Asta ("we," "us," "Asta") is a dating application currently in beta testing. Your privacy is very important to us. This Privacy Policy explains what information we collect, why we collect it, how we use it, and how you can control your data.
1. Who We Are
The controller responsible for your personal data (the ‘data controller’) is Xue Wang (19920208-0066), on behalf of the Asta Beta Project. Please note that while the beta version of the project is online, we may not have completed the official AB registration process. However, it is the sole responsibility of Xue Wang in the interim. You can contact us at nicole@astaai.se
2. Where This Policy Applies
This Privacy Policy applies to websites, apps, events, beta testing, and other services operated under the Asta brand. For simplicity, we call them our “services” in this policy. If a specific service has its own privacy policy, that separate policy will apply.
Some of the information you provide (e.g., sexual orientation or lifestyle data) may be considered special category data under the GDPR. We process such data only based on your explicit consent.
Access to your photo album is used only to allow you to select images for your profile - Asta does not access or scan your photo library beyond what you choose to upload.
3. Data We Collect
We collect different categories of data to operate and improve our beta service:
3.1 Data you provide
Account Data: Name, age, gender, dating preferences (including sexual orientation), profile photos, email address, profession, education information, and date of birth.
Profile Data: Additional interests, preferences, approximate location, lifestyle details. Some of this may be considered sensitive (e.g., orientation, health, political or religious views).
Content: Photos, videos, audio, text, and chats with other users.
Purchase Data: Details about subscriptions or in-app purchases, including payment method.
Communications: Messages, reports, queries, and feedback you send.
Survey/Research Data: Feedback during beta testing, responses in surveys, or participation in events.
3.2 Data from others
Third-Party Data: Information provided by others, such as reports about your behavior.
Social Media Data: Information you choose to share from platforms like Google, Facebook, Apple, Instagram, or Spotify.
3.3 Data generated automatically
Usage Data: How you use the app, features used, log-ins, interactions, and settings.
Technical Data: Device and network details like IP address, device type, operating system, crash logs, cookies, and advertising identifiers.
3.4 Data collected with consent
Location Data: Approximate geolocation to show matches within your preferred range.
Access to photo album:
Face Geometry & ID Data: Biometric or ID information used for verification features.
4. Why We Collect and Use Your Data
We use your data to:
Create and manage your dating profile.
Connect you with other users and recommend matches.
Provide AI-generated responses, nudges, and dating suggestions.
Run features such as messaging, profile sharing, or events.
Improve and test new features during beta testing.
Keep the community safe through moderation, reporting, and blocking.
Communicate with you about updates, new features, and promotions.
Process transactions and manage subscriptions.
Comply with legal obligations and protect rights.
Legal Basis for Processing:
Consent: For processing sensitive data (e.g., sexual orientation, dating preferences) and for optional location services.
Contract: To deliver the core dating and communication services you sign up for.
Legitimate Interests: To operate, maintain, and improve the app, provide AI-based insights, ensure safety, and conduct internal analytics.
Legal Obligations: When required by law or regulatory authorities.
5. How We Share Your Data
We do not sell or trade your personal data. We may share it in the following situations:
Other Users: Information you voluntarily share on your profile or in chats.
Service Providers: Trusted vendors for hosting, analytics, AI services, customer support, and payment processing (subject to appropriate contractual safeguards, including data processing agreements when required by GDPR).
Advertising Partners: To deliver relevant ads (where legally permitted).
Affiliates: With other Asta-affiliated entities or partners to improve services and user safety.
Law Enforcement: When required to comply with legal obligations or protect user safety.
Business Transfers: In case of mergers, acquisitions, or reorganizations.
6. Data Retention
We retain your personal data only as long as necessary:
Profiles & Messages: Stored while your account is active and deleted within 30 days after account deletion.
Reports & Moderation Logs: Retained for up to 12 months to support abuse prevention and service integrity.
Analytics & Usage Data: Kept for 180 days, after which it is aggregated and anonymized.
Testing & Improvements: Data collected for testing or service improvements is retained only for as long as it is needed for that specific purpose.
Customer Support & Disputes: Certain data may be retained temporarily if required to resolve issues or handle disputes.
7. Your Rights
In line with applicable data protection laws, and subject to certain conditions and exceptions, you have the following rights:
Right to be informed: You are entitled to clear information about how we use your data. This Privacy Policy, and any direct responses we provide to your questions, serve that purpose.
Right of access: You can request a copy of the personal data we hold about you, including in a machine-readable format.
Right to rectification: You can ask us to correct or update inaccurate or incomplete information about you.
Right to erasure: You may request deletion of your personal data when it is no longer needed or when you withdraw your consent, subject to legal obligations.
Right to restrict processing: You can ask us to pause or limit how we process your data in certain circumstances (e.g., if you contest its accuracy).
Right to object / opt out: You can object to certain types of processing, such as direct marketing.
Right to lodge a complaint: You can raise concerns with your local data protection authority if you are unhappy with how we handle your data.
Right not to be subject to automated decisions: We do not make decisions about you based solely on automated processing that have significant legal or similar effects.
We aim to respond to all requests within 30 days. In some cases, this may be extended by up to two months if the request is complex, and we will let you know if that happens. Please note that certain laws may require us to keep some data even if you ask us to delete it.
We use a combination of technical and organizational measures to safeguard your information, including:
Encryption in transit (TLS).
Restricted access controls and role-based permissions.
Logged and audited access to personal data.
Regular review of security configurations and vendor compliance.
Only authorized personnel can access user data, and all data handling follows the principle of least privilege.
9. International Data Transfers
We primarily store and process your data in the European Union (EU).
However, some trusted service providers may transfer or access data from outside the EU (for example, if developers or cloud services are located abroad). Some authorized developers may access systems from outside the EU (e.g., in China) for maintenance or troubleshooting. These transfers are protected through Standard Contractual Clauses (SCCs), strict access controls, and logging.
We perform Data Protection Impact Assessments (DPIAs) for all international processing activities to evaluate and mitigate privacy risks.
Where such transfers occur, we ensure that they comply with GDPR requirements through safeguards such as:
Standard Contractual Clauses (SCCs) approved by the European Commission; or
use of EU data centers where available.
Example providers include Microsoft Azure (North Europe) and Azure OpenAI Services.
10. Subprocessors
We work with carefully selected subprocessors to provide and maintain the Asta service:
All subprocessors are subject to data processing agreements consistent with GDPR.
We maintain an up-to-date list of subprocessors in our compliance documentation. Users will be notified of any significant additions prior to use. 11. Use of Data for AI Training
During beta testing, user data is not used to train AI models.
AI features in Asta operate on existing models and only use your data to generate in-app insights and suggestions in real time. We routinely audit AI integrations to ensure no user data is exported or reused for training purposes.
If model fine-tuning or additional training is considered in the future, Asta will:
Use synthetic or fully anonymized data where possible, or
Obtain explicit user consent before any such processing.
12. Children’s Privacy
Our services are restricted to individuals 18 years or older. If you suspect someone under 18 is using the service, please report it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. If significant changes occur, we will notify you as required by law. Each update will include a version number and summary of key changes available on our website or in-app.
14. How to Contact Us
If you have any questions or requests, you can always contact us at: nicole@astaai.se
Last updated: 27th of October 2025 Version: V.1
Asta ("we," "us," "Asta") is a dating application currently in beta testing. Your privacy is very important to us. This Privacy Policy explains what information we collect, why we collect it, how we use it, and how you can control your data.
1. Who We Are
The controller responsible for your personal data (the ‘data controller’) is Xue Wang (19920208-0066), on behalf of the Asta Beta Project. Please note that while the beta version of the project is online, we may not have completed the official AB registration process. However, it is the sole responsibility of Xue Wang in the interim. You can contact us at nicole@astaai.se
2. Where This Policy Applies
This Privacy Policy applies to websites, apps, events, beta testing, and other services operated under the Asta brand. For simplicity, we call them our “services” in this policy. If a specific service has its own privacy policy, that separate policy will apply.
Some of the information you provide (e.g., sexual orientation or lifestyle data) may be considered special category data under the GDPR. We process such data only based on your explicit consent.
Access to your photo album is used only to allow you to select images for your profile - Asta does not access or scan your photo library beyond what you choose to upload.
3. Data We Collect
We collect different categories of data to operate and improve our beta service:
3.1 Data you provide
Account Data: Name, age, gender, dating preferences (including sexual orientation), profile photos, email address, profession, education information, and date of birth.
Profile Data: Additional interests, preferences, approximate location, lifestyle details. Some of this may be considered sensitive (e.g., orientation, health, political or religious views).
Content: Photos, videos, audio, text, and chats with other users.
Purchase Data: Details about subscriptions or in-app purchases, including payment method.
Communications: Messages, reports, queries, and feedback you send.
Survey/Research Data: Feedback during beta testing, responses in surveys, or participation in events.
3.2 Data from others
Third-Party Data: Information provided by others, such as reports about your behavior.
Social Media Data: Information you choose to share from platforms like Google, Facebook, Apple, Instagram, or Spotify.
3.3 Data generated automatically
Usage Data: How you use the app, features used, log-ins, interactions, and settings.
Technical Data: Device and network details like IP address, device type, operating system, crash logs, cookies, and advertising identifiers.
3.4 Data collected with consent
Location Data: Approximate geolocation to show matches within your preferred range.
Access to photo album:
Face Geometry & ID Data: Biometric or ID information used for verification features.
4. Why We Collect and Use Your Data
We use your data to:
Create and manage your dating profile.
Connect you with other users and recommend matches.
Provide AI-generated responses, nudges, and dating suggestions.
Run features such as messaging, profile sharing, or events.
Improve and test new features during beta testing.
Keep the community safe through moderation, reporting, and blocking.
Communicate with you about updates, new features, and promotions.
Process transactions and manage subscriptions.
Comply with legal obligations and protect rights.
Legal Basis for Processing:
Consent: For processing sensitive data (e.g., sexual orientation, dating preferences) and for optional location services.
Contract: To deliver the core dating and communication services you sign up for.
Legitimate Interests: To operate, maintain, and improve the app, provide AI-based insights, ensure safety, and conduct internal analytics.
Legal Obligations: When required by law or regulatory authorities.
5. How We Share Your Data
We do not sell or trade your personal data. We may share it in the following situations:
Other Users: Information you voluntarily share on your profile or in chats.
Service Providers: Trusted vendors for hosting, analytics, AI services, customer support, and payment processing (subject to appropriate contractual safeguards, including data processing agreements when required by GDPR).
Advertising Partners: To deliver relevant ads (where legally permitted).
Affiliates: With other Asta-affiliated entities or partners to improve services and user safety.
Law Enforcement: When required to comply with legal obligations or protect user safety.
Business Transfers: In case of mergers, acquisitions, or reorganizations.
6. Data Retention
We retain your personal data only as long as necessary:
Profiles & Messages: Stored while your account is active and deleted within 30 days after account deletion.
Reports & Moderation Logs: Retained for up to 12 months to support abuse prevention and service integrity.
Analytics & Usage Data: Kept for 180 days, after which it is aggregated and anonymized.
Testing & Improvements: Data collected for testing or service improvements is retained only for as long as it is needed for that specific purpose.
Customer Support & Disputes: Certain data may be retained temporarily if required to resolve issues or handle disputes.
7. Your Rights
In line with applicable data protection laws, and subject to certain conditions and exceptions, you have the following rights:
Right to be informed: You are entitled to clear information about how we use your data. This Privacy Policy, and any direct responses we provide to your questions, serve that purpose.
Right of access: You can request a copy of the personal data we hold about you, including in a machine-readable format.
Right to rectification: You can ask us to correct or update inaccurate or incomplete information about you.
Right to erasure: You may request deletion of your personal data when it is no longer needed or when you withdraw your consent, subject to legal obligations.
Right to restrict processing: You can ask us to pause or limit how we process your data in certain circumstances (e.g., if you contest its accuracy).
Right to object / opt out: You can object to certain types of processing, such as direct marketing.
Right to lodge a complaint: You can raise concerns with your local data protection authority if you are unhappy with how we handle your data.
Right not to be subject to automated decisions: We do not make decisions about you based solely on automated processing that have significant legal or similar effects.
We aim to respond to all requests within 30 days. In some cases, this may be extended by up to two months if the request is complex, and we will let you know if that happens. Please note that certain laws may require us to keep some data even if you ask us to delete it.
We use a combination of technical and organizational measures to safeguard your information, including:
Encryption in transit (TLS).
Restricted access controls and role-based permissions.
Logged and audited access to personal data.
Regular review of security configurations and vendor compliance.
Only authorized personnel can access user data, and all data handling follows the principle of least privilege.
9. International Data Transfers
We primarily store and process your data in the European Union (EU).
However, some trusted service providers may transfer or access data from outside the EU (for example, if developers or cloud services are located abroad). Some authorized developers may access systems from outside the EU (e.g., in China) for maintenance or troubleshooting. These transfers are protected through Standard Contractual Clauses (SCCs), strict access controls, and logging.
We perform Data Protection Impact Assessments (DPIAs) for all international processing activities to evaluate and mitigate privacy risks.
Where such transfers occur, we ensure that they comply with GDPR requirements through safeguards such as:
Standard Contractual Clauses (SCCs) approved by the European Commission; or
use of EU data centers where available.
Example providers include Microsoft Azure (North Europe) and Azure OpenAI Services.
10. Subprocessors
We work with carefully selected subprocessors to provide and maintain the Asta service:
All subprocessors are subject to data processing agreements consistent with GDPR.
We maintain an up-to-date list of subprocessors in our compliance documentation. Users will be notified of any significant additions prior to use. 11. Use of Data for AI Training
During beta testing, user data is not used to train AI models.
AI features in Asta operate on existing models and only use your data to generate in-app insights and suggestions in real time. We routinely audit AI integrations to ensure no user data is exported or reused for training purposes.
If model fine-tuning or additional training is considered in the future, Asta will:
Use synthetic or fully anonymized data where possible, or
Obtain explicit user consent before any such processing.
12. Children’s Privacy
Our services are restricted to individuals 18 years or older. If you suspect someone under 18 is using the service, please report it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. If significant changes occur, we will notify you as required by law. Each update will include a version number and summary of key changes available on our website or in-app.
14. How to Contact Us
If you have any questions or requests, you can always contact us at: nicole@astaai.se
