Privacy policy
As of: June 2026. This policy applies to the “AskAlva – Your dating coach” service at askalva.net.
1. Privacy at a glance
The following notes provide a simple overview of what happens to your personal data when you visit and use this website. Personal data is any data by which you can be personally identified. You will find detailed information in the following sections of this policy.
Who is responsible? Data processing is carried out by the website operator (see section 3, “Controller”). How do we collect your data? On the one hand, because you provide it to us (e.g. when registering, uploading a screenshot or in a form). On the other hand, automatically when you visit the site, via our IT systems (mainly technical data such as the browser, operating system or time of the visit). What do we use your data for? To provide the service without errors, to carry out the analysis and coaching you request, to perform the contract and — only with your consent — to analyse the use of the site.
2. Hosting
We host the content of this website externally. The personal data collected on this site is stored on the servers of the hosting provider (mainly IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses). External hosting is carried out for the purpose of performing the contract towards our customers (Art. 6(1)(b) GDPR) and in the interest of a secure and efficient provision (Art. 6(1)(f) GDPR).
Hosting provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA – Privacy policy. A data processing agreement is in place with Vercel. Vercel is certified under the EU-US Data Privacy Framework (DPF); the transfer to the USA takes place on this basis.
3. General information and mandatory disclosures
Controller
Online Experten Eins GmbH
Luise-Ullrich-Str. 20, 80636 München, Germany
Represented by the managing directors Artur Schmidt and Florian Tillmann
Phone: +49 (0)89 / 12 50 37 89 · Email: info@dating-insider.net
The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.
Retention period
Unless a more specific retention period is stated within this policy, your personal data remains with us until the purpose of processing no longer applies. If you make a legitimate request for erasure or withdraw your consent, your data will be deleted, unless other legally permissible grounds (e.g. tax or commercial retention periods) prevent this.
Legal bases
Where you have given your consent, we process data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (for special categories of data) as well as § 25(1) TDDDG (access to your device). Consent given can be withdrawn at any time. For transfers to third countries on the basis of your consent, Art. 49(1)(a) GDPR also applies. Where data is required to perform the contract or for pre-contractual measures, Art. 6(1)(b) GDPR applies; to fulfil legal obligations, Art. 6(1)(c) GDPR; otherwise, where applicable, our legitimate interest (Art. 6(1)(f) GDPR). The legal basis applicable in each case is stated in the respective sections.
Recipients and processors
We only pass on personal data where this is necessary to perform the contract, where we are legally obliged to, where there is a legitimate interest or where another legal basis permits it. Where processors are used, valid data processing agreements are in place. For transfers to the USA, appropriate safeguards apply (EU standard contractual clauses or a certification under the EU-US Data Privacy Framework). You will find an overview of the service providers used in sections 4 to 9.
Withdrawal, objection and other rights
You can withdraw consent given at any time with effect for the future. You have — within the legal limits — the right to access, rectification, erasure, restriction of processing and data portability.
Where data processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time to the processing for reasons arising from your particular situation; this also applies to profiling based on those provisions (Art. 21(1) GDPR). If your data is processed for direct marketing purposes, you have the right to object at any time to such processing (Art. 21(2) GDPR).
You have a right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement. For any matter relating to your data, please write to: info@dating-insider.net.
Automated processing and profiling
To provide the service, we analyse the content you upload automatically with AI and develop your coaching profile. No decision based solely on automated processing within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you takes place — the results are non-binding suggestions and assistance. Insofar as we form audiences in the context of advertising (profiling, see section 8), this is done exclusively on the basis of your consent; your right to object under Art. 21 GDPR remains unaffected.
SSL / TLS encryption
For security reasons and to protect the transmission of confidential content, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the “https://” in the address bar and by the padlock symbol in your browser.
4. Data collection on this website
Cookies and consent
We only use technically necessary storage (e.g. an httpOnly access cookie as well as local browser storage for your log-in and your profile). Necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. An optional, anonymous audience measurement (see section 7) as well as any marketing services (see section 8) take place exclusively after your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG). You manage your consent via our consent banner; it can be withdrawn at any time. Your uploaded screenshots are never used for tracking.
Server log files
The provider of the pages automatically collects and stores information in server log files that your browser transmits automatically (browser type and version, operating system, referrer URL, host name, time of the server request, IP address). This data is not combined with other data sources. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in a technically error-free and secure provision).
Registration and account
To use the service you create an account. Log-in is by email address and one-time code or access link (no password, no registration via third-party networks). For this we process your email address to provide access and for service messages. The legal basis is Art. 6(1)(b) GDPR (contract). The data is stored until you delete your account.
Contact and enquiry forms
If you contact us via a form or by email/phone, your details, including contact data, are stored to handle the enquiry and for follow-up questions. We do not pass on this data without your consent. The legal basis is Art. 6(1)(b) GDPR (where the enquiry relates to a contract), otherwise our legitimate interest in effective handling (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR). The data remains until the purpose no longer applies or you request erasure; statutory retention periods remain unaffected.
Uploaded screenshots and AI analysis
The core of the service is the analysis of images (profiles/chats) that you upload voluntarily. These images are processed exclusively for the duration of the analysis and are not stored permanently on our servers (no storage after the response has been generated). Processing is carried out at your instigation to provide the service (Art. 6(1)(b) GDPR). Insofar as the content may include special categories of personal data (Art. 9(1) GDPR, e.g. inferences about sexual life), processing is carried out on the basis of your explicit consent (Art. 9(2)(a) GDPR).
Important: screenshots may contain data of third parties (e.g. your chat partner). Only upload content you are authorised to. We recommend obscuring other people’s faces and names before uploading. For the specific processing by our AI and security providers, see section 5.
Coaching profile (“My style”)
The details in “My style” (e.g. region, goal, writing style, writing samples) as well as automatically learned facts are stored in your browser and in our database, so that your profile is available across devices (Art. 6(1)(b) GDPR). You can delete this data completely at any time (by removing entries in “My style” or logging out).
5. AI and security providers
We use carefully selected processors. Data processing agreements are in place with them; for transfers to third countries (USA), appropriate safeguards apply (EU standard contractual clauses).
Anthropic (AI analysis)
To analyse your uploads and for the coaching functions we use the AI services of Anthropic PBC, 548 Market St, PMB 90375, San Francisco, CA 94104, USA. The transmitted content is processed in real time and is not used to train the AI models; no permanent storage of the images takes place on our part. Legal basis: Art. 6(1)(b) GDPR or Art. 9(2)(a) GDPR. Transfer to the USA on the basis of the EU standard contractual clauses. Privacy.
Supabase (account and coaching profile)
For registration, log-in and the storage of the account and coaching profile we use Supabase. The data is stored in a data centre in the EU (Ireland). Legal basis: Art. 6(1)(b) GDPR. Privacy.
Google Cloud Vision (scam protection: reverse image search)
As part of scam protection, we check uploaded profile photos using Google Cloud Vision (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, USA) to determine whether they are stolen or stock photos. For this, the images are only processed briefly and are not stored permanently. Legal basis: Art. 6(1)(f) GDPR (protection against fraud) or your consent. Google is certified under the EU-US Data Privacy Framework (DPF); the transfer to the USA takes place on this basis. Privacy.
Sightengine (scam protection: detection of AI-generated photos)
To detect AI-generated or manipulated photos we use Sightengine SAS (France). Processing takes place on servers in the EU (France); the images are not stored permanently. Legal basis: Art. 6(1)(f) GDPR (protection against fraud). Privacy.
Upstash (protection against abuse / rate limiting)
To protect our service against overload, spam and abuse we use Upstash (Redis) to limit the request frequency. In this process your IP address is briefly processed. Legal basis: Art. 6(1)(f) GDPR (security and stability of the service). Privacy.
6. Newsletter and email delivery (Brevo)
For sending access, service and — where you have consented — newsletter emails we use Brevo (Sendinblue GmbH, Cologne, Germany; server location in the EU). If you wish to receive the newsletter, we need your email address and a confirmation that you are the owner of the address and agree to receive it (double opt-in procedure). The legal basis for the newsletter is your consent (Art. 6(1)(a) GDPR), and for transactional service emails Art. 6(1)(b) GDPR. You can unsubscribe from the newsletter at any time via the “Unsubscribe” link; the unsubscribed address may be stored on a block list to prevent future mailings (Art. 6(1)(f) GDPR). Privacy.
7. Web analytics (PostHog)
To improve the service we use — only with your consent — an anonymous audience and usage measurement with PostHog (server location in the EU). Anonymised events are recorded (e.g. “analysis carried out”). The legal basis is your consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG); you can withdraw it at any time. Privacy.
8. Marketing and conversion tracking
Insofar as we display advertising and measure its success, we use the following services. These load scripts and set cookies or similar technologies only after your explicit consent via the consent banner (Art. 6(1)(a) GDPR, § 25(1) TDDDG). Without consent, no processing by these services takes place. Your consent can be withdrawn at any time with effect for the future. For transfers to the USA, Meta and Google are certified under the EU-US Data Privacy Framework (DPF); the transfer takes place on this basis.
- Meta Pixel, Meta Conversion API and Custom Audiences (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) – measurement of advertising conversions and formation of audiences for advertising on Facebook and Instagram. Privacy.
- Google Ads, incl. conversion tracking and remarketing (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) – measurement of advertising conversions and delivery of advertising in the Google advertising network. Privacy.
9. E-commerce and payment provider (Stripe)
We collect, process and use personal customer and contract data to establish, structure and amend our contractual relationships (e.g. the Pro subscription). The legal basis is Art. 6(1)(b) GDPR. Payment processing is carried out exclusively via the payment provider Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Dublin, Ireland). We do not receive full card data, only the subscription or payment status. Privacy. Collected customer data is deleted once statutory retention periods have expired.
10. Affiliate links
In the “Tips” section we link to dating providers. These links are advertising; if you sign up, we may receive a commission. This involves no additional cost to you. When you click, you are redirected to the page of the respective provider, whose privacy policy applies.
11. Minors
The service is aimed exclusively at adults (at least 18 years). We do not knowingly collect data from minors. If we become aware of this, we delete the relevant data immediately.
12. Data security
We take appropriate technical and organisational measures (including encryption of the transmission, access protection via row-level security, secret keys exclusively on the server). However, according to the state of the art, 100% security of data transmission over the internet cannot be guaranteed.