Effective date: May 6, 2026
Quvarte Teknoloji A.Ş. ("Company," "we," or "us") values the trust you place in us. This Privacy Policy describes how we gather, handle, retain, and disclose personal data when you download, install, register for, access, or otherwise interact with our Relook: Photo Editing & Effect mobile application and its accompanying website (collectively, the "Application"), as well as any related interactions including customer support and promotional communications.
We are dedicated to handling your personal data in alignment with the fundamental principles of data protection, particularly transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and accountability.
Below is a brief overview of the most important aspects of this Privacy Policy. For comprehensive details, please review the full sections that follow.
Your personal data is processed by Quvarte Teknoloji A.Ş. in the capacity of "Data Controller." We adhere to the principles set out in applicable data protection legislation, including but not limited to the Turkish Personal Data Protection Law No. 6698 ("KVKK") and other relevant regulations. Where applicable, this Policy also addresses requirements under the EU General Data Protection Regulation (GDPR). Region-specific supplementary information for individuals in the EEA, UK, Switzerland, and California is provided in Sections 11 and 12 below.
Our processing activities are guided by the following principles: lawfulness and fairness, accuracy and currency of data, processing for specified and legitimate purposes, proportionality and data minimization, and retention only for as long as necessary.
We may process the following categories of personal data in connection with the purposes outlined in this Policy:
When you reach out to us—whether by email, telephone, or postal mail—we may process your name, surname, phone number, email address, and the substance of your communication. Postal correspondence may also include your physical address.
If you register for an account, we collect your user ID, display name, username, profile image, authentication tokens, phone number, email address, and password.
Should you choose to sign up using a social media account (Google, Apple, or Facebook), we may receive your user ID, display name, username, profile picture, authentication token, phone number, and email address from the relevant platform.
We process content that you voluntarily provide through the Application, including but not limited to messages, text entries, uploaded files, images, photographs, graphics, audio recordings, and any other media you create, edit, or share within our services.
We may request permission to access your device's photo library, camera, or microphone to enable specific Application features. You may decline or later revoke such access via your device settings, though doing so may limit certain functionalities.
Important notice regarding sensitive content: Please refrain from uploading content containing financial information, government-issued identification numbers, health records, images of third parties without their consent, information pertaining to minors, or other confidential material. Should we inadvertently receive such data, we will take commercially reasonable steps to delete it promptly, except where retention is mandated by law.
Several Application features rely on detecting and tracking faces in images you choose to edit. This section explains exactly how facial data is processed.
On-device processing (default). Face detection, facial landmark detection, and face mesh generation are performed entirely on your device using Apple's Vision framework and Google's MediaPipe library. Both run locally on your iPhone or iPad. The resulting data—facial landmarks (coordinates of points such as eyes, nose, mouth, jawline), face mesh (a geometric surface representation), facial geometry, symmetry metrics, and expression vectors (collectively, "Facial Feature Data")—exists only in your device's transient memory for the duration of your active session. Facial Feature Data is never transmitted to our servers, never sent to any third party, and is discarded automatically when you exit the feature.
Cloud-based AI features (only with your explicit consent). Some optional AI-powered features (for example, AI makeup try-on or AI image generation) require sending the photograph you have selected to a third-party AI processing provider. In those cases: (a) only the image you explicitly choose is transmitted; (b) the on-device Facial Feature Data described above is NOT transmitted; (c) transmission only occurs after you authorize it through the in-app consent flow described in Section 11.2; and (d) the providers and their retention practices are listed in Section 11.1.
Purposes. Facial Feature Data is used solely to power photo enhancement and AR makeup overlay features. We do not use Facial Feature Data for facial recognition, identity verification, biometric authentication, behavioral profiling, advertising, marketing, or use-based data mining, and we contractually prohibit our AI Partners from doing so.
Retention. On-device Facial Feature Data is discarded on feature exit and is never persisted. Photographs you submit to a cloud AI feature are retained by the relevant AI Partner only for the period stated in Section 11.1, and in any event no longer than 30 days, after which the data is permanently deleted. We do not retain copies of Facial Feature Data on our servers.
Sharing. We do not sell, license, trade, or otherwise commercially exploit Facial Feature Data, and we do not disclose Facial Feature Data to any third party. The only data shared with AI Partners in connection with cloud-based AI features is the image you explicitly select, as described in Section 11.1.
Withdrawing consent. You may withdraw consent for cloud-based AI features at any time from the Application's Settings. You may also delete your account and associated data in-app via Settings → Privacy → Delete My Data, or by contacting us at info@quvarte.com.
We may obtain order-related information from you directly, from marketing partners, or from payment processors. This encompasses order dates, payment timestamps, subscription type, billing period, payment amounts, outstanding balances, payment status, and associated transaction identifiers such as billing IDs. We use this information to fulfill orders, manage subscriptions, and ensure accurate payment processing. Please note that we do not collect or store payment card details, as payment processing is handled by third-party providers.
With your permission, we may collect usage analytics along with advertising identifiers associated with your device—such as the Identifier for Advertisers (IDFA), the Identifier for Vendors (IDFV), the Google Advertising ID (GAID), and Firebase Analytics identifiers.
We obtain the above-described data directly from you via electronic or physical channels, from your device or browser, and from third-party platforms through which you access our services, such as the Apple App Store, Google Play Store, or payment processors like Paddle. Collection occurs for the purposes of operating our product, meeting legal obligations, enhancing service quality, managing your use of the Application, and enabling a seamless user experience.
Your personal data is processed for the following purposes, on the legal grounds permitted by applicable legislation—including where processing is expressly authorized by law, necessary for the performance of a contract, justified by our legitimate interests (provided your fundamental rights are safeguarded), or required to fulfill a legal obligation:
Additionally, where you have provided explicit consent, your Marketing Identifiers may be processed to conduct marketing analytics, deliver targeted advertising, and manage promotional campaigns. Your Identity and Contact Details may also be used, with your opt-in consent, to send communications about new products, services, or promotional offers. Furthermore, if you opt in for model improvement, your User-Generated Content may be utilized to refine our AI systems through model training.
The Application may incorporate analytics SDKs and similar tracking mechanisms to collect usage information. Cookies—small text files stored on your browser or device—help us operate our services efficiently and tailor your experience. They contain only browsing-related data and do not access personal files stored on your device. You can manage, block, or delete cookies through your browser or device settings at any time. For additional detail, please consult our Cookie Policy.
We may also send push notifications through the Application regarding service updates, new features, or promotional offers. You can manage or disable these notifications at any time through your device or Application settings.
The Application may contain links to websites or services operated by third parties that are not under our control. These external destinations may have their own privacy practices and terms, for which we bear no responsibility. Similarly, we are not liable for links that direct users to the Application from external sources.
If you provide information to us via third-party platforms, please be aware that your obligations under those platforms' terms remain in effect, and we assume no responsibility for third-party policies or practices.
Where our Application interacts with Google Workspace services, any use of user data obtained through Google Workspace APIs will comply with the Google User Data Policy, including its Limited Use provisions.
We retain your personal data for the duration prescribed by applicable law or for as long as the purpose of processing remains valid—whichever applies. Even after the original purpose has been fulfilled, we may continue to retain data where required by other legislation, where you have separately consented to extended retention, or where retention is necessary for the establishment, exercise, or defense of legal claims until the expiration of relevant limitation periods. Data subject to additional consent-based retention will be deleted or anonymized promptly upon expiry of the agreed period or upon withdrawal of your consent.
For Facial Feature Data and photographs submitted to AI-powered features, the specific retention rules in Section 4.5 and Section 11.1 apply: on-device Facial Feature Data is discarded on feature exit, and any image submitted to a cloud AI Partner is permanently deleted within 30 days at the latest.
We implement comprehensive technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data. Our measures are designed to prevent unauthorized processing, access, disclosure, alteration, or destruction of data. Key security practices include:
In the event of a data breach resulting from an attack on our systems—despite our preventive measures—we will promptly notify affected users and, where required, the relevant data protection authority, and will take all necessary steps to mitigate the impact.
The Application is not intended for use by individuals under the age of 16. We do not knowingly collect or process personal data from anyone below this age. If you become aware that a person under 16 has provided us with personal information, please notify us immediately by email so that we can take appropriate action. Users between the ages of 16 and 18 must obtain permission from a parent or legal guardian before using our services.
Personal data may be transferred to third parties located within or outside of Turkey, as we may utilize servers and cloud infrastructure in various jurisdictions. To safeguard such transfers, we rely on the Standard Contractual Clauses promulgated by the Turkish Personal Data Protection Authority pursuant to Article 9(4)(c) of the KVKK. The categories of data that may be transferred abroad include:
We may also share Marketing Identifiers with service providers, including Google, Apple, Facebook SDK, Adjust, and Firebase Analytics, for conducting marketing analysis and delivering targeted advertising or promotional campaigns.
Where legally required, we may disclose personal data to authorized public bodies, regulatory agencies, and judicial authorities.
Certain optional features of the Application rely on external artificial intelligence service providers ("AI Partners") to process and generate AI-enhanced content. When you choose to use an AI-powered feature and have provided the consent described in Section 11.2, the photograph you select is transmitted to the relevant AI Partner for the purpose of producing the requested output. The scope of data shared with AI Partners is strictly limited to the following:
Together, these are referred to as "Transferred Data." No additional personal data—including your name, email, account ID, IP address, device identifiers (IDFA/IDFV), location data, payment information, on-device Facial Feature Data, photo library, usage analytics, or any other personal data—is shared with AI Partners.
Transferred Data is used by AI Partners exclusively to generate the requested output. AI Partners are contractually prohibited from using Transferred Data for any other purpose, including model training (unless you separately opt in), advertising, marketing, profiling, or resale.
No data is transmitted to any AI Partner without your prior consent and an explicit in-app action by you (such as tapping "Generate" or "Try On"). You may withdraw consent at any time through the Application's Settings; doing so disables AI-powered features but does not affect on-device features.
Our current AI Partners are listed below. We may update this list as business needs evolve, and any changes will be reflected in this Policy:
| AI Partner | Legal Entity | Services & Transferred Data | Retention | Privacy Policy |
|---|---|---|---|---|
| Google (Gemini API) | Google LLC | AI-powered image processing and content generation. Transferred Data: Input Content, Anonymized Request Identifier. |
Up to 30 days for abuse monitoring on the paid API tier; not used to train Google's models. | policies.google.com/privacy |
| Replicate | Replicate, Inc. | AI model inference for image generation and enhancement. Transferred Data: Input Content, Anonymized Request Identifier. |
API predictions are deleted within 1 hour by default. | replicate.com/privacy |
| Fal.ai | Features and Labels Inc. | AI model inference for image generation. Transferred Data: Input Content, Anonymized Request Identifier. |
Generated outputs are retained on Fal.ai's CDN for at least 7 days, then deleted. Inputs are not used for model training. | fal.ai/privacy-policy |
Each AI Partner listed above is bound by a written data-processing agreement requiring them to: (i) process data only on our written instructions; (ii) maintain technical and organizational safeguards equal to or greater than those described in this Policy; (iii) refrain from selling, licensing, trading, or otherwise commercially exploiting the data; (iv) refrain from using the data to train any model not exclusively used to deliver the service you have requested; (v) delete the data within the periods stated above and in any event no later than 30 days; (vi) comply with applicable data protection laws including the GDPR, CCPA, and biometric privacy statutes; and (vii) notify us promptly of any security incident.
When you first launch the Application, we present a consent screen that:
If you decline, no image is transmitted to any AI Partner; on-device features (such as AR makeup overlay using Apple Vision and Google MediaPipe) remain available. In addition to this initial consent, AI features are gated behind explicit per-feature actions (for example, you must tap "Generate" or "Try On" after selecting an image).
You may withdraw this consent at any time from Settings within the Application. Withdrawal does not affect the lawfulness of any processing carried out before withdrawal. If you withdraw consent, AI-powered features will be disabled, but you can continue to use on-device features (which do not transmit any data).
Under Article 11 of the KVKK, you are entitled to exercise the following rights with respect to your personal data:
When submitting a request, please ensure that your communication clearly identifies you and specifies the rights you wish to exercise. If acting on behalf of another individual, appropriate documented authorization is required. We will process your request free of charge within 30 days, in accordance with Article 13 of the KVKK. Should your request be denied, we will provide a written explanation of the reasons.
You may also delete your account and all associated data directly within the Application via Settings → Privacy → Delete My Data.
For questions, comments, or requests regarding this Privacy Policy—or to exercise your data subject rights—please reach us through the following channels:
Company Name: Quvarte Teknoloji A.Ş.
Address: Çankaya, Ankara, Turkey
Email: info@quvarte.com
Where the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, or the Swiss Federal Act on Data Protection applies, this section supplements the information above.
In addition to the legal bases described in Section 5, certain processing activities require your consent under GDPR. You may withdraw consent at any time by contacting us or through the mechanisms described below, without affecting the lawfulness of processing that occurred prior to withdrawal:
When transferring personal data outside the EEA, Switzerland, or the UK, we employ one or more of the following safeguards:
The provisions regarding AI Partners set out in Sections 11.1 and 11.2 apply equally in the GDPR context.
Under the GDPR, you benefit from the following rights:
To exercise any of these rights, please submit your request by email. We will respond within one month, with the possibility of a two-month extension for complex requests, in which case we will notify you of the delay. If you believe your rights have been infringed, you may file a complaint with your local data protection authority.
If you are a California resident, you are entitled to additional rights under California privacy law. These include the right to know what personal information we collect, use, disclose, and share; the right to request deletion or correction of your data; the right to opt out of the sale or sharing of your personal information; the right to limit the use and disclosure of sensitive personal information; and the right to be free from discrimination for exercising your privacy rights.
We do not sell personal information for monetary consideration. We may share usage data with third-party analytics and advertising partners, which may constitute a "sale" or "sharing" under California law; you may opt out at any time through privacy settings or by contacting us directly.
For California residents, Facial Feature Data and the photographs you submit for AI-powered features may be considered "sensitive personal information" under Cal. Civ. Code § 1798.140(ae). We use this information solely to deliver the features you have requested, and we do not use or disclose such information for purposes beyond those described in this Policy. You may exercise your right to limit the use and disclosure of your sensitive personal information by contacting us at info@quvarte.com.
We may collect the following categories of personal information as defined under California law: identifiers (e.g., name, email, phone number, IP address); personal information described in California Civil Code Section 1798.80(e) (e.g., name, contact details, account name, billing data); inferences about your preferences derived from your use of the Application (where personalization features are enabled and you choose to participate); internet or network activity information reflecting how you interact with our services; and—only when you choose to use AI-powered features and provide consent—the photograph you submit, which may constitute sensitive personal information. Please refer to Sections 4 and 5 for full details.
We may utilize analytics and measurement tools provided by Google, Apple, Facebook SDK, Adjust, and Firebase Analytics to understand usage patterns and improve Application performance. These tools may collect identifiers and in-app event data. California residents may opt out or withdraw permission at any time through privacy settings or by contacting us.
For information on data retention, please see Section 8.
We may revise this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other relevant factors. The "Effective date" at the top of this document indicates the most recent revision.
For material changes—those that significantly affect your rights or the way we handle your data—we will provide prominent advance notice through the Application interface, by email to your registered address (if applicable), or through other appropriate means. Your continued use of the Application following such changes constitutes your acknowledgment of the updated terms, except where applicable law requires a different form of acceptance such as explicit consent.