Update Date: July 31, 2023

1. Objective

Code in Fire (“Code in Fire” or “Company”), aims to process the personal data of users in accordance

with general principles of privacy and the provisions of the applicable data protection legislation to the

relevant person, particularly Law on Personal Data Protection No. 6698, (“PDP Law”) and other

applicable legislation.

Your personal data, which you provided/will provide to our Company and/or obtained by our Company

by any external means, may be processed by our Company as “Data Controller”;

 In the context of the objective of processing your personal data and in connection with this

purpose, in a limited and measured manner,

 By maintaining the accuracy and up-to-date version of the personal data as reportedor notified

to our Company,

 May be recorded, stored, preserved, reorganized and be transferred to the institutions

authorized to request such personal data by law and shall be transferred, classifiedand shared

with third parties within the country or abroad under the conditions stipulated by legislation

and upon your explicit consent if necessary, and they may beprocessed by other means listed

under the legislation and be subject to other procedures set forth in the legislation.

This Privacy Policy is adopted for the continuance and improvement of the activities carried out by

Code in Fire in line with the principles set forth in the PDP Law.

This Privacy Policy describes which data we collect, how we intend to use, store, protect and share the

data we collect, how you can withdraw your consent for the processing of these data and how you can

correct and revise the data.

Capitalized terms in this Policy shall have the meanings specified in the Terms and Conditions unless

defined separately in this Policy.

2. Collection of Personal Data and Method

Code in Fire may process your personal data for the purposes specified in this Privacy Policy.

The personal data of users collected and used by Code in Fire in particular, are as follows: identifier

foradvertisers designated in your mobile device used in accessing our services (The Identifier for

Advertisers-IDFA), identifier for vendors/developers designated your mobile device (TheIdentifier for

Vendors-IDVF) and Internet Protocol Address-IP Address.

Data Categories and Data Types

Process Security

Internet traffic data (network movements, IP address, visit data, time and date information), device

name, Token ID (when you allow notifications through your device), identifier for advertisers

designated in your mobile device used in accessing our services (if you give a permission, the Identifier

for Advertisers-IDFA), identifier for vendors/developers designated your mobile device (The Identifier

for Vendors-IDVF)

Marketing Data

IDFA, IDVF

We may collect your above mentioned data directly from you through electronic or physical mediums,

your mobile device, third party applications or third party sources which you can access our application

through these mediums such as Apple App Store, Google Play AppStore (similar platforms together

with “App Stores”), for the purposes of compliance with legal obligations, enhancing our services,

administering your use of our services, as well asenabling you to enjoy and easily navigate our services.

We may collect your log data generated while you are using our services/applications (through our

products or third party products). This log data may include information such as your device’s Internet

Protocol (“IP”) address, device name, operating system version, the configuration of the app when

utilizing our service/application, the time/date of your use of the service/application, and other

statistics.

General Principles Regarding Personal Data Processing

In accordance with this Privacy Policy, personal data are processed by Code in Fire as a data controller

in line with the basic principles named here: (i) being in accordance with law and good faith, (ii) being

accurate and, where necessary, up-to-date, (iii) being processed for specific, explicit and legitimate

purposes, (iv) being limited for the purpose for which they are processed and data minimization; and

(v) being stored for the period stipulated in the relevant legislation or required for the purpose for

which they are processed.

3. Purposes of Processing Personal Data and Legal Reasons

Your personal data will be processed via automatic or non-automatic means for the purposes stated

below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law where it is

expressly permitted by the laws, the establishment of a contract or direct relation to the execution or

performance of the contract and for the legitimate interests of Code in Fire provided that your

fundamental rights and freedoms are protected.

a) Purposes of Processing Personal Data

In accordance with this text, your personal data is processed for the following purposes

inaccordance with the above general conditions:

Process Security

● Execution of activities in compliance with legislation

● Execution of company/product/service commitment operations

● Execution of communication activities

● Execution/auditing of business activities

● Execution of goods/services sales processes

● Conducting storage and archive activities

● Execution of agreement processes

● Execution of information security processes

● Conducting audit/ethical activities

● Execution/audit of business activities

● Conducting activities to ensure business continuity

● Providing information to authorized persons, institutions and organizations

Marketing Data

● Conducting marketing analysis studies

● Execution of advertising/campaign/promotion processes

Besides, the purposes of processing personal data may be updated in line with our obligations

arising from our company policies and legislation; in particular,

● Customizing our Services, understanding our users and their preferences to enhance user

experience and enjoyment using our Services and improve our users’experience,

● Informing about new products, services and applications and delivering you information

regarding advertisements and promotions,

● Carrying out the processes of information security,

● Conducting activities in accordance with legislation,

● Fulfilling the demands of competent authorities,

● Conducting communication activities,

● Conducting the processes of contracts,

● Carrying out strategic planning activities,

● Following up requests and complaints

b) Legal Reasons

Process Security

● The law explicitly stipulates the process by which weprocess your personal data

● Conditions that are necessary in order to fulfill our legalobligation

● It is necessary to process your personal data, provided thatwe establish a contractual relationship

with you, or that itis directly related to our performance obligation arisingfrom this contract

Marketing Data

● Your explicit consent (acquired via Apple and/or Google)

Third Party Websites and Applications

Code in Fire Apps (Code in Fire); may contain links to other websites that are unknown to Code in Fire

and whose content is not controlled. These linked websites may contain terms and conditions other

than Code in Fire texts. Code in Fire cannot be held responsible for the use or disclosure of information

that these websites may process. Likewise, Code in Fire shall not have anyresponsibility for any links

from other sites provided to Code in Fire Apps owned by Code in Fire.

We collect information by fair and lawful means, with your knowledge and consent. We also let you

know why we’re collecting it and how it will be used. You are free to refuse our request for this

information, with the understanding that we may be unable to provide you with some of your desired

services without it.

Cookies are little text files that are stored on the browser or hard drive of your computer or mobile

device when you visit a webpage or application. Cookies allow a website to run more efficiently in

addition to ensuring the presentation of personalized web pages in order to make you live a faster visit

experience which is more fit for your specific personal needs and demands. Containing only data on

your website visit history via the internet, cookies do not collect any information, including your

personal data/files stored on your computer or mobile device. We may use cookies when it is necessary

for operating our services, to enhance our service performance and functionality, and to deliver

content, including ads relevant to your interests, on our sites, or third-party sites. You can delete

cookies which are already present on your computer and prevent the recording/location of cookies on

your internet explorer.

Internet browsers are predefined to automatically accept the cookies as default. As the management

of cookies varies from browser to browser, you may look at the help menu of the browser or application

to get detailed information.

Push Notifications

Code in Fire may occasionally send you push notifications via its mobile applications regarding

application upgrades or notifications about our services. You can always edit such communication and

notifications through the settings on your device and stop receiving such communications and

notifications.

Your data will be stored for the duration specified in the applicable legislation or for a reasonable time

until the purpose of processing cease to exist, or during legal periods of limitation.

Code in Fire may continue to store your personal data, even after the expiry of the purpose of its use

provided that it is required by other laws or a separate granted by you in this regard.

In cases that you allow Code in Fire to store your personal data for additional time by giving your

consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such

additional time or once the purpose of processing no longer exists.

Technical and Administrative Measures

Code in Fire stores the personal data it processes in accordance with relevant legislation for periods

stipulated in relevant legislation or required for the purpose of processing. Code in Fire undertakes to

take all necessary technical and administrative measures and to take the due care to ensure the

confidentiality, integrity and security of personal data. In this context, it takes the necessary measures

to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure,

modification or destruction of data. Accordingly, Code in Fire takes the following technical and

administrative measures regarding the personaldata it processes:

Anti-virus application. On all computers and servers in Code in Fire's information technology

infrastructure, a periodically updated anti-virus application is installed.

Firewall. The data center and disaster recovery centers hosting Code in Fire servers are protected by

periodically updated software-loaded firewalls; the relevant next generation firewalls control the

internet connections of all staff and provide protection against viruses and similar threats during this

control.

VPN. Suppliers can access Code in Fire servers or systems through SSL-VPN defined on Firewalls. A

separate SSL-VPN identification has been made for each supplier; with the identification made, the

supplier only provides access to the systems that it should use or is authorized to use.

User identifications. Code in Fire employees' authorization to Code in Fire systems is limited only to

the extent necessary by job descriptions; in case of any change of authority or duty, systemic

authorizations are also updated.

Information security threat and event management. Events that occur on Code in Fire servers and

firewalls, are transferred to the “Information Security Threat and EventManagement” system. This

system alerts the responsible staff when a security threat occursand allows them to respond

immediately to the threat.

Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through

environments encrypted with cryptographic methods and cryptographic keys arestored in secure and

various environments.

Logging. All transaction records regarding sensitive data are securely logged.

Two-factor authentication. Remote access to sensitive data is allowed through at least two-factor

authentication.

Penetration test. Periodically, penetration tests are performed on servers in the Code in Fire system.

The security gaps created as a result of this test are closed and a verification test is performed to show

that the relevant security gaps have been closed. Besides, InformationSecurity Threat and Event

Management System automatically performs penetration tests.

Information Security Management System (ISMS). At the ISMS meetings made within Code in Fire, the

topics contained in the control forum are audited monthly by the director of information technology.

Training. In order to increase the awareness of Code in Fire employees against various information

security violations and to minimize the impact of the human factor in information violation incidents,

trainings are provided to employees at regular intervals.

Backup. Code in Fire periodically backs up the data it stores. As a backup mechanism, it usest he backup

facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops

when deemed necessary, provided that it is in compliance with relevant legislation and provisions of

this Policy.

Non-disclosure agreement. Non-disclosure agreements are concluded with employee staking part in

sensitive personal data processing

Transfer of sensitive personal data. If transfer of sensitive personal data is required through email;

such transfer is done through (i) encrypted corporate email or (ii) Registered E-mail.

In the event that the personal data is damaged as a result of attacks on Code in Fire Apps or on the

Code in Fire system, despite Code in Fire taking the necessary information security measures, or the

personal data is obtained by unauthorized third parties, Code in Fire notifies this situation to Users

immediately and, if necessary, to relevant data protection authority and takes necessary measures.

4. Transferring Personal Data to Third Parties

The procedures and principles to be applied for transferring of personal data are regulated in articles 8

and 9 of the PDP Law, and the personal and special categories of data of the supplier may be transferred

to third parties within the country or abroad since we may use servers and cloud systems located

abroad.

Your personal data may be transferred abroad for the following reasons:

● Conducting storage and archive activities

● Conducting business activities

● Managing customer relationship management processes

Code in Fire may also transfer your personal data to services providers of our Company, third parties

such as Facebook SDK, Adjust and Firebase Analytics which are embedded into ourservice for the

following purpose:

● Sharing identity, communication and transaction security information with authorized public

institutions and organizations for the purpose of execution of activities incompliance with legislation,

monitor and execution of legal affairs, informing authorized persons, institutions and organizations.

5. Your Rights as the Data Subject

Pursuant to Article 11 of the PDP Law, you may request the following regarding your personal data by

applying to Code in Fire.

● Learn whether or not your personal data have been processed;

● Demand for information as to if your personal data have been processed;

● Learn the purpose of the processing of personal data and whether data are used inaccordance with

their purpose;

● Know the third parties in the country or abroad to whom your personal data have been transferred;

● In case the personal data is processed incompletely or inaccurately; requesting notification of the

transactions made under this scope to third parties to whom personal data have been transferred;

● Request deletion, destruction or anonymization of personal data if the reasons for the processing

have disappeared and request notification of the transactions made under this scope to third parties

to whom personal data have been transferred;

● Object to occurrence of any result that is to your detriment by means of the análisis of personal data

exclusively through automated systems;

● Request compensation for the damages in case you incur damages due to unlawful processing of

your personal data.

Where General Data Protection Regulation (GDPR) is applicable, data subjects have the following rights:

● Right of access - Learning whether personal data is being processed and, if so, accessing your personal

data and the information regarding the processing of yourpersonal data,

● Right to correction -To request the correction of information that you believe is inaccurate or the

completion of information that you believe is incomplete by Code in Fire,

● Right to delete – To request deletion of personal data under the conditions stipulatedin GDPR,

● The right to restrict processing - To request the restriction of the processing of personal data under

the conditions stipulated in the GDPR,

● Right to object to processing - To object to the processing of personal data under the conditions

stipulated in the GDPR,

● Right to data portability - To request the data collected by Code in Fire to be transferred directly to

another organization or under certain conditions,

● Objection to the occurrence of a result against the person himself/herself, by analyzing the processed

data exclusively through automatic systems, including profiling.

In the application that includes your explanations about the right you have as the data subject and

exercise your rights stated above and that you request to exercise; your request must be explicit and

understandable, if the subject of your request is related to you or if you are acting on behalf of someone

else, you must be specially authorized in this regard and your authority must be documented, the

application must contain identity and address information and documents proving your identity must

be attached to the application. Our Company Will enable you to file such requests through the “Data

Subject Application Form”at contact@codeinfire.com. In accordance with Article 13 of the PDP Law,

our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest depending

on the nature of the request. In case the request is rejected, the reason or reasons for the rejection will

be notified in writing or electronically along with its justification.

If you believe that we or someone with whom we have transferred your data is violating your rights,

you can file a complaint to the data protection authority in your country and to otherc ompetent

supervisory authorities.

This Privacy Policy may be revised by our Company when deemed necessary. If you continue to access

Code in Fire Apps and use or access Code in Fire Apps without benefiting from the Services offered by

RETENTION, CORRECTION, AND DELETION OF PERSONAL INFORMATION

(a) Personal Information that we process shall not be kept for longer than is necessary for the relevant

purpose. We will retain your Personal Information as follows:

i. Personal Information will be retained for as long as you have a User Account (as described in our

Terms and Conditions of Use) or as required by law or our own backup and security policies.

ii. We will comply with any user’s requests regarding access, correction, and/or deletion of the Personal

Information we store in accordance with applicable law, including the EU General Data Protection

Regulation (GDPR). To request that we correct, delete, or export any Personal Information, please

iii. To delete your account, please proceed with the followings:

- Write us an email (contact@codeinfire.com) with the subject [ACCOUNT DELETION].

- Send us the complete information of the account (Full name, registered Email and user).

- We will validate your information and the account will be deleted.

Even after the account deletion, however, we may still retain your data for dealing with us in the event

of complaints, disputes, challenges, and/or litigations regarding your data as well as to follow legal

obligations including our Terms of Service, tax, and/or accounting requirements.

iv. To further request that we correct, delete, or export any Personal Information, please contact us via

email at contact@codeinfire.com

Code in Fire after the notification period, you shall be deemed to have allowed the changes in this