Effective: 3 July 2026 · version v2026-07-03
Aperko — Guidelines for Law Enforcement
1. Introduction and scope
These guidelines describe how Skyward Capital s. r. o. (the “operator”), operator of the Aperko service, handles requests from law enforcement and other competent authorities for user data. We disclose personal data exclusively on a valid legal basis and in compliance with Regulation (EU) 2016/679 (GDPR) and other applicable law.
2. Operator and contact details
Skyward Capital s. r. o., Company ID (IČO) 52214923, registered office at Segnerova 719/4, 841 04 Bratislava, Slovak Republic.
Law enforcement contact: le@aperko.com (or in writing to the operator's registered office).
3. Required legal process
We disclose users' personal data only upon a valid, properly served request supported by appropriate legal process (e.g. a court order or an official request under applicable criminal procedure law). Without valid legal process we do not disclose data — except for emergency requests under section 6 of these guidelines.
4. Requests from foreign authorities
Requests from authorities of other states are handled through mutual legal assistance (MLAT), a European Investigation Order, or via the competent authority of the Czech Republic or the Slovak Republic — not by direct disclosure to the foreign authority.
5. What a request must contain
Submit requests in writing, on official letterhead and signed by an authorized officer. A request must include:
- the legal basis on which the request relies;
- specific account identifiers (e.g. phone number, account ID);
- the scope and time period of the data sought;
- the name, unit and contact details of the requesting officer.
Requests that do not meet these requirements may be returned for completion.
6. Emergency requests
Where there is an imminent risk of death or serious physical harm, we may, to the extent permitted by law, disclose the necessary data without a court order. Mark emergency requests “EMERGENCY” and send them to le@aperko.com together with a description of the threat, the persons concerned and the data requested. Each emergency request is assessed individually.
7. Data preservation
Upon a valid request from a competent authority, we may preserve specified data for a reasonable period pending service of the appropriate legal process. Preservation does not constitute disclosure.
8. Data we may hold
Depending on the specific account, we may hold:
- registration data: phone number, name/nickname, age, neighborhood, profile details, photos;
- connection and meeting records;
- safety records (e.g. reports, blocks);
- transaction and payment records (payments are processed by Stripe);
- consent records.
9. Data we do NOT hold
- We do not store identity documents — we keep only a “verified” flag and the user's age; identity verification is performed by an external processor.
- We do not operate a private user-to-user messaging service — there is no content of communications between users that we could disclose.
- Phone numbers are never shared between users.
10. User notice
We may notify the affected user of a request unless prohibited by law or by a valid request of a competent authority, or where notification would jeopardize an ongoing investigation or the safety of any person.
11. Retention and GDPR
Inactive profiles are generally deleted after approximately 6 months; data deleted before a request is served is no longer available. Disclosures comply with the GDPR, in particular Art. 6(1)(c) and (d), subject to the restrictions under Art. 23.
12. No informal disclosure
Other than emergency requests under section 6 of these guidelines, we do not disclose any user data informally, by telephone, or without valid legal process.