EN PL
Legal documents

Privacy Policy

The most important information about what data we process, why we do it, and the rights you're entitled to.

§ 1. Data Controller

The Administrator of your personal data (Data Controller) is PERFECTCLUE Sp. z o.o. with its registered office in Rzeszów, ul. Zimowit 42, 35-605 Rzeszów, entered into the Register of Entrepreneurs of the National Court Register (KRS) under number: 0000986621, NIP (Tax ID): 8133882813, REGON: 522791227. Contact regarding personal data protection and GDPR matters is possible at: [email protected].

§ 2. Purposes, Legal Bases, and Processing Period

We process your data for strictly defined purposes:

  1. Provision of the Service (Matching and Analysis):
    • Data Scope: E-mail address, date of birth, gender, location (city), content of conversations with the Assistant (Interview), match results (Vibe Score).
    • Legal Basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract).
    • Retention Period: For the duration of possessing an Account on the Platform.
  2. Login and Security:
    • Data Scope: E-mail address, system logs, IP address, cookies, session tokens.
    • Legal Basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller – fraud prevention, age verification, ensuring system integrity).
    • Retention Period: System logs are generally stored for up to 12 months, unless legal regulations require a longer period.
  3. Payments and Accounting (PRO Plan Only):
    • Data Scope: Transaction data, subscription status, invoice data (if applicable).
    • Legal Basis: Art. 6(1)(b) and (c) GDPR (performance of a contract and legal tax obligations).
    • Retention Period: 5 years from the end of the calendar year in which the tax payment deadline expired (Accounting Act requirement).
  4. Establishment, Exercise, and Defense of Claims:
    • Data Scope: Data necessary to prove the existence of a claim or defense against it (archive).
    • Legal Basis: Art. 6(1)(f) GDPR (legitimate interest).
    • Retention Period: Until the limitation period for potential claims expires (in accordance with the Civil Code – generally 3 or 6 years).

§ 3. Processing of Special Categories of Data (Sensitive Data)

  1. Data Scope: During the Interview with the Love Assistant, for better matching purposes, the User may voluntarily disclose special categories of data within the meaning of Art. 9 GDPR, such as: sexual orientation, political opinions, religious beliefs, worldview, or information regarding health/lifestyle.
  2. Explicit Consent: Processing of this data takes place exclusively on the basis of the User's EXPLICIT CONSENT (Art. 9(2)(a) GDPR). This consent is expressed through active action – i.e., answering the Assistant's questions after receiving a message regarding the nature of the processed data.
  3. Voluntariness and Withdrawal: Providing sensitive data is fully voluntary; however, failure to provide it may affect the quality or result in the inability of the matching algorithm to function. The User has the right to withdraw consent at any time (e.g., by deleting data from the profile or deleting the account), which does not affect the lawfulness of processing based on consent before its withdrawal.

§ 4. Profiling (Automated Decision-Making)

  1. Nature of the Service: The Platform bases its operation on automated data processing (profiling). The system analyzes your answers ("Core Vector") to decide whom to propose to you.
  2. Consent to the Operating Model: By accepting the Terms and Conditions, you consent to the fact that partner selection takes place automatically. Without this mechanism, providing the service in the "Set-and-Forget" model would be impossible.
  3. Rights Related to Profiling: In accordance with the GDPR, you have the right to contest a decision made solely by automated means, to express your point of view, and to request human intervention (contact with the Controller).

§ 5. Data Recipients

We transfer your data exclusively to trusted entities (Processors) necessary for the operation of the Platform, based on data processing agreements:

  • AI Provider (Data Analysis): The content of your conversations (anonymized to the highest possible extent) is processed by OpenAI (USA) via a paid API (Enterprise). According to the provider's policy, data sent via the API is not used to train its public models.
  • Infrastructure (Hosting): DigitalOcean (servers in the EEA or USA).
  • Payments: Stripe (payment card processing – the Controller does not see your card, receiving only the payment status).
  • E-mail: Twilio SendGrid (sending login codes and notifications).
  • Other Users: Your profile data (Name, City, Age, Match Results, description) is shared with another person exclusively in the event of a "Match". The content of your detailed Interview remains confidential unless you share it yourself in a private conversation.
  • Accounting Services: The entity providing accounting services for the Controller (exclusively in the case of invoices).

§ 6. Data Transfer Outside the EEA

We use services of global technology providers (OpenAI, Stripe, SendGrid). Consequently, your data may be transferred outside the European Economic Area (specifically to the USA). This transfer takes place based on appropriate legal safeguards: Standard Contractual Clauses (SCC) approved by the European Commission or the Data Privacy Framework (DPF) for US entities listed as certified organizations. This guarantees an appropriate level of protection for your data.

§ 7. Security

  1. No Photos: The Platform does not collect or archive photos of Users' faces, which eliminates risks associated with image theft or Deepfake technology.
  2. No Passwords: We do not store passwords – logging in takes place exclusively via a one-time token (Magic Link).
  3. Encryption: Data is encrypted during transmission (SSL/TLS protocol) and at rest (in the database).

§ 8. User Rights

In connection with data processing, you are entitled to the following rights:

  • Right of Access: The right to obtain access to the content of your data and receive a copy thereof.
  • Right to Rectification: The right to request rectification (correction) of data that is incorrect.
  • Right to Erasure: The right to request deletion of data ("right to be forgotten").
  • Right to Restriction: The right to request restriction of data processing.
  • Right to Portability: The right to receive your data in a structured format and transmit it to another controller.
  • Right to Object: You have the right to object to data processing based on legitimate interest (Art. 6(1)(f) GDPR).
  • Right to Lodge a Complaint: The right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office - UODO) if you consider that the processing violates GDPR regulations.

To exercise your rights, please contact us: [email protected].

§ 9. Cookies

  1. Purpose of Use: The Platform uses exclusively cookies and similar technologies (e.g., Local Storage) necessary for the technical operation of the service, including maintaining the User's session after logging in, ensuring security, and preventing abuse.
  2. Type of Files: These are temporary or persistent files. The User may change cookie settings in their browser at any time, but this may prevent the use of the Platform.
  3. No Ad Tracking: The Platform does not use marketing cookies or third-party tracking cookies for advertising purposes.

§ 10. Information regarding the reCAPTCHA service

To protect our forms from abuse and spam, we use the reCAPTCHA service provided by Google LLC. This service is used to distinguish whether a request on the website was made by a human or an automated program (bot). As part of this analysis, Google, acting as a data processor, collects and analyzes, among other things:

  • the user's device IP address,
  • hardware and browser configuration information,
  • the user's interaction history with the website (e.g., mouse movements, time spent on the page),
  • cookies necessary for the service to function.

This analysis takes place in the background and does not require the user to take any additional actions (e.g., clicking on images) unless the system assesses the risk as high. These data are processed in accordance with the data processing agreement concluded between the Administrator and Google.

§ 11. Changes to the Privacy Policy

The Policy is verified on an ongoing basis and updated if necessary. The current version of the Policy was adopted and has been in force since 01.04.2026.