Skip to main content

Last updated: April 8, 2026

GDPR and your data rights

Aperion is committed to GDPR compliance. This page explains your rights under the General Data Protection Regulation (EU) 2016/679 and the UK GDPR, and how to exercise them. If you have any questions about how we handle your data, please read our Privacy Policy alongside this page.

Data controller

Aperion is the data controller for personal data processed in connection with your account and use of the service. If you have questions about your data or wish to exercise your rights, contact us at privacy@aperion.app. For EU residents, our Data Protection Officer can be reached at the same address.

Your rights under GDPR

Right of access (Article 15)

You have the right to request a copy of all personal data we hold about you, along with information about how it is used. We will respond within 30 days of receiving a verified request. To make a request, email privacy@aperion.app with "GDPR Request - Access" in the subject line.

Right to rectification (Article 16)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it. You can update most account data directly in your account settings. For data you cannot update yourself, contact us at privacy@aperion.app.

Right to erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purpose for which it was collected
  • You withdraw consent and there is no other lawful basis for processing
  • You object to processing and we have no overriding legitimate interest
  • The data was unlawfully processed

Please note that we may retain some data where we have a legal obligation to do so - for example, financial records required by tax law.

Right to restrict processing (Article 18)

You can request that we temporarily restrict the processing of your personal data while a complaint or dispute is being investigated, or if you contest the accuracy of your data. During a restriction, we may still store your data but will not process it further without your consent except where required by law.

Right to data portability (Article 20)

Where processing is based on your consent or on contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON). You may also request that we transmit your data directly to another service provider where technically feasible.

Right to object (Article 21)

You can object at any time to the processing of your personal data based on our legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop immediately. Where you object to processing based on legitimate interests, we will stop unless we can demonstrate compelling legitimate grounds that override your interests.

Rights related to automated decision-making (Article 22)

Aperion does not make automated decisions that produce legal or similarly significant effects on individuals. Our AI analysis produces advisory reports only, and all significant decisions - such as account suspension - are reviewed by a human.

Lawful basis for processing

  • Contract - processing your account data and website monitoring data to deliver the service you have subscribed to
  • Legitimate interests - security monitoring, fraud prevention, abuse detection, and product analytics to improve the service
  • Legal obligation - retaining financial and compliance records as required by law
  • Consent - marketing communications; you can withdraw consent at any time by unsubscribing or contacting us

International data transfers

Aperion stores data on infrastructure operated by our cloud providers. Where data is transferred outside the EU/EEA - for example to US-based AI providers such as OpenAI or Anthropic for page analysis - we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or another lawful transfer mechanism that applies at the time of transfer. Only page content submitted for monitoring is shared with AI providers; account and payment data is not transferred for this purpose.

Data retention

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law. Our full retention schedules are set out in our Privacy Policy. In summary:

  • Account data is deleted within 30 days of account closure
  • Website monitoring data is retained for 12 months then automatically purged
  • Financial records are retained for 7 years

How to exercise your rights

To make any data subject request, email privacy@aperion.app with "GDPR Request" in the subject line. Please include:

  • Your full name and the email address associated with your account
  • The specific right you wish to exercise
  • Any relevant details to help us locate your data

We will verify your identity before processing the request and respond within 30 days. For complex or multiple requests, we may extend this period to 90 days and will notify you accordingly. There is no charge for making a request unless it is manifestly unfounded or excessive.

Supervisory authority

If you are not satisfied with how we have handled your data or responded to a request, you have the right to lodge a complaint with your national data protection authority. Key authorities include:

  • United Kingdom - Information Commissioner's Office (ICO): ico.org.uk
  • Ireland - Data Protection Commission (DPC): dataprotection.ie
  • Germany - your state's Landesdatenschutzbehorde (state data protection authority)
  • France - Commission Nationale de l'Informatique et des Libertes (CNIL): cnil.fr

We would always appreciate the opportunity to address your concerns directly before you contact a supervisory authority, but this is entirely your choice.

Contact

For all GDPR and data protection enquiries, contact us at privacy@aperion.app.