Privacy Policy
Effective: May 4, 2026 Last updated: May 4, 2026
OkeyLand (“we”, “the App”) respects the privacy of its players (“you”). This policy explains what data we collect, why, how we store it, who we share it with, and what your rights are. It is compliant with Turkey’s Personal Data Protection Law (KVKK No. 6698) and the EU General Data Protection Regulation (GDPR).
1. Data controller
- Entity: Cryptosam Yazılım
- Email (legal/KVKK): info@cryptosam.com
- Email (player support): destek@okeyland.com
2. Data we collect
2.1 Sign-up & session
- Device ID (anonymous, OS-assigned) — for account matching
- Username (your choice)
- Email (optional; for social login or password reset)
- Social provider ID (Google / Apple / Facebook
subclaim if you use social login)
2.2 In-game
- Match outcomes, scores, leaderboard
- Virtual chip / diamond balance
- Chat messages (in-table, real-time; persisted up to 30 days for dispute review)
- Match action log (replay and dispute review, 30 days)
2.3 Technical
- IP address (anti-abuse, rate limit, device fingerprint only — masked, retained 14 days)
- Device model, OS version, app version
- Crash reports (anonymized — username only, no other PII)
- Performance metrics (FPS, network latency — aggregated)
2.4 IAP
- Store receipt (signed by Google Play / App Store), purchased product
- Card details are never received or visible to us — payment happens entirely within Google/Apple’s infrastructure.
2.5 What we do NOT collect
- Full legal name, national ID, date of birth
- Location (GPS / precise location)
- Phone contacts, camera, microphone
- Browsing history, list of installed apps
3. Why we process
| Purpose | Legal basis |
|---|---|
| Account creation & authentication | Performance of contract |
| Service delivery | Performance of contract |
| Anti-fraud, anti-abuse | Legitimate interest |
| Legal compliance | Legal obligation |
| Content improvement, performance analytics | Legitimate interest (anonymized) |
| Marketing notifications | Explicit consent only |
4. Third-party services
| Provider | Purpose | Region |
|---|---|---|
| Cloudflare | CDN, DDoS, TLS, asset delivery | Global edge |
| Backblaze B2 | Encrypted backup storage (AES-256) | EU-Central |
| AWS SES + SNS | Transactional email & bounce handling | EU-West |
| GlitchTip (self-hosted) | Crash and error reporting | EU (Hetzner) |
| Google Play Billing / Apple IAP | Purchase processing | Google / Apple |
| Google AdMob (optional ad-supported mode) | Ad delivery |
For cross-border transfers we ensure adequate protection per KVKK Art. 9 and GDPR Chapter V; standard contractual clauses are used where required.
5. Retention
- Account data: while account is active + 90 days after deletion request, then anonymized
- Chat messages: 30 days
- Match action log: 30 days
- IP / device fingerprint: 14 days
- Crash reports: 180 days
- Financial (IAP) records: 10 years (tax law)
6. Your rights (KVKK Art. 11 + GDPR Art. 12-22)
You have the right to:
- Know whether your data is processed and obtain related information
- Learn the processing purpose and confirm it matches that purpose
- Know domestic / international recipients
- Request correction of incomplete or incorrect data
- Request deletion or destruction
- Request that corrections, deletions, and destructions be communicated to recipients
- Object to processing exclusively by automated means
- Claim damages from unlawful processing
Send requests with identity verification to info@cryptosam.com; answered within 30 days, free of charge.
7. Security
- Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Token-equivalent secrets are signed with HMAC-SHA256, never stored in plaintext.
- Backups are encrypted, stored separately, retained ≥30 days.
- Access is role-based and limited via two-factor authentication.
- No internet-based system is 100% secure; we recommend a strong password.
8. Children
OkeyLand is for age 12+. We do not knowingly accept users under 12. If we learn an under-12 user has given us data, the account is deleted. Parents who believe their child has registered should contact us.
9. Cookies
We use only essential cookies (session, language) and Cloudflare’s network-protection cookies. Details: Cookie Policy.
10. Changes
We may update this policy. Material changes are announced in-app and by changing the “Last updated” date here.
11. Right to complain
You may complain first to us, then to Turkey’s Personal Data Protection Authority (Turkish residents) or your local data protection authority (EU residents).