Privacy Policy

Effective from February 20, 2026

1. Introductory Provisions

The data controller is Apure s.r.o., with its registered office at Mikovíniho 1624/11, 831 02 Bratislava – Nové Mesto, Company ID: 57 431 531 (hereinafter referred to as "Controller").

This Privacy Policy informs data subjects about what personal data the Controller collects, for what purpose it is processed, on what legal basis, to whom it may be disclosed, and what rights data subjects have. This Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection.

Contact for personal data protection inquiries: privacy@seeki.eu

2. What Data We Collect

2.1 Data Provided by the User

When using the Platform, we collect data that the user voluntarily provides:

  • Registration data: name, email address, login credentials (password in encrypted form).
  • Listing data: property information, photographs, advertiser contact details.
  • Communications: messages sent through the Platform, support requests, feedback.
  • Search preferences: location, property type, price range, other criteria.
  • Saved data: favorite listings, saved searches, monitoring agent settings.

2.2 Automatically Collected Data

When visiting the Platform, we automatically collect certain technical and operational data:

  • Device data: browser type, operating system, screen resolution.
  • Usage data: visited pages, used features, search queries.
  • Location data: approximate geographic location based on IP address.
  • Log data: access times, referring URLs, error logs.

2.3 Data from AI Interactions

When using the AI Assistant, we process text queries entered by the user, responses generated by the AI Assistant, and interaction metadata. The content of conversations with the AI Assistant may be processed by the AI technology provider (OpenAI).

2.4 Data Processed via Third-Party AI Integrations

When using Seeki through ChatGPT or other AI assistant integrations, the following additional data may be processed:

  • Phone number: provided voluntarily for agent contact and SMS notification delivery.
  • Notification preferences: email, SMS, price drop, and new listing alert settings stored as part of your user profile.
  • Authentication tokens: session credentials required for interactive widget functionality within the AI assistant. These tokens are transmitted through the AI provider's infrastructure to enable real-time features such as saving favorites and managing listings.
  • Database connection parameters: technical identifiers required for widget rendering within the AI assistant interface.
  • Listing analytics: aggregate view counts, favorite counts, and message counts for the user's own published listings.

3. Purpose of Processing

We process personal data for the following purposes:

  • Service provision – operating the Platform, displaying listings, managing accounts, facilitating AI search.
  • Personalization – adapting content and recommendations based on user preferences.
  • Security – protecting the Platform against misuse, fraud, and cyber threats.
  • Analytics – analyzing Platform usage for the purpose of improving services.
  • Communication – sending service notifications, responses to requests, and (with consent) marketing messages.
  • Fulfillment of legal obligations – meeting legal requirements, maintaining records.

4. Legal Basis for Processing

We process personal data on the following legal bases in accordance with Article 6(1) of the GDPR:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary for the performance of a contract with the user – registration and account management, providing Platform functions, processing and displaying listings.
  • Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for the purposes of the legitimate interests of the Controller – security and protection of the Platform, analytics and service improvement, fraud prevention.
  • Consent (Art. 6(1)(a) GDPR): Processing based on the explicit consent of the user – sending marketing messages, use of analytics cookies. Consent can be withdrawn at any time.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with a legal obligation of the Controller (e.g., accounting and tax regulations).

5. Sharing Data with Third Parties

We may share personal data with trusted service providers (processors) who assist us in operating the Platform. All processors are contractually bound to process data exclusively in accordance with our instructions and in compliance with the GDPR. The Controller does not sell personal data and does not provide it to third parties for their own marketing purposes.

  • Supabase – hosting, database, authentication (EU, Frankfurt, Germany)
  • OpenAI – AI assistant, language query processing (USA, with appropriate safeguards)
  • Sentry – error and performance monitoring (EU)
  • Google Analytics – web analytics, only with consent (USA, with appropriate safeguards)
  • Cloudflare – content delivery, edge computing, worker hosting (global network, GDPR-compliant)
  • Brevo (Sendinblue) – transactional email and SMS delivery (EU)

6. International Data Transfers

The majority of personal data is stored and processed on servers in the European Union (Frankfurt, Germany).

In cases where data is transferred to the USA (OpenAI, Google Analytics), we ensure appropriate safeguards in accordance with Chapter V of the GDPR, in particular through the EU-US Data Privacy Framework and standard contractual clauses approved by the European Commission.

7. Rights of the Data Subject

In accordance with the GDPR and Act No. 18/2018 Coll., you have the following rights:

  • Right of access: You have the right to obtain confirmation as to whether your personal data is being processed, and if so, to access that data.
  • Right to rectification: You have the right to request the correction of inaccurate or the completion of incomplete personal data.
  • Right to erasure: You have the right to request the erasure of your personal data if one of the conditions set out in Article 17 of the GDPR is met.
  • Right to restriction of processing: You have the right to request the restriction of processing of your personal data in the cases set out in Article 18 of the GDPR.
  • Right to data portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
  • Right to object: You have the right to object to the processing of your personal data that is based on legitimate interest or is carried out for direct marketing purposes.

We will respond to your requests within 30 days at the latest. If you believe that the processing of your personal data is in breach of the GDPR, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, https://dataprotection.gov.sk.

8. Cookies and Tracking Technologies

The Platform uses essential cookies to ensure proper functioning (localization, login status, security tokens) – no consent is required for these. Analytics cookies (Google Analytics 4) are stored only with the explicit consent of the user. Marketing cookies are not currently used.

The user can change their cookie preferences at any time through the settings on the Platform or through browser settings.

9. Data Security

The Controller implements appropriate technical and organizational measures to protect personal data:

  • Encryption: TLS 1.3 for all communication between the user and the server. AES-256 for data in the database.
  • Access control: Strict role-based access control (RBAC) to personal data. Access minimization on a need-to-know basis.
  • Incident response: An established security incident response plan. Notification to the supervisory authority within 72 hours and notification of affected data subjects in case of high risk.

10. Data Retention

We retain personal data only for the period necessary to fulfill the purpose of processing:

  • Account data: for the duration of the account + 30 days after deletion.
  • Listings: for the duration of publication + 90 days after removal.
  • Logs and security records: 12 months.
  • Analytics data: 26 months (anonymized).
  • Accounting and tax documents: 10 years (legal obligation).
  • After account deletion, personal data will be erased in accordance with the above periods, except for data whose retention is required by applicable laws.

11. Contact Information

If you have any questions, requests, or complaints regarding the processing of personal data, you can contact us:

Email: privacy@seeki.eu

Postal address: Apure s.r.o., Mikovíniho 1624/11, 831 02 Bratislava – Nové Mesto

Supervisory authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, https://dataprotection.gov.sk

Email: privacy@seeki.eu

We use cookies to improve your experience on our site. Privacy Policy