Privacy Policy
FirstDoor.App Privacy Policy
Effective date: May 10, 2026
This Privacy Policy ("Policy") explains how your personal data is collected, used, shared, and protected by FirstDoor ("FirstDoor", "we") through firstdoor.app and its subdomains (including the forum/community area, together the "Platform"). FirstDoor aims to act in compliance with the United Arab Emirates Personal Data Protection Law (PDPL), the Turkish Personal Data Protection Law No. 6698 (KVKK) to the extent applicable, and the EU General Data Protection Regulation (GDPR).
1. DATA CONTROLLER AND CONTACT
Data controller: FirstDoor.app (referred to as "FirstDoor"). FirstDoor's corporate structure is currently in formation; the official company name and registered address will be updated once incorporation is complete. For all privacy-related requests, you may reach us at: support@firstdoor.app.
2. SCOPE
This Policy applies to members who create an account on the Platform, persons who visit or use the forum, newsletter subscribers, persons who submit support requests, and natural persons who otherwise interact with the Platform. The data practices of third-party sites, wallet applications, and blockchain networks are outside the scope of this Policy.
3. DATA WE COLLECT
3.1 Data you provide directly:
- Account data: e-mail address, username, password (stored as an irreversible hash), language and notification preferences;
- Profile data (optional): display name, avatar, biography, social media links;
- Forum content: topics you create, posts, comments, votes, reports/complaints, and private messages;
- Communication data: support requests, feedback, and your correspondence with us;
- Event/campaign data: information about your participation in quest-reward and community campaigns.
3.2 Automatically collected data:
- IP address, browser and device information, operating system, language setting;
- Session logs, access times, pages viewed, referring addresses;
- Data obtained through cookies and similar technologies (for details, see the Cookie Policy — Document 5).
3.3 Wallet and blockchain data: If you connect a wallet to your account, your public wallet address is linked to your account. Transaction history on the blockchain is, by design, publicly available and is not generated or controlled by FirstDoor.
3.4 Identity verification (KYC) data: FirstDoor does not currently apply KYC and does not collect identity documents. If KYC becomes necessary in the future due to regulatory requirements, the process will be carried out through specialized third-party providers; as a rule, FirstDoor does not retain copies of your identity documents in its own systems and receives only the verification result (approved/rejected) from the provider, and this will be announced separately.
3.5 We do not request your special-category personal data (health, religion, biometric data, and similar); we recommend that you do not post such data on the forum.
4. PROCESSING PURPOSES AND LEGAL BASES
| Purpose | Examples | Legal basis |
|---|---|---|
| Provision of the service | Account creation, session management, operation of the forum, wallet linking | Establishment and performance of a contract |
| Security and prevention of misuse | Bot/sybil detection, combating phishing and fraud, moderation, IP blocking | Legitimate interest; legal obligation |
| Legal obligations | Requests from competent authorities, record retention, (if implemented in the future) sanctions screening and KYC/AML processes | Fulfillment of a legal obligation |
| Communication | Verification e-mails, security alerts, service announcements, support responses | Performance of a contract; legitimate interest |
| Marketing | Newsletter, campaign, and new-project announcements (only if you have given consent) | Explicit consent (may be withdrawn at any time) |
| Analysis and improvement | Usage statistics, debugging, performance measurement | Legitimate interest; explicit consent with respect to analytics cookies (see Cookie Policy — Document 5) |
| Protection of rights | Evidence in disputes, asserting claims and defenses | Legitimate interest; establishment and protection of a right |
5. SHARING OF DATA
We do not sell your personal data. Your data is shared only in the following circumstances and to the extent necessary:
- Service providers: hosting/cloud, e-mail delivery, analytics, security, customer support, and (if KYC is implemented in the future) identity verification providers — only in accordance with our instructions and under contractual confidentiality obligations (principally: Firebase Hosting — hosting; Firebase (Google LLC) — database/authentication; Resend — e-mail; Google Analytics — analytics);
- Legal necessity: with competent authorities pursuant to a court order, administrative request, or legal requirement;
- Protection of rights: where necessary to protect the rights, safety, and property of FirstDoor, users, or third parties;
- Corporate transactions: in the event of a merger, acquisition, or asset transfer, provided that protection consistent with this Policy is ensured;
- Publicly accessible areas: content you publish on the forum, your username, and your profile are visible to everyone; these may be indexed by search engines.
6. TRANSFER ABROAD
FirstDoor is established in the United Arab Emirates, and our service providers may be located in different countries. As a result, your data may be transferred outside the country in which you are located. Appropriate contractual safeguards, standard contractual clauses, and other mechanisms required by law are used for such transfers. For users located in Turkey, the requirements under KVKK Art. 9 are addressed through the KVKK Notice (Document 3) and the Explicit Consent Text (Document 4).
7. IMPORTANT NOTICE REGARDING BLOCKCHAIN DATA
8. RETENTION PERIODS
| Data category | Retention period |
|---|---|
| Account and profile data | For the duration of membership; deleted or anonymized within 90 days at the latest from account deletion (statutory retention obligations reserved) |
| Forum content | When the account is deleted, the profile link is removed; posts may be retained in anonymized form to preserve content integrity, or deleted upon request |
| Security and access logs | 12 months |
| KYC verification results (if implemented in the future) | If KYC is implemented, for the minimum period required under applicable AML legislation (generally 5 years) |
| Marketing permissions and records | Until consent is withdrawn; consent/opt-out records are retained for 3 years as evidence |
| Records relevant to a dispute | For the applicable statute-of-limitations period |
9. SECURITY
We apply technical and administrative measures to protect your data, including encryption (TLS in transit), access controls, storage of passwords as an irreversible hash, logging, and regular security reviews. No system is completely secure; we recommend using a strong, unique password and two-factor authentication for your account. In the event of a data breach, notifications required by applicable law will be made.
10. YOUR RIGHTS
Depending on your jurisdiction (KVKK, GDPR, PDPL), you may have the following rights:
- To learn whether your data is being processed and to request information about it;
- To request information and access to your data if it has been processed;
- To request correction of incomplete or inaccurate data;
- To request deletion or destruction within the framework of the conditions set out in applicable law (the limitation in Article 7 applies to on-chain data);
- To request restriction of processing and to object to processing;
- To request data portability (to the extent applicable);
- To withdraw any consent you have given at any time;
- To file a complaint with a supervisory authority (the Personal Data Protection Board in Turkey; the local supervisory authority in the EU; the relevant data protection office in the UAE).
You may submit your requests to support@firstdoor.app. Additional information may be requested to verify your identity. Requests are, as a rule, answered within thirty (30) days at the latest.
11. CHILDREN'S DATA
The Platform is not directed at persons under the age of 18, and we do not knowingly collect data from such persons. If we become aware that we have processed data belonging to a user under the age of 18, we will close the account and delete the data. You may report such a situation to support@firstdoor.app.
12. COOKIES
The use of cookies and similar technologies is explained in a separate document, the Cookie Policy (Document 5).
13. CHANGES TO THE POLICY
We may update this Policy from time to time. Material changes will be announced via the Platform and/or by e-mail. The current version takes effect upon publication; the "Last updated" date is revised accordingly.
14. CONTACT
For your questions and requests: support@firstdoor.app