Privacy Policy

The controller of your personal data is:

• Aplicorn d.o.o.
• Registered office: Ljubljana, Slovenia
• Privacy contact: [email protected]

We collect only the data we need to run the site and respond to you:

• Contact data: Email address you submit to our waitlist, demo request, or contact forms; any name or message you include.
• Technical data: IP address (truncated where possible), user-agent, referrer, approximate location (country/region), and timestamps — used for security, abuse prevention, and aggregated analytics.
• Usage data: Pages you visit, links you click, time on page, and similar interaction data — only if you consent to analytics cookies.

We use your personal data for the following purposes:

• To operate and secure aplicorn.com and protect it from abuse.
• To respond to enquiries, sales requests, and waitlist signups.
• To measure how visitors use the site so we can improve it (with your consent).
• To measure the performance of our advertising campaigns (with your consent).

Each processing activity has a lawful basis under Article 6 GDPR:

• Consent (Art. 6(1)(a)): For analytics and marketing cookies, and for sending you marketing emails. You can withdraw consent at any time with no effect on prior processing.
• Contract (Art. 6(1)(b)): To take steps at your request before entering into a contract — for example, to follow up on a demo request.
• Legitimate interest (Art. 6(1)(f)): To keep the site secure, prevent fraud and abuse, and keep basic server logs. We balance our interest against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)): To comply with Slovenian and EU law — for example, tax, accounting, and regulatory requirements.

We group cookies into three categories. Only strictly necessary cookies are set before you make a choice.

• Strictly necessary: Required for the site to function — load balancing, security, and storing your cookie preferences.
• Analytics: Google Analytics 4, Google Tag Manager, Microsoft Clarity, Hotjar, Segment. Activated only after you grant analytics consent.
• Marketing: Meta Pixel, LinkedIn Insight Tag, TikTok Pixel. Activated only after you grant marketing consent.

You can withdraw or change your cookie choice at any time using the "Cookie settings" link in the footer.

We share personal data only with processors acting under a written data processing agreement:

• Cloud hosting providers (EU regions — Frankfurt primary, Warsaw replica).
• Analytics providers (Google, Microsoft, Hotjar, Segment) — only with analytics consent.
• Advertising platforms (Meta, LinkedIn, TikTok) — only with marketing consent.
• Email delivery, CRM and helpdesk providers used to respond to you.

A current list of sub-processors is available on request.

We host customer data inside the European Union. Some analytics and advertising providers are established in the United States. Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses and additional safeguards where required.

We keep personal data only as long as necessary for the purpose for which it was collected:

• Waitlist and contact form data: up to 24 months after the last interaction, unless you ask us to delete it earlier.
• Security and access logs: up to 12 months.
• Consent records: retained as long as the consent is valid plus the statutory limitation period.

You have the following rights concerning your personal data:

• Right of access — ask for a copy of the data we hold about you.
• Right to rectification — ask us to correct inaccurate data.
• Right to erasure — ask us to delete your data when it is no longer necessary.
• Right to restrict processing — ask us to limit how we use your data in specific cases.
• Right to data portability — receive your data in a common machine-readable format.
• Right to object — object to processing based on legitimate interest or direct marketing.
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing.
• Right to lodge a complaint with the Information Commissioner of the Republic of Slovenia (ip-rs.si) or another supervisory authority.

To exercise any of these rights, write to [email protected]. We will respond within one month.

We protect personal data with encryption in transit and at rest, role-based access controls, audit logging, regular vulnerability scanning, and staff training. Access to personal data is limited to employees and processors who need it to do their job.

We may update this Privacy Policy from time to time. The "last updated" date at the top reflects the latest revision. Material changes will be announced on this page before they take effect.