Privacy Policy
Last updated: February 10, 2026
1. Introduction
Aparto ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at aparto.io.
2. Data Controller
The data controller is Aparto, operated by Bojan Maric, based in Bosnia and Herzegovina. For payment processing, Paddle.com acts as the Merchant of Record and has its own privacy policy for billing-related data.
3. Information We Collect
We collect information you provide directly: account information (name, email, password), property details (names, descriptions, photos, pricing), guest inquiry data (name, email, phone, message), and payment information (processed by Paddle — we do not store credit card details). We also collect automatically: usage data (pages visited, features used), device information (browser type, operating system), and IP address and approximate location.
4. How We Use Your Information
We use your information to: provide and maintain our services, generate your property website, process AI translations and color extraction, send service-related notifications, process payments through Paddle, improve our platform, and comply with legal obligations.
5. AI Processing
We use OpenAI GPT-4 for content translations and description generation. Your property descriptions may be sent to OpenAI's API for processing. We use node-vibrant for AI color extraction from your uploaded images — this processing happens on our servers and no image data is sent to third parties for this purpose.
6. Data Sharing
We share data with: Paddle.com (payment processing — as Merchant of Record), OpenAI (content translation — property descriptions only), hosting providers (Vercel/VPS for website hosting), and Cloudflare (CDN and DNS services). We do NOT sell your personal data to third parties. We do NOT share guest inquiry data with anyone except the property owner who received the inquiry.
7. Guest Data
When guests submit inquiries through your Aparto website, their data (name, email, phone, message) is stored on our platform and made available to you, the property owner. As a property owner, you are responsible for handling guest data in compliance with applicable privacy laws. We do not use guest data for marketing purposes.
8. Data Retention
Account data is retained for the lifetime of your account plus 90 days after cancellation. Property and booking history data is retained for as long as your account is active. Guest inquiry data is retained for as long as the property owner's account is active. You can request deletion of specific data at any time by contacting us.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including: encrypted connections (HTTPS/TLS), secure password hashing, access controls and authentication, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. Cookies
We use essential cookies for: authentication and session management, language preferences, and security (CSRF protection). We do not use advertising or tracking cookies. Third-party services (Paddle, Cloudflare) may set their own cookies as described in their respective privacy policies.
11. Your Rights
You have the right to: access your personal data, correct inaccurate data, request deletion of your data, export your data in a portable format, object to processing of your data, and withdraw consent at any time. To exercise these rights, contact us at info@aparto.io.
12. International Transfers
Your data may be processed in countries outside Bosnia and Herzegovina, including the United States (for AI processing via OpenAI) and the European Union (for hosting and payment processing). We ensure appropriate safeguards are in place for any international data transfers.
13. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we learn that we have collected data from a child, we will delete it promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The latest version will always be available at aparto.io/privacy.
15. Contact
For privacy-related questions or to exercise your rights, contact us at: info@aparto.io