Effective: 19 June 2026 · version v2026-06-19
Privacy Policy — Aperko
Operator (Controller)
- Company name: Skyward Capital s. r. o.
- Registered seat: Segnerova 719/4, 841 04 Bratislava – Karlova Ves, Slovak Republic; Company ID (IČO): 52214923
- Registration: Commercial Register of the Municipal Court Bratislava III (formerly District Court Bratislava I), section: Sro, insert no. 135081/B
- Data protection contact: info@aperko.com
- Data Protection Officer (DPO): not appointed
Effective from: 19 June 2026
1. Introduction and scope
1.1 This Policy explains what personal data we process when providing the Aperko dating service (the “Service”), for what purposes, on what legal basis, to whom we disclose it, and what rights you have.
1.2 The Service is intended solely for persons over 18 years of age.
2. What personal data we process
2.1 Registration and profile data: phone number, first name, year of birth, profile photographs, neighbourhood (geolocation only at the level of a city district/neighbourhood), and voluntary data (for example, height, build).
2.2 Profile answers (questionnaire): answers you provide voluntarily for the purpose of better matching.
2.3 Age and identity verification data: the verification result (“verified”) and age. We do not store identity documents — verification for all users takes place asynchronously through the provider Stripe Identity; a live video call is used only as escalation upon reasonable suspicion, and its recording is not retained unless necessary and announced in advance.
2.4 Service usage data: selections, meeting confirmations, the spending and balance of Credits, reports and blocks, and technical and log data (for example, login time).
2.5 Payment data: data on payments and tax documents. Payment card data is processed solely by the payment service provider (Stripe); we do not store it.
3. Special category data and explicit consent
3.1 Given the nature of a dating service, certain data (for example, selection preferences, certain profile answers, or photographs) may reveal data concerning a person’s sex life or sexual orientation, which are special category data under Article 9 GDPR.
3.2 We process this data solely on the basis of your explicit consent under Article 9(2)(a) GDPR, which you give by a separate, active step in the Application. You may withdraw consent at any time, as easily as you gave it (in account settings or at info@aperko.com); withdrawal does not affect the lawfulness of processing before withdrawal. Without this consent, the relevant features of the Service cannot be provided.
3.3 We process photographs as ordinary personal data; we do not use facial recognition or any other biometric identification.
4. Purposes and legal bases of processing
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Creation and management of the account, provision of the Service, matching and intermediation of meetings, management of Credits | registration, profile, usage data | Performance of a contract — Art. 6(1)(b) GDPR |
| Processing of data revealing sex life / orientation (preferences, sensitive profile answers, photos in this context) | special category | Explicit consent — Art. 9(2)(a) GDPR |
| Age (18+) and identity verification | verification result, age | Performance of a contract and legal obligation — Art. 6(1)(b) and (c) GDPR |
| Processing of payments, issuing and retaining tax/accounting documents | payment, billing | Legal obligation — Art. 6(1)(c) GDPR |
| Security, fraud prevention, handling of reports, blocking | usage data, reports | Legitimate interest — Art. 6(1)(f) GDPR |
| Service-related notifications | phone number, contact details | Performance of a contract — Art. 6(1)(b) GDPR |
| Possible marketing (if introduced) | contact details | Consent — Art. 6(1)(a) GDPR |
5. Age verification
5.1 We process the data necessary to verify that you are at least 18 years of age. If verification does not prove an age of 18+, we do not activate the account and delete the data provided without undue delay. If we subsequently find that a user is under 18, we terminate the account and delete the data.
6. Recipients and processors
6.1 We disclose personal data only to the extent necessary to the following providers, who act for us as processors (or, in the cases indicated, as independent controllers) on the basis of agreements under Article 28 GDPR:
| Provider | Purpose | Note |
|---|---|---|
| Supabase | database, data hosting | hosting in the EU |
| Vercel | hosting and running the application | provider based in the USA — see Article 7 |
| Stripe + Stripe Identity | payments and identity verification | for payments/fraud prevention may act as an independent controller; provider based in the USA — see Article 7 |
| Meta / WhatsApp Cloud API | delivery of notifications | only the phone number is disclosed for notification purposes; provider based in the USA — see Article 7 |
| Cal.com | booking and scheduling | — |
| Resend | delivery of e-mails | — |
6.2 We may also disclose data to the competent authorities where required to do so by law.
6.3 We do not sell personal data and do not share it with other Users beyond what is necessary to intermediate a connection (for example, displaying a profile to the counterparty within the Service).
7. Transfers to third countries
7.1 Some providers (for example, Vercel, Stripe, Meta) may process data outside the European Economic Area. In such a case, the transfer is secured by appropriate safeguards under Article 46 GDPR — in particular certification under the EU-U.S. Data Privacy Framework, or the European Commission’s standard contractual clauses together with a transfer impact assessment. Further information is available on request at info@aperko.com.
8. Retention period
8.1 Active account: we retain data for the duration of the account.
8.2 Inactive profiles are retained for 6 months from the last login; thereafter we delete or anonymise them.
8.3 Erasure on request is handled within 30 days.
8.4 Tax and accounting documents are retained for the statutory period (generally 10 years) on the basis of a legal obligation, including after the account is cancelled; during this period we process only the data necessary to fulfil that obligation.
8.5 Data processed on the basis of consent is retained until consent is withdrawn, unless another legal basis provides otherwise.
9. Your rights
9.1 As a data subject, you have the right to access your data and a copy of the data processed; to rectify inaccurate data; to erasure (“the right to be forgotten”) under the conditions of the GDPR; to restriction of processing; to portability of data processed on the basis of a contract or consent; to object to processing based on legitimate interest; and to withdraw consent at any time (including the consent under Article 3).
9.2 You may exercise your rights at info@aperko.com. We will generally handle a request within one month.
9.3 You have the right to lodge a complaint with a supervisory authority. Given the Operator’s seat in Slovakia, the lead supervisory authority is the Office for Personal Data Protection of the Slovak Republic (dataprotection.gov.sk). Users from other states may also contact the competent supervisory authority of the state of their residence.
10. Automated processing and matching
10.1 For intermediation purposes, we use a matching algorithm that suggests suitable connections based on profile data, preferences, and neighbourhood. This processing does not lead to decisions with legal or similarly significant effects under Article 22 GDPR — it serves solely to display suggestions within the Service; the final decision on a meeting is always yours.
11. Data Protection Officer (DPO) and impact assessment
11.1 Given the processing of special category data, we have carried out (and keep updated) a data protection impact assessment (DPIA) under Article 35 GDPR. If a DPO has been appointed, their contact is stated above; if not appointed, we continuously assess the need to appoint one according to the scope of processing (Article 37 GDPR).
12. Security
12.1 We have adopted appropriate technical and organisational measures to protect data (in particular encrypted transmission, access control, and minimisation of stored data — for example, geolocation only at neighbourhood level, and not storing identity documents or payment cards).
12.2 In the event of a personal data breach posing a risk to your rights, we proceed under Articles 33 and 34 GDPR (notification to the supervisory authority within 72 hours, and to you in the event of high risk).
13. Changes to this Policy
13.1 We may update this Policy. We will inform you of material changes in advance (by e-mail or in the Application). The current version is always available in the Application with the effective date stated.
14. Contact
For data protection matters, contact us at info@aperko.com.