo is not intended for users under 13. Users aged 13–18 are expected to use the app under the supervision of a parent or guardian. If you believe your child's data has been processed without your consent, please contact us at the channels above.
12. Changes
This Privacy Policy may be updated in line with legal changes or service needs. For material changes, you will be notified via in-app notice or e-mail. The current version is always published on this page; the effective date is indicated at the top.
13. Contact
GG Tech Teknoloji Sanayi ve Ticaret Limited Şirketi E-mail: info@ggtech.co KEP: ggtech@hs01.kep.tr Address: Sahrayıcedid Mah. Kireçhaneler Sok. No:6/2 D:5 Kadıköy / Istanbul, Türkiye