Data Processing Agreement
Last updated: 15 June 2026
1. Parties
This Data Processing Agreement ("DPA") forms part of the contract for the use of FruityDate between you ("Data Subject") and Sparkle5, LLC ("Controller"), and supplements the Privacy Policy.
2. Subject Matter
The Controller processes personal data — profile information, photos, messages, and technical/usage data — to provide and operate the FruityDate dating service.
3. Legal Basis (GDPR Art. 6)
- Contract performance — registration, matching, messaging, payment processing.
- Legitimate interest — fraud prevention, abuse detection, aggregate self-hosted analytics.
- Consent — optional marketing emails (you may withdraw at any time).
- Legal obligation — retention of payment records, response to lawful authority requests.
4. Processors and Sub-processors
| Processor | Purpose | Location | Data shared |
|---|---|---|---|
| Hetzner Online GmbH | Application hosting + object storage | Germany (EU) | All persisted data |
|
Stripe, Inc. (USA — our contracting entity) Routes through regional Stripe affiliates as needed for settlement: Stripe Payments Europe Ltd (Ireland) for EU/EEA cards, Stripe Payments UK Ltd, Stripe Payments Canada Ltd, Stripe Payments Australia Pty Ltd, Stripe Singapore Pte. Ltd, etc. |
Card & subscription billing worldwide; fraud prevention (Stripe Radar); KYC/AML | USA primary; routed through the cardholder's regional Stripe affiliate for settlement | Cardholder name; tokenised card details (the raw PAN is handled by Stripe Elements — we never see or store it); billing & shipping address; IP address; device fingerprint (Radar); 3D-Secure / PSD2-SCA data |
| Sergel Kredittjenester AS | Mobile direct-carrier billing (Sweden only) | Norway / Sweden | MSISDN, charge events |
| SMTP2GO Inc. | Transactional email delivery | EU region | Email address + message body |
| Mailgun Technologies Inc. | Transactional email delivery (fallback) | EU region | Email address + message body |
| Plausible Analytics (self-hosted) | Aggregate, cookieless web analytics | Sparkle5, LLC infrastructure (self-hosted) | Pageview events, daily IP-hash (rotated) |
| AbuseIPDB | IP reputation check at signup | USA | Signup IP only — not linked to user record |
We may swap Plausible Analytics for an equivalent self-hosted Matomo instance, run on our own infrastructure under the same cookieless configuration, without changing the nature, scope, or purpose of analytics processing. No analytics data is forwarded to any third party.
4a. Stripe — Special Disclosures
Because we accept card payments worldwide via Stripe, additional disclosures apply on top of the row above:
- Dual role. Stripe is a processor for the act of executing a payment, but acts as an independent controller for fraud prevention (Stripe Radar), risk scoring, KYC, AML, and regulatory reporting. We cannot override Stripe's own retention or processing for these controller-level purposes.
- Card networks & banks as Stripe sub-processors. Stripe shares the minimum data required with Visa, Mastercard, American Express, the issuing bank, and the acquiring bank to settle each transaction.
- Worldwide processing. For users outside the EU/EEA, payment data may additionally be processed by Stripe affiliates in the user's region (Stripe Payments UK Ltd, Stripe Inc., Stripe Singapore Pte. Ltd, Stripe Payments Canada Ltd, Stripe Payments Australia Pty Ltd) under their corresponding DPA.
- Retention by Stripe. Stripe retains transaction records for 7–10 years as required by PCI DSS and national financial regulation. Erasure requests against data Stripe holds in its controller capacity are scoped accordingly — we will forward such requests but cannot compel Stripe to delete records it is legally required to keep.
- PCI scope. Card-number entry happens inside Stripe Elements / Checkout, hosted by Stripe; the raw PAN never reaches our servers. We are PCI-DSS SAQ-A scope only.
- Stripe's own policies. See stripe.com/privacy and Stripe's data-processing agreement at stripe.com/legal/dpa.
5. International Transfers
Sparkle5, LLC is incorporated in the United States. Application data is held at rest on Hetzner infrastructure in Germany, but the controlling entity (Sparkle5, LLC) is based in the USA and our primary payments processor is Stripe, Inc. (USA). Cross-border transfers for users in the EU/EEA, UK, or Switzerland are therefore in scope of Chapter V GDPR and equivalent regimes, and we rely on the following transfer mechanisms:
- Stripe, Inc. (USA) — card payments worldwide. Stripe Inc. is certified under the EU-US Data Privacy Framework and its UK Extension + Swiss-US DPF. As a fallback we also rely on the EU Standard Contractual Clauses (Commission Decision 2021/914, Module 2) together with Stripe's Transfer Impact Assessment. The same SCCs (under the UK Addendum / Swiss adequacy decision) cover the onward routing to Stripe's regional affiliates worldwide.
- AbuseIPDB (USA) — IP reputation at signup only. Covered by SCCs (2021/914) and limited to the signup IP address; no other personal data is transferred.
- Sparkle5, LLC (USA) — administrative access. Authorised personnel of Sparkle5, LLC may access application data from the United States for service operation, support, fraud investigation, and legal compliance. This intra-controller transfer is covered by appropriate safeguards (Binding Corporate Rules / SCCs Module 1, as applicable) and is logged in our audit trail.
6. Security Measures (Art. 32)
- TLS 1.3 in transit; encryption at rest on the database and object storage layer.
- Object storage is private — every photo URL is served via a short-lived presigned link.
- Identity-document uploads live in a dedicated, segregated bucket with stricter retention.
- mTLS client certificate enforced on all
/api/*traffic in the staging tier and (planned) production tier. - Password hashing with industry-standard KDF; tokens rotated on every login.
- Append-only audit trail of every legal-document fetch and admin moderation action.
7. Data Subject Rights (Art. 12–22)
To exercise access, rectification, erasure, restriction, portability, or objection, contact our Data Protection Officer at hello@fruitydate.com. We respond within one calendar month per Art. 12 (3).
8. Retention
Profile data is retained while your account is active. On account deletion via account-deletion, personal data is anonymised within 30 days. Payment records are retained for the statutory period (10 years under German HGB §147). Analytics is aggregate only — no record can be linked back to you.
9. Breach Notification (Art. 33)
We notify the competent supervisory authority within 72 hours of becoming aware of a personal-data breach, and notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights.
10. Changes
Material changes to this DPA are announced via in-app notice and email at least 30 days before they take effect.