Privacy Policy

This policy explains how personal data collected through services offered by DuoVisionare processed, stored, and protected. It is prepared with reference to Turkey's Law No. 6698 on the Protection of Personal Data (KVKK) and, where applicable, the EU GDPR.

For instructions on deleting your account and related data (including Meta integrations), see also our data deletion page.

Last updated: April 8, 2026destek@duovision.com.tr

Data controller

For the purposes of this Privacy Policy, the data controller is Fatih Erol Demirci. This policy applies to all services provided through https://duovision.tr and related web or mobile experiences.

Tax / MERSIS No.:14491959340

Address:Selçuk Mahallesi Şehit Ömer Halisdemir Caddesi GizliBahçe Konutları B Blok No:6 Selçuklu/Konya

Contact:destek@duovision.com.tr

Personal data we process

Depending on how you use the platform, we may process the following categories:

2.1 Identity and contact

Name, surname, email, phone number, company/brand name, Instagram username(s).

2.2 Account and connection data

Meta (Facebook/Instagram) access tokens (stored encrypted), Instagram Business account identifiers, and related profile metadata synced via Meta.

Important: DuoVisionnever asks for, collects, or stores Meta, Facebook, or Instagram passwords. Authorization uses Meta's official OAuth 2.0 flows.

2.3 Platform usage

Sign-in/out signals, in-app navigation and usage signals, calendar drafts and plans, comment and DM reply history associated with connected accounts.

2.4 Technical data

IP address, browser type and version, time zone preferences, cookie data where used.

2.5 Payments

Payments are made by bank transfer (wire/EFT). Bank account details you provide are used only to verify payments and are not stored in our systems. Invoices and payment-related records may be retained for ten (10) years where required by law.

Purposes and legal bases

We rely on purposes and bases consistent with applicable law, including:

Providing the service under contract

Performance of a contract

AI-assisted content features and DM/comment assistant suggestions

Legitimate interests / consent

Operating Instagram and Meta API integrations

Consent

Customer support

Legitimate interests

Compliance (tax, audit)

Legal obligation

Security and fraud prevention

Legitimate interests

Processors and disclosures

We do not sell or rent personal data. Limited sharing may occur with service providers acting as processors, or where law requires disclosure.

4.1 Service providers (processors)

Supabase Inc.Database and authentication (global hosting; appropriate safeguards such as SCCs where applicable).

Google LLC (Gemini API)AI content generation services (global hosting; appropriate safeguards where applicable).

Meta Platforms Inc.Instagram/Facebook API integration.

Upstash Inc. (QStash / Inngest)Background job queues and scheduling infrastructure.

Vercel Inc.Application hosting.

Model training: Content processed through Gemini API for generation is not used to train third-party AI models. Outputs and confidentiality remain tied to customer responsibility and rights as described in our terms.

International transfers: Because we use global infrastructure providers, data may be processed outside your country. We use vendor arrangements and safeguards appropriate to the context.

4.2 Legal requests

We may disclose information when required by competent authorities, courts, or regulators in line with applicable law.

Retention

Account and profile dataActive account + ~6 months

DM and comment historyUp to 2 years

Billing / bookkeeping recordsUp to 10 years (legal requirement)

Technical logs~90 days

Where applicable law requires longer retention for IP/connectivity logs, data may be held for the mandated period.

CookiesSession / up to ~1 year

When retention periods expire, data is deleted or anonymized according to operational processes.

Security measures

We implement appropriate technical and organizational measures, including:

Meta access tokens encrypted at rest (AES-256); plaintext tokens are not persisted.
Transport encryption (TLS) for communications with the platform.
Role-based access controls.
Procedures for notifying relevant stakeholders and supervisory authorities within required timelines after certain security incidents (where applicable).
Confidentiality training and commitments for personnel with access.

Your rights

Subject to applicable law (including KVKK Art. 11 and GDPR Articles 15–22 where applicable), you may have rights such as access, rectification, erasure/restriction, objection, portability, and withdrawal of consent.

Deletion and Meta disconnect

You may request deletion where conditions are met. You can also disconnect Meta integrations from Settings → Account in the product, which removes associated tokens and synced Meta connection data from our side as described in-app and in our data deletion instructions.

To exercise rights, contact destek@duovision.com.tr with information reasonably needed to verify your request. We aim to respond within 30 days where required.

Cookies

We use cookies for essential operations, preferences, and limited analytics.

Strictly necessary

Authentication, security, session management

REQUIRED

Functional

Language/theme preferences

OPT-OUT

Analytics

Aggregated product usage statistics

OPT-OUT

Marketing communications

Marketing emails are sent only with opt-in consent. You can unsubscribe using the link in each message.

Children

The service is intended for individuals who are 18+ or authorized business representatives. We do not knowingly collect data from children under 18.

Updates

We may update this policy from time to time. Material updates may be communicated by email. Continued use after changes take effect constitutes acceptance of the revised policy unless applicable law requires different steps.

Complaints

For questions about this Privacy Policy:

Email:destek@duovision.com.tr

Website:https://duovision.tr

Turkish residents may lodge complaints with the Turkish DPA (www.kvkk.gov.tr), subject to procedural rules.