Privacy Policy

Publication Date: April 21, 2026
Effective Date: April 21, 2026
Version: 1.0

BeMatrx ("App", "we", "us", "our") takes your privacy seriously. This Privacy Policy explains what personal data we collect when you use the BeMatrx mobile application, how we use it, with whom we share it, and your rights regarding your data.

By using BeMatrx, you agree to the practices described in this Privacy Policy.

1. Data Controller

Data Controller: BeMatrx Labs
Address: Antalya, Türkiye
Email: privacy@bematrx.com
Website: bematrx.com

2. About Our Service

BeMatrx is a social mobile application where you live a chosen life: create characters, pursue virtual careers, engage in social interaction, and participate in a virtual economy.

Minimum Age: BeMatrx is intended for users aged 17 and above. Individuals under 17 are prohibited from using the App.

3. Data We Collect

3.1. Information You Provide Directly

When creating an account and using the App, you provide us with:

  • Account Information: Email address, password (encrypted), BeMatrx ID (auto-assigned)
  • Profile Information: Display name, profile photo, character choice (avatar), age range, gender (optional), career preference, city/location preference
  • Content: Photos you share, text posts (moments, stories), comments, likes, voice recordings, private messages
  • Communications: Messages you send us for support or feedback

3.2. Information Collected Automatically

  • Device Information: Device type (iOS/Android), operating system version, app version, unique device identifiers
  • Usage Data: How you use the App (which screens you visit, time spent, features used)
  • Log Data: IP address, access time, session information
  • Notification Data: Device token for push notifications
  • Error Reports: Technical data when the App crashes or encounters errors (via Sentry)

3.3. Information from Third Parties

If you sign in with Apple ID or Google Account, we may receive basic account information such as email address and name from those providers.

4. How We Use Your Data

We use the collected data for the following purposes:

  • Creating and managing your account
  • Providing the App's core features (character creation, messaging, social interactions)
  • Matching users with each other (followers, messaging, city-based interactions)
  • Sending push notifications (messages, interactions, alerts)
  • Detecting and resolving technical issues
  • Improving the App and developing new features
  • Preventing fraud, spam, harassment, and other abuse
  • Fulfilling our legal obligations
  • Responding to your support requests
  • Enforcing our Terms of Service

5. Data Sharing and Third Parties

We do not share your personal data with third parties except in the following cases:

5.1. Service Providers

BeMatrx uses the following third-party services:

  • Supabase (USA/EU): Database, authentication, file storage, real-time communication infrastructure
  • Expo / EAS (USA): App build, update distribution, push notification service
  • Sentry (USA): Error reporting and crash analytics
  • Apple Inc. (USA): iOS distribution, App Store payments (if applicable), push notifications
  • Google LLC (USA): Android distribution, Google Play payments (if applicable), FCM push notifications

These service providers process your data only on behalf of BeMatrx and according to our instructions.

5.2. Legal Requirements

We may share your data when required by law, court order, or legitimate requests from authorized legal authorities.

5.3. Other Users

Parts of your profile information (display name, BeMatrx ID, profile photo, character, city, posts) are visible to other users. You can manage these preferences in your account settings.

5.4. Business Transfers

In the event that BeMatrx Labs is sold to, merged with, or has its assets transferred to another company, your personal data may be transferred to the relevant third party. In such cases, we will inform you in advance with reasonable notice.

6. Data Retention

We keep your account data only as long as your account is active. When you delete your account, your data is removed from active systems immediately. Encrypted technical backups maintained by our infrastructure provider follow their standard rotation cycle and are not user-accessible.

Anonymized log and error data — which does not identify you personally — may be retained for limited security, fraud prevention, and abuse mitigation purposes.

Some data may be retained longer where required by law (for example, tax records, legal hold orders, or regulatory compliance).

7. Your Rights Under Applicable Laws

Depending on where you live, you may have certain rights regarding your personal data under applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Children's Online Privacy Protection Act (COPPA), and the Turkish Personal Data Protection Law No. 6698 (KVKK).

7.1. Under GDPR (European Union / EEA)

  • Right to Information: Learn which data is being processed
  • Right of Access: Obtain a copy of your data
  • Right to Rectification: Have incorrect or incomplete data corrected
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Request restriction of certain processing activities
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to certain data processing
  • Automated Decision-Making: Right not to be subject to solely automated profiling

7.2. Under CCPA (California, USA)

  • Right to Know: Know what personal information is collected, used, shared, or sold
  • Right to Delete: Request deletion of personal information collected from you
  • Right to Opt-Out: Opt-out of the sale of personal information (BeMatrx does not sell personal data)
  • Right to Non-Discrimination: Receive equal service and price even when you exercise your privacy rights

7.3. Under COPPA (USA, children under 13)

BeMatrx does not knowingly collect personal information from children under 13. If a parent or guardian discovers their child under 13 has created an account, they may contact us at privacy@bematrx.com to review, delete, or stop further collection of their child's information. We comply with applicable child protection laws including GDPR (EU, children under 16), COPPA (USA, children under 13), and KVKK (Türkiye, minor consent provisions).

7.4. Under KVKK (Türkiye)

  • Right to Information: Learn whether your personal data is being processed
  • Right of Access: Request information about the processing of your data
  • Right to Rectification: Have incomplete or inaccurate data corrected
  • Right to Erasure: Request deletion or destruction of your data
  • Right to Object: Object to results arising from automated processing
  • Right to Compensation: Claim damages for unlawful processing

To exercise any of these rights, email us at privacy@bematrx.com. We commit to responding to your requests within 30 days.

Delete Your Account: You can delete your account directly within the App via "Settings > Account Actions > Delete Account".

8. Data Security

We take the following measures to protect your data:

  • Passwords are encrypted using bcrypt algorithm
  • All data transmission is encrypted using HTTPS/TLS
  • Database access is protected by Row Level Security (RLS)
  • Regular security audits and updates are performed
  • In case of a breach, you and authorized authorities will be notified within 72 hours

No system is 100% secure; however, we follow industry best practices.

9. International Data Transfers

Your personal data may be transferred outside of Türkiye (particularly to the USA and EU) through providers such as Supabase, Expo, and Sentry. These transfers are made to countries with adequate protection or secured with standard contractual clauses.

10. Children's Privacy

BeMatrx is intended for users aged 17 and over. We do not knowingly collect personal information from anyone under 17. If you believe a user under 17 has provided us with personal information, please contact privacy@bematrx.com and we will take appropriate action, including account removal where applicable.

For details on how we protect minors, prevent grooming, and handle reports of child sexual abuse material (CSAM), see our Child Safety Standards.

11. Cookies and Tracking Technologies

The BeMatrx mobile app does not use traditional cookies. However, we use the following technologies:

  • Device Identifiers: For session management and security
  • Push Tokens: Identifiers provided by Apple/Google to send notifications
  • Local Storage (AsyncStorage): To store session information and preferences on your device

12. Advertising

Currently, no third-party advertising is shown in BeMatrx. If we introduce advertising in the future, this Privacy Policy will be updated and the relevant advertising providers (such as AdMob, Unity Ads) will be listed here.

13. In-App Purchases

Currently, there are no in-app purchases in BeMatrx. If added in the future, payment processing will be managed by Apple App Store and Google Play; BeMatrx will not have access to your credit card information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When significant changes occur, we will notify you through the App or via your registered email address. If you do not accept the updated policy, you may close your account.

The last update date is shown at the top of this page.

15. Contact Us

If you have questions or concerns about our Privacy Policy, please contact us:

Email: privacy@bematrx.com
Address: Antalya, Türkiye
Web: bematrx.com

16. Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction:

🇹🇷 Türkiye (KVKK)

If you reside in Türkiye, you may file complaints regarding your data with the Personal Data Protection Authority (KVKK):

Web: www.kvkk.gov.tr

🇪🇺 European Union / EEA (GDPR)

If you reside in the European Union or EEA (including Iceland, Liechtenstein, and Norway), you have the right to lodge a complaint with your national Data Protection Authority (DPA). You can find the contact details of all EU DPAs here:

European Data Protection Board: edpb.europa.eu/about-edpb/about-edpb/members_en

Alternatively, you may contact the European Data Protection Supervisor (EDPS):

Web: www.edps.europa.eu

🇺🇸 United States — California (CCPA)

If you are a California resident, you may file a complaint with:

California Attorney General: oag.ca.gov/privacy/ccpa

California Privacy Protection Agency (CPPA): cppa.ca.gov

🌍 Other Jurisdictions

If you reside outside these jurisdictions, you may contact your local data protection or consumer protection authority.

This Privacy Policy is governed by the laws of the Republic of Türkiye. In the event of any conflict between different language versions of this document, the English version shall prevail.