Last updated: 2026-07-08
This Privacy Policy ("Policy") describes how E-Raiden collects, uses, shares and protects users' personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.
1. Data Controller
The Data Controller for the processing of personal data is:
GiBSeS OÜ
Juhkentali tn 8, Kesklinna linnaosa, 10132 Tallinn, Estonia
Registrikood: 17231761
VAT: not yet registered (pre-threshold regime, §19 Estonian VAT Act)
Email: privacy@gibses.com
2. Data Collected
E-Raiden collects the following categories of personal data:
2.1 Data provided directly by the user
- Registration data: email address, password (hashed), name, date of birth, gender
- Profile data: photos, personal description, interests, search preferences
- Messages: content of conversations between users
- Reports: information provided through reports or support requests
2.2 Data collected automatically
- Location data: approximate geographic location (if authorized by the user)
- Device data: device type, operating system, browser, unique identifiers
- Usage data: pages visited, features used, session times
- IP address: used for security and fraud prevention
- Cookies and similar technologies: as described in our Cookie Policy.
2.3 Special categories of data
E-Raiden may process special-category data (Art. 9 GDPR) relating to sexual orientation, relationship intent and religious beliefs — and to dietary choices (e.g. halal/kosher) that may reveal them — as they are relevant to a dating service. Processing of these special categories is based on the user's explicit consent (Art. 9(2)(a) GDPR). Every such field is optional and offers a 'prefer not to say' option, so disclosure is never required, and consent can be withdrawn at any time by clearing the field in your profile.
3. Purposes of Processing
Personal data is processed for the following purposes:
- Service provision: creating and managing the account, matching between users, displaying profiles
- Communication: sending Service-related notifications, user messages, support communications
- Security: fraud prevention, age verification (18+), content moderation, detection of abusive behaviour
- Service improvement: anonymous statistical analysis, research and development of new features
- Advertising (with consent only): sending promotional communications, personalized ads via Google AdSense
- Legal obligations: compliance with legal, tax or regulatory obligations
- Premium subscription: managing the optional paid ad-free subscription and related billing
4. Legal Basis
The processing of personal data is based on the following legal grounds under Article 6 GDPR:
- Performance of a contract (Art. 6(1)(b)): processing is necessary for the provision of the Service requested by the user
- Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)): for special-category data (sexual orientation, relationship intent, religion), geolocation and personalised advertising. Special-category fields are optional and consent is given when the field is completed in the profile (not at registration); it can be withdrawn at any time by clearing the field.
- Legitimate interest (Art. 6(1)(f)): for the security of the Service, fraud prevention and Service improvement
- Legal obligation (Art. 6(1)(c)): to comply with regulatory obligations
5. Data Recipients
Personal data may be shared with:
- Other users: profile information publicly visible to other users of the Service
- Service providers: hosting providers, email services, analytics services, payment processors
- Advertising partners: ads are served in two modes — personalised (STANDARD tier, only with consent, e.g. Google AdSense) or contextual and non-profiling (PRIVACY tier). Consent is collected via an IAB TCF-compliant consent management platform (CMP). Premium users see no ads.
- Competent authorities: when required by law or to protect E-Raiden's rights or user safety
- Stripe: payment processor for the Premium subscription (billing data)
All service providers are bound by contractual agreements that ensure an adequate level of personal data protection (Data Processing Agreement under Art. 28 GDPR).
6. Transfers Outside the EU
Some of our service providers may be located outside the European Economic Area (EEA). In such cases, data transfers take place on the basis of:
- European Commission adequacy decisions
- Standard Contractual Clauses (SCC) approved by the European Commission
- EU-US Data Privacy Framework (for transfers to the United States)
Users may request a copy of the safeguards adopted by contacting the DPO at the address indicated in section 10.
7. Retention Period
Personal data is retained only for the period strictly necessary to achieve the purposes for which it was collected:
| Type of Data | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Messages | Until account deletion |
| Profile photos | Until account deletion + 7 days |
| Location data | Updated each session, not stored historically |
| Security logs | 12 months |
| Tax/accounting data | 7 years (legal obligation – Estonia) |
8. User Rights
In accordance with the GDPR, users have the following rights:
- Right of access (Art. 15): obtain confirmation of processing and access their data
- Right of rectification (Art. 16): correct inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of their data ("right to be forgotten")
- Right to data portability (Art. 20): receive their data in a structured, commonly used and machine-readable format
- Right to object (Art. 21): object to processing for direct marketing purposes
- Right to restriction (Art. 18): request restriction of processing in specific circumstances
- Right to withdraw consent: withdraw consent at any time, without affecting the lawfulness of prior processing
To exercise your rights, visit the GDPR Rights page or contact the DPO.
You also have the right to lodge a complaint with the competent supervisory authority, in Estonia the Eesti Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate, www.aki.ee), or with the authority of the EU Member State of your residence (e.g. Garante per la Protezione dei Dati Personali in Italy, www.garanteprivacy.it).
9. Cookies
E-Raiden uses cookies and similar technologies for the operation of the Service, traffic analysis and ad personalization. For detailed information on the cookies used, their purposes and how to manage them, please see our Cookie Policy.
10. DPO Contact
The E-Raiden Data Protection Officer (DPO) can be contacted using the following details:
Data Protection Officer
Email: privacy@gibses.com
Address: GiBSeS OÜ — Attn. Data Protection, Juhkentali tn 8, Kesklinna linnaosa, 10132 Tallinn, Estonia
The DPO will respond within 30 days of receipt of the request, as required by Art. 12(3) GDPR.