X

GDPR Compliance Policy

Last Updated: October 11, 2025

1. Introduction

This GDPR Compliance Policy outlines how Deucetek, LLC ("we," "our," or "us"), operating the dating application Uple, processes personal data of users located in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller Information

Data Controller: Deucetek, LLC

Email: support@deucetek.com

Principal Place of Business: 135 Technology Parkway Norcross,

Georgia, United States of America

3. Data Protection Officer (DPO)

Users may contact our Data Protection Officer at:

Email: support@deucetek.com

4. Legal Basis for Processing

We process personal data under the following legal bases:
4.1 Consent (Article 6(1)(a))

  • Profile creation and customization
  • Location-based matching features
  • Marketing communications
  • Cookie usage for non-essential features

4.2 Contractual Necessity (Article 6(1)(b))

  • Account creation and management
  • Core matching services
  • Communication between users
  • Payment processing

4.3 Legal Obligations (Article 6(1)(c))

  • Age verification
  • Fraud prevention
  • Law enforcement cooperation
  • Tax and financial records

4.4 Legitimate Interests (Article 6(1)(f))

  • Platform security
  • Service improvement
  • Fraud detection
  • Technical support

5. Categories of Personal Data Processed

5.1 Basic Profile Data

  • Full name
  • Date of birth
  • Email address
  • Phone number
  • Profile pictures

5.2 Special Category Data

  • Sexual orientation (with explicit consent)
  • Religious beliefs (optional, with explicit consent)
  • Ethnic origin (optional, with explicit consent)

5.3 Technical Data

  • IP address
  • Device information
  • Location data
  • Usage statistics

6. Data Subject Rights

Users in the EEA have the following rights:
6.1 Right to Access (Article 15)

  • Obtain confirmation of data processing
  • Receive copies of personal data
  • Learn processing purposes and categories

6.2 Right to Rectification (Article 16)

  • Correct inaccurate personal data
  • Complete incomplete personal data

6.3 Right to Erasure (Article 17)

  • Request deletion of personal data
  • Remove profile and account information
  • Withdraw processing consent

6.4 Right to Restriction (Article 18)

  • Limit data processing activities
  • Temporarily suspend processing
  • Maintain necessary storage only

6.5 Right to Portability (Article 20)

  • Receive data in structured format
  • Transfer data to another controller
  • Direct transmission where technically feasible

6.6 Right to Object (Article 21)

  • Object to processing activities
  • Stop direct marketing
  • Contest automated decisions

7. Data Transfers Outside the EEA

7.1 Transfer Mechanisms

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Appropriate safeguards

7.2 Data Transfer Impact Assessments

  • Regular assessment of transfer risks
  • Implementation of additional safeguards
  • Documentation of transfer basis

8. Data Protection Measures

8.1 Technical Measures

  • End-to-end encryption
  • Access controls
  • Regular security updates
  • Intrusion detection systems

8.2 Organizational Measures

  • Staff training
  • Access limitations
  • Security policies
  • Regular audits

9. Data Retention Periods

9.1 Active Accounts

  • Profile data: Duration of account activity
  • Messages: [Specify retention period]
  • Technical logs: [Specify retention period]

9.2 Deleted Accounts

  • Immediate deletion of visible profile
  • Backup retention: 30 days
  • Legal requirement data: As required by law

10. Automated Decision-Making

10.1 Matching Algorithm

  • Purpose and logic
  • Impact on users
  • Right to human intervention

10.2 Safety Screening

  • Automated fraud detection
  • Profile verification
  • Right to contest decisions

11. Data Breach Notification

11.1 User Notification

  • Within 72 hours of discovery
  • Description of breach impact
  • Mitigation measures taken

11.2 Supervisory Authority Notification

  • Immediate reporting of serious breaches
  • Documentation of all breaches
  • Cooperation with investigations

12. International Operations

12.1 Main Establishment

  • Primary processing location
  • Supervisory authority jurisdiction
  • Cross-border processing activities

12.2 Representative in the EU

[Details of EU Representative to be added in the near future]

13. Cookie Compliance

13.1 Essential Cookies

  • No consent required
  • Technical necessity
  • Session management

13.2 Non-Essential Cookies

  • Explicit consent required
  • Purpose explanation
  • Right to withdraw consent

14. Changes to This Policy

We reserve the right to update this GDPR Policy. Users will be notified of significant changes via:

  • In-app notifications
  • Email communications
  • Website announcements

15. Complaints and Supervisory Authority

Users have the right to lodge complaints with their local supervisory authority. For a list of supervisory authorities, please visit the European Data Protection Board website.

16. Contact Information

For all GDPR-related inquiries:

Email: support@deucetek.com

Response Time: Within 72 hours

17. Documentation and Accountability

We maintain detailed records of processing activities as required by Article 30 of the GDPR, available upon request to supervisory authorities.