Privacy Policy

Looply  ·  Karut Interactive  ·  Effective June 8, 2026
📅 Last Updated: June 8, 2026 📋 Version 1.0 🇹🇷 Türkiye — KVKK Law No. 6698 ⚖️ KVKK · GDPR · CCPA/CPRA · LGPD · PIPA

This Privacy Policy describes how Karut Interactive ("Developer," "Company," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal data when you use the application Looply (the "App"), our related websites, customer-support channels, and any other services that link to this Privacy Policy (collectively, the "Services").

🇹🇷 Note for users in Türkiye: Karut Interactive is based in Türkiye and processes personal data in accordance with the Turkish Personal Data Protection Law No. 6698 (KVKK) and applicable secondary regulations. Where the GDPR or other privacy laws apply to users outside Türkiye, we comply with those frameworks to the extent required.

Please read this Privacy Policy carefully. By using the Services, you acknowledge that your personal data may be processed as described herein.

🏢 1. Who We Are

App Name: Looply

Developer Name: Karut Interactive

Developer Address
ADEM YAVUZ MAH. ULUKENT SK. NO: 27 İÇ KAPI NO: 8 ÜMRANİYE / İSTANBUL
Türkiye

Data Controller / Privacy Contact
Karut Interactive
ADEM YAVUZ MAH. ULUKENT SK. NO: 27 İÇ KAPI NO: 8 ÜMRANİYE / İSTANBUL, Türkiye
Email: info@looply-joydream.online

Turkish Data Protection Authority
Kişisel Verileri Koruma Kurumu (KVKK)
Website: kvkk.gov.tr

🔍 2. Scope of This Privacy Policy

This Privacy Policy applies when you:

  • download, install, access, or use the Looply app;
  • create, access, or manage an account;
  • use games, offers, surveys, rewards, virtual currency, referral, or redemption features;
  • interact with advertising, analytics, attribution, anti-fraud, or monetization features;
  • communicate with us by email or support channels;
  • request access, correction, deletion, opt-out, or other privacy-related actions.

📦 3. Categories of Personal Data We Collect

The table below lists the categories of personal data we may collect or receive. We update this table whenever new features, SDKs, permissions, or data types are introduced.

CategoryExamplesPurpose
Account & Profile InformationName, username, email address, account ID, user ID, login credentials, authentication data, profile detailsAccount creation, authentication, service delivery
Device & Technical InformationDevice ID, advertising ID (GAID/IDFA), Android ID, app instance ID, push token, IP address, device model, OS version, language, time zone, network type, carrier, app version, SDK versionApp functionality, security, fraud prevention, analytics
Approximate or Precise LocationCountry, region, IP-based location, GPS-based or network-based location if enabledOffer eligibility, fraud prevention, localization, compliance
Installed ApplicationsList or metadata of apps installed on your device, where permitted and required by a specific SDK or anti-fraud processFraud prevention, attribution, offer validation
Usage & Activity DataApp interactions, session times, clicks, offer completions, survey interactions, game activity, rewards history, virtual currency balance and transactionsService delivery, rewards tracking, personalization, analytics
Advertising & Attribution DataAdvertising identifiers, campaign IDs, attribution events, conversion signals, ad engagement dataAd measurement, attribution, campaign optimization, fraud prevention
Crash, Diagnostic & Log DataCrash reports, ANRs, error logs, performance data, diagnostics, security logsApp stability, debugging, quality improvement, security
Payment, Reward & Redemption DataReward requests, gift card selections, transaction records, payout status, fraud review resultsReward fulfillment, accounting, fraud prevention, dispute handling
Communications & Support DataEmails, support messages, attachments you send us, feedback responsesCustomer support, dispute resolution, product improvement
Sensitive Personal DataPrecise geolocation or other sensitive categories only where required for a feature and permitted by lawFeature-specific use with consent where required
Third-Party Partner DataData received from advertising, offer wall, survey, analytics, attribution, and anti-fraud partners, including conversion status and risk signalsRewards validation, fraud prevention, attribution, analytics
⚠️ Policy Update Commitment: Whenever new endpoints, SDKs, permissions, or data types are introduced in the App, we review and update this Privacy Policy. If you believe a data practice is not reflected here, contact us at info@looply-joydream.online.

🔗 4. Sources of Personal Data

  • Directly from you — when you register, use features, contact support, submit forms, or request rewards;
  • Automatically from your device — through the App, APIs, device permissions, and integrated SDKs;
  • From integrated SDKs and service providers — analytics, attribution, advertising, survey, offer wall, and monetization partners;
  • From advertisers and offer partners — conversion events, campaign results, completion status, and fraud checks;
  • From anti-fraud and security vendors — risk scores, device reputation data, duplicate-account indicators, and abuse signals;
  • From app stores and device platforms — install events, crash information, and platform metrics.

🎯 5. Why We Process Your Data

  • to provide, maintain, and improve the Services;
  • to create and manage user accounts;
  • to authenticate users and secure accounts;
  • to operate games, offers, surveys, rewards, referrals, and redemption flows;
  • to track reward eligibility, validate completions, prevent duplicate or fraudulent activity, and resolve disputes;
  • to personalize the app experience and offer availability;
  • to provide customer support and respond to requests;
  • to measure performance, analyze usage, troubleshoot bugs, and improve functionality;
  • to serve, measure, or facilitate advertising and targeted advertising, where permitted;
  • to send service communications, transactional notifications, and permitted marketing messages;
  • to comply with legal, tax, accounting, security, and regulatory obligations;
  • to protect our rights, users, partners, systems, and Services.

⚖️ 6. Legal Bases for Processing

🇹🇷 Under Turkish KVKK Law No. 6698, personal data may be processed where a lawful processing condition applies, including explicit consent, legal obligation, contract necessity, establishment or protection of a right, public availability by the data subject, or legitimate interests where fundamental rights and freedoms are not harmed.
  • Performance of a contract — to provide the Services, manage your account, deliver rewards, and handle support;
  • Legitimate interests — to secure the Services, prevent fraud and abuse, improve products, enforce policies, and analyze performance;
  • Explicit consent / consent — for certain device permissions, targeted advertising, marketing communications, sensitive data, and other consent-based processing;
  • Legal obligation — to comply with accounting, tax, consumer protection, data protection, and law-enforcement obligations;
  • Establishment, exercise, or protection of rights — to investigate disputes, enforce terms, defend claims, and protect users and partners.

Where GDPR applies, we rely on the corresponding legal bases under GDPR Article 6 and, where special categories of data are processed, Article 9.

🤝 7. How We Share Your Data

We may share personal data with the following categories of recipients:

  • hosting, cloud, infrastructure, and database providers;
  • analytics and app performance monitoring providers;
  • crash reporting and diagnostics providers;
  • attribution and mobile measurement partners;
  • advertising networks, ad mediation platforms, offer wall providers, survey providers, and monetization partners;
  • fraud prevention, identity verification, and security providers;
  • customer support and communication providers;
  • payment and rewards fulfillment providers;
  • legal, compliance, accounting, and professional advisers;
  • public authorities, courts, regulators, or law enforcement where required by applicable law;
  • parties involved in a merger, acquisition, financing, restructuring, or transfer of business assets.

Service providers that process personal data on our behalf are expected to process such data only under our instructions and appropriate contractual safeguards.

🔔 8. Sale, Sharing, Targeted Advertising & Opt-Out Rights

ℹ️ Transparency Notice: We do not sell personal data for monetary payment. However, certain disclosures of advertising identifiers, device identifiers, usage data, and location signals to advertising or attribution partners may be considered a "sale" or "sharing" under some US privacy laws.

8.1 Targeted Advertising and Measurement

We may share advertising identifiers, device identifiers, IP address, app activity, offer activity, and approximate location signals with advertising, analytics, attribution, and monetization partners for ad measurement, fraud prevention, frequency capping, attribution, and targeted advertising where permitted.

8.2 Categories of Data Sold or Shared Under Broad Legal Definitions

CategorySold for Money?May Be Shared for Targeted Ads / Attribution?Purpose
Advertising identifiersNoYesAd measurement, attribution, fraud prevention
Device identifiersNoYesSecurity, attribution, anti-fraud
IP addressNoYesLocalization, security, ad measurement
Usage and offer activityNoYesRewards tracking, personalization, analytics
Approximate / precise locationNoWhere permittedOffer eligibility, fraud prevention, localization
Account / profile informationNoNoService providers only
Payment / reward dataNoNoReward fulfillment and compliance only
Support communicationsNoNoSupport and dispute resolution only

🛑 How to Opt Out

You may exercise your opt-out rights using any of the following methods:

  • In-App Controls: use any available privacy, ad preferences, or consent settings inside the App;
  • Device-Level Controls: on Android, go to Settings → Privacy → Ads and delete or reset your Advertising ID or limit ad personalization; on iOS, use Settings → Privacy & Security → Tracking;
  • Email Request: send an email to info@looply-joydream.online with the subject line "Opt Out of Sale/Sharing – [Your Country]", including your account email, user ID, device ID if known, and country of residence;
  • Global Privacy Control: where applicable and technically supported, we will honor valid Global Privacy Control signals as required by law.

We will process verified opt-out requests within the timeframe required by applicable law.

✅ We will not discriminate against you for exercising your privacy rights.

🗂️ 9. Data Retention

Data TypeRetention Period
Account and profile informationWhile the account is active and for a reasonable period after closure where required for legal, security, fraud prevention, or dispute purposes
Reward and redemption recordsAs needed for fulfillment, accounting, fraud prevention, chargebacks, audits, and legal obligations
Transaction and accounting recordsAs required by applicable tax, accounting, and commercial laws
Support communicationsAs needed to resolve requests and maintain records of support and disputes
Security logs and device identifiersAs needed for fraud detection, security, and abuse prevention
Advertising and analytics dataAs needed for analytics, measurement, partner agreements, and legal compliance
Marketing and consent recordsUntil you withdraw consent or opt out, plus records necessary to prove compliance
Deletion request recordsMinimum records needed to document compliance and prevent misuse

When data is no longer needed, we delete, anonymize, or securely dispose of it in accordance with applicable data protection laws.

🛡️ 10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

  • Access / Information — request information about whether and how your personal data is processed;
  • Correction — request correction of inaccurate or incomplete data;
  • Deletion / Erasure — request deletion, destruction, or anonymization of personal data where legally available;
  • Restriction / Objection — restrict or object to certain processing activities where applicable;
  • Portability — receive your data in a portable format where applicable;
  • Withdraw Consent — withdraw consent at any time without affecting prior lawful processing;
  • Opt Out — opt out of targeted advertising, sale, or sharing where applicable;
  • Non-Discrimination — not be penalized for exercising privacy rights;
  • Complaint — lodge a complaint with a competent data protection authority.

To exercise any right, email info@looply-joydream.online with the subject line: "Privacy Rights Request – [Right Type] – [Your Country]".

🏛️ 11. Right to Lodge a Complaint

If you believe our processing of your personal data violates applicable law, you may contact us first at info@looply-joydream.online so we can address your concern.

  • Türkiye: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr
  • EEA / EU: the data protection authority in your country of residence, place of work, or place of alleged infringement.
  • UK: the Information Commissioner's Office (ICO), where UK data protection law applies.

🌵 12. California Privacy Notice (CCPA / CPRA)

This section applies to California residents where the CCPA/CPRA applies.

12.1 Personal Information Collected in the Preceding 12 Months

  • Identifiers such as name, email, user ID, device ID, IP address, and advertising ID;
  • Commercial information such as reward transactions and redemption activity;
  • Internet or electronic network activity such as app interactions, sessions, clicks, and offer activity;
  • Geolocation data, where collected;
  • Diagnostic and technical data such as crash logs and performance data;
  • Sensitive personal information where applicable, such as precise geolocation with consent;
  • Inferences derived from the above, such as app preferences or offer eligibility.

12.2 California Rights

  • Right to know what personal information is collected, used, disclosed, sold, or shared;
  • Right to access specific personal information;
  • Right to delete personal information;
  • Right to correct inaccurate personal information;
  • Right to opt out of sale or sharing;
  • Right to limit use of sensitive personal information where applicable;
  • Right to non-discrimination.

Submit requests to: info@looply-joydream.online with subject: "California Privacy Request".

🏛️ 13. Other US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other US states with applicable privacy laws may have rights to access, correct, delete, obtain a portable copy, opt out of targeted advertising, opt out of sale, opt out of certain profiling, and appeal denied requests.

Contact: info@looply-joydream.online with the subject line naming your state and request type.

🇹🇷 14. Türkiye KVKK Notice

Karut Interactive acts as a data controller where it determines the purposes and means of processing personal data in relation to Looply.

14.1 KVKK Rights

Under Article 11 of KVKK, data subjects may have the right to:

  • learn whether personal data is processed;
  • request information if personal data has been processed;
  • learn the purpose of processing and whether data is used in accordance with that purpose;
  • know third parties to whom personal data is transferred domestically or abroad;
  • request correction of incomplete or inaccurate personal data;
  • request deletion or destruction of personal data under the conditions set out by law;
  • request notification of correction, deletion, or destruction to third parties to whom data has been transferred;
  • object to a result against you arising from analysis exclusively by automated systems;
  • claim compensation if you suffer damage due to unlawful processing.

14.2 Exercising KVKK Rights

You may send your request to info@looply-joydream.online. We may request additional information to verify your identity and process your request securely.

🇪🇺 15. GDPR Notice

Where GDPR applies, you may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.

Processing ActivityTypical Legal Basis
Account creation and managementContract performance
Games, offers, surveys, rewards, and redemption featuresContract performance / legitimate interests
Customer supportContract performance / legitimate interests
Fraud prevention and securityLegitimate interests / legal obligation
Analytics and product improvementLegitimate interests / consent where required
Targeted advertising and personalizationConsent where required
Marketing communicationsConsent or legitimate interests where permitted
Legal, tax, accounting, and compliance obligationsLegal obligation
Sensitive data where applicableExplicit consent or another applicable legal basis

🇧🇷 16. Brazil LGPD Notice

If you are in Brazil, you may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about third-party sharing, revocation of consent, review of automated decisions, and the right to file a complaint with the ANPD.

Contact: info@looply-joydream.online.

🇰🇷 17. South Korea PIPA Notice

If you are in South Korea, you may have rights under PIPA, including access, correction, deletion, suspension of processing, and information about third-party provision where applicable.

Contact: info@looply-joydream.online.

📱 18. App Permissions and Device Access

The App may request the following device permissions. We request only what is necessary for functionality, security, analytics, rewards, and compliance.

PermissionWhy It Is RequestedMandatory?
INTERNETCore connectivity, account syncing, offers, surveys, ads, analytics, and reward validationYes
POST_NOTIFICATIONSPush notifications for rewards, account updates, reminders, and service messagesNo — you may decline
Advertising IDAd measurement, attribution, fraud prevention, frequency capping, and offer validationNo — subject to device settings and consent where required
LocationOffer availability, localization, fraud prevention, and compliance where requiredNo — you may decline unless required for a specific feature
Camera / Photos / StorageOnly if a feature requires uploading an image, support attachment, profile image, or media selectionNo — only when initiated by you

You can manage or revoke permissions at any time through your device settings.

🧩 19. Third-Party SDKs and Libraries

The App may integrate third-party SDKs for functionality, analytics, advertising, attribution, anti-fraud, offers, surveys, and rewards fulfillment.

SDK CategoryPurposeData That May Be Collected
Analytics SDKsApp usage analytics and performance monitoringDevice ID, usage events, session data
Crash Reporting SDKsDetecting and diagnosing crashes and errorsDevice info, crash logs, stack traces
Advertising SDKsServing ads, ad targeting, ad mediation, frequency cappingAdvertising ID, IP address, usage signals
Attribution / MMP SDKsInstall attribution and campaign measurementDevice ID, advertising ID, install and conversion events
Offer Wall / Survey SDKsDisplaying offers and surveys, validating completions, calculating rewardsUser ID, device signals, IP address, completion status, reward events
Anti-Fraud / Security SDKsDetecting fraud, fake engagement, duplicate accounts, and bot activityDevice fingerprint, network info, behavioral signals, risk indicators
Customer Support SDKsIn-app support and ticketingAccount info, support messages

🌐 20. International Data Transfers

Your personal data may be transferred to and processed in countries outside Türkiye, including the European Economic Area, the United Kingdom, the United States, and other countries where our service providers and partners operate. We use appropriate safeguards where required by applicable law, including contractual commitments, data processing agreements, standard contractual clauses where applicable, consent where required, and other legally recognized transfer mechanisms.

You may request information about specific transfer safeguards by contacting us at info@looply-joydream.online.

🔒 21. Data Security

We implement reasonable technical and organizational security measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures may include encryption in transit, access controls, logging, monitoring, pseudonymization where appropriate, and periodic security reviews.

No method of transmission or storage is completely secure. If you believe your account or data has been compromised, contact us immediately at info@looply-joydream.online.

👦 22. Children's Privacy

The Services are not directed to children under 13, or a higher age where required by applicable law. We do not knowingly collect personal data from children below the applicable age threshold without verified parental or guardian consent. We do not knowingly sell or share children's personal data. If you believe a child has provided personal data without authorization, contact us at info@looply-joydream.online and we will take appropriate action.

🔗 23. Third-Party Services and Links

The Services may contain links to or integrations with third-party websites, advertisers, survey providers, offer walls, payment providers, and partner services. Their privacy practices are governed by their own privacy policies. We are not responsible for third-party privacy practices and encourage you to review them before interacting with any third party.

🗑️ 24. Account & Data Deletion

You may request deletion of your account and associated personal data by:

  • using any available in-app deletion feature, such as Settings → Account → Delete Account;
  • emailing us at info@looply-joydream.online with subject: "Account Deletion Request – Looply".

We will process verified deletion requests within the timeframe required by applicable law. We may retain limited data where necessary for legal compliance, accounting, tax records, fraud prevention, security, dispute resolution, or enforcement of rights.

📝 25. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, legal requirements, SDKs, permissions, data practices, or business operations. When we make material changes, we will update the "Last Updated" date and provide additional notice where required by law.

📬 26. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our privacy practices:

🎮 Looply

Developer: Karut Interactive

Address: ADEM YAVUZ MAH. ULUKENT SK. NO: 27 İÇ KAPI NO: 8 ÜMRANİYE / İSTANBUL, Türkiye

📧 Email: info@looply-joydream.online

📧 Support: info@looply-joydream.online

🏛️ Turkish Data Protection Authority: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr

We aim to respond to privacy-related inquiries within the timeframe required by applicable law.