Перейти к содержимому
Объекты
Избранное
Разместить
Гид
Профиль
  • Купить
  • Аренда
  • Краткосрочная
  • Проекты
← Legal Guide

🔒 Privacy Policy

Last updated: May 11, 2026

1. Introduction & Data Controller

At Evlek ("we", "our"), we take the protection of your personal data seriously. This Privacy Policy explains what data we collect when you use the evlek.app platform, how we use it, and how we protect it. We operate in accordance with the TRNC Personal Data Protection Law (89/2007), the EU General Data Protection Regulation (GDPR 2016/679), and international best practices. Data Controller: Entity: Evlek — Sole Proprietorship Address: Meşale Sok. Karaoğlanoğlu No:9, Kyrenia, TRNC Phone: +90 533 833 88 98 Email: hello@evlek.app Platform: evlek.app

2. Data We Collect

We collect the following data when you use our platform: • Account information: Email address, full name, password (stored encrypted) • Listing information: Property details, photos, price, location, contact details (phone, WhatsApp, Telegram) • Usage data: Page visits, search queries, favorites lists • Technical data: IP address, browser type, device info, cookies • Communication data: Messages sent through the contact form • Professional authority documents: Agent authority/KTEB document — collected only from users who apply for "Evlek-Approved Agent" status, with explicit consent (biometric selfie/ID verification was retired in June 2026) • Phone and contact data: Phone number (E.164 format), WhatsApp number — for SMS phone verification and agent contact records • Subscription data: Apple IAP/Google Play purchase records, plan information, subscription status

3. How We Use Your Data & Legal Basis

We process your personal data based on the following legal grounds: • Consent: Account creation, listing publishing, AI chatbot usage • Contractual obligation: Providing subscription services, payment processing • Legitimate interest: Platform security, fraud prevention, service improvement, anonymous statistics • Legal obligation: Tax and accounting records, regulatory compliance Purposes of use: • Creating and managing your account • Providing listing publishing and management services • Personalizing your experience (language preference, favorites) • Assisting you via AI assistant (see AI Disclosure section below) • Security and fraud prevention • Fulfilling legal obligations • Analyzing and improving platform performance

4. Artificial Intelligence (AI) Assistant & Third-Party AI Services

The Evlek platform uses third-party AI services to provide AI features. This section contains mandatory disclosure per Apple App Store Guideline 5.1.2(i). AI Services Used: • Google Gemini 2.5 Flash-Lite (Google LLC) — large language model (LLM) for the chatbot assistant, AI search help, and listing-text suggestions • Google Gemini 2.5 Flash (Google LLC) — for visual analysis of listing photos (photo-AI) only • OpenAI gpt-4o-mini (OpenAI) — for the "Evlek-Approved Agent" document verification (KYC) flow only (see §4e) • Service endpoints: generativelanguage.googleapis.com, api.openai.com • Google's AI Privacy Policy: https://ai.google/responsibility/privacy/ Data sent to the chatbot / search assistant: • ✅ Text content of your chat message or search query • ✅ Your selected language preference (TR/EN/RU/DE/AR) • ❌ Name, surname, email, phone number are NOT SENT • ❌ Location data, IP address, device info are NOT SENT • ❌ Payment info is NOT SENT Listing-text assistant: To generate a listing title/description, the structural listing fields you enter (property type, room count, city, district, area, features, price, currency) and your free-text note are sent to the Google Gemini API. The generated title and description are suggestions only; you review, edit, and approve them before publishing. No name, email, phone, IP address, or payment info is sent in this flow. AI processing of listing photos: Listing photos you upload are sent to the Google Gemini API (paid enterprise tier) only for: photo caption and tag generation, visual quality assessment, and detection of duplicate listings (the same property re-uploaded). A downscaled copy of the photo is sent for analysis; your original photo is not altered. Under Google's paid-API terms, the submitted data is not used for model training. Generated captions and tags are suggestions only; they are editable by the listing owner, pass through moderation, and can be deleted. To object to this processing or request deletion, write to hello@evlek.app. Price, title-deed (koçan) information, and the legal nature of the listing are never auto-written by AI. AI Data Processing Principles: • Chatbot message content is not permanently stored by Evlek • Per Google's paid-API data processing policy: submitted data is not used for model training • Explicit user consent (consent popup) is obtained before in-app usage • The AI assistant is for general information only and does not constitute legal or financial advice • Content moderation: Google Gemini Safety Settings (4-category BLOCK) + 8 prompt injection protections active

4b. Verification & Personal Data Processing

Publishing a listing on Evlek requires a verified phone number (SMS OTP) and your full name. Every listing is reviewed by a human moderator before going live. Important change (June 2026): The biometric selfie/ID verification (facial matching) flow has been retired. Selfie or ID document photos are no longer collected. "Evlek-Approved Agent" (optional, document-based): • Agents demonstrate their professional authority with a KTEB registration number and/or an authority document. • Documents are reviewed manually by authorized admin personnel only; no biometric analysis is performed. • Retained information: verification status and the authority documents the agent provides. Data Retention & Deletion: • Users may request deletion of their verification documents at any time by emailing hello@evlek.app. Legal Basis: Explicit consent (TRNC PDPL Art.5/1-a). The user provides explicit consent by initiating the authority application.

4c. Phone & WhatsApp Verification

SMS phone verification and agent WhatsApp number records are provided for platform security and contact accuracy. Service Provider: • Twilio Inc. — Twilio Verify API • Twilio Privacy Policy: https://www.twilio.com/legal/privacy Data Processed: • Phone number (E.164 format, e.g., +905338338898) • WhatsApp number (agent profile contact record) • Verification code (6-digit OTP — single use) Data Processing Principles: • OTP codes are single-use and automatically expire after 10 minutes • Twilio processes phone numbers solely for verification purposes and does not use them for marketing • Verification result (success/failure) is stored in the Evlek database • Users can update their verified number from profile settings Legal Basis: Legitimate interest (platform security) and contractual obligation.

4d. In-App Purchases & Subscriptions

The Evlek mobile app offers subscription services through the Apple App Store and Google Play Store. Payment Processing: • All payment transactions are processed by Apple/Google • Evlek does not see or store your credit card number, bank account details, or payment specifics • Subscription management is provided through RevenueCat Inc. • RevenueCat Privacy Policy: https://www.revenuecat.com/privacy Subscription Data Retained: • Plan type (Evlek Member, Plus Agent, Pro Agent, Brokerage/Corporate, Operator, Developer) • Subscription status (active, cancelled, expired) • Subscription source (Apple IAP, Google Play, admin gift, application approval) • Start and end dates Plan-Specific Notes: • Developer plan: No IAP — application form (/apply/developer) required, contractor license + company registration mandatory, activates after admin approval. • Brokerage (Corporate) and Operator plans: Open IAP, however subscription activation pending admin manual review if the relevant license (KTEB membership or TRNC Ministry of Education dormitory permit) is not uploaded. Legal Basis: Contractual obligation and legitimate interest.

4e. Sub-processors & International Transfers

Evlek uses the following sub-processors to provide the service. Each processes data only for the stated purpose and under a data processing agreement (DPA): • Supabase — database, authentication and file storage (infrastructure) • Twilio Inc. — SMS verification code (OTP) delivery • Resend — transactional email delivery (confirmation, password reset, notifications) • OpenAI — AI image analysis for identity/document verification (verification flow only) • Google (Gemini) — large language model (LLM) for the AI assistant • Mapbox — map and location visualisation • RevenueCat / Apple / Google — subscriptions and in-app purchases International Transfers: Some sub-processors may be located outside the EU/EEA (e.g. the USA); transfers are made under Standard Contractual Clauses (SCCs) or equivalent safeguards. Applicable Law: Your personal data is processed under the TRNC Personal Data Protection Law (89/2007), the EU General Data Protection Regulation (GDPR 2016/679), the UK GDPR and Data Protection Act 2018 for users in the United Kingdom, and — for users resident in Turkey — KVKK (Law No. 6698).

5. Data Storage and Security

Your data is securely stored using the following infrastructure: • Database: Supabase (PostgreSQL) — encrypted connections, row-level security (RLS) • File storage: Supabase Storage — secure access controls • Web hosting: Vercel — automatic SSL/TLS encryption, DDoS protection • Passwords: Hashed using bcrypt, never stored in plain text • Auth tokens: JWT-based, session-level security

6. Data Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it was processed: • Account data: While your account is active + 30 days after deletion • Listing data: While listing is active + 90 days after deletion • Payment records: 5 years (legal obligation) • Log data (IP, browser): 1 year • Chat history (AI): Duration of session only, automatically deleted after session ends Data that has exceeded its retention period is automatically destroyed or anonymized.

7. Data Sharing

We do not sell your personal data. It may be shared in the following limited cases: • Service providers: Supabase (database), Vercel (hosting), Google (analytics, OAuth) — solely for service delivery • Legal requirements: Court orders or legal regulations • Listing visibility: Contact info in your listings (phone/WhatsApp/Telegram) is visible to other users — you choose to share this info

8. International Data Transfers

Your data may be processed on servers outside TRNC through our service providers (Supabase, Vercel). These providers comply with international security standards (SOC 2 Type II, ISO 27001). We act in accordance with procedures established by the TRNC Personal Data Protection Board.

9. Cookies

Our platform uses the following cookies: • Essential cookies: Session management, language preference — required for platform functionality • Analytics cookies: Vercel Analytics — anonymous usage statistics (does not collect personal data) You can disable cookies through your browser settings, but some features may not work properly.

10. Your Rights

Under the TRNC Personal Data Protection Law, you have the following rights: • Request access to your personal data • Request correction of inaccurate data • Request deletion of your data • Object to data processing • Request data portability To exercise these rights, email us at hello@evlek.app.

11. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

12. Policy Changes

We may update this policy from time to time. When significant changes occur, we will notify you through platform announcements or email.

13. Contact

For questions about our privacy policy: Email: hello@evlek.app Web: evlek.app/contact