Privacy Policy
Last updated: March 30, 2026
1. Introduction
Affury Ltd. ("Affury", "we", "us", or "our") is a dating CPA affiliate network headquartered in Tallinn, Estonia. We connect affiliate partners with our proprietary dating platforms through performance-based marketing.
This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with our services, including:
- affury.com — our marketing website
- portal.affury.com — the affiliate portal
- api.affury.com — our tracking and API infrastructure
The data controller for all personal data processed through these services is:
2. Data We Collect
2.1 Affiliate Data (Portal Users)
When you apply to or use our affiliate program, we collect:
- Full name and email address
- Messaging handles (Telegram, Skype, Discord)
- Country of residence
- Traffic source information and experience level
- Payment details (PayPal email, USDT wallet address, bank details)
- Login metadata (IP address hash, login timestamps)
- All data submitted through the application form
2.2 Traffic Data (Clicks and Conversions)
When end users interact with affiliate links and pre-landers, we collect:
- IP address (stored as a one-way hash, never in plain text)
- Device type, operating system, browser, and language
- Geographic location (country, state, city) derived from IP
- Click timestamps and conversion events (registration, deposit)
- Fraud scoring data (canvas fingerprint hash, WebGL hash)
- Referrer URLs, zone IDs, and creative IDs
2.3 Cookies and Tracking Technologies
- Session cookies — used for portal authentication. Essential for the service to function.
- Tracking pixels — deployed on pre-landers for conversion attribution and fraud detection.
- No third-party advertising cookies — we do not use any third-party advertising or retargeting cookies.
3. How We Use Data
3.1 Affiliate Data
- Account management, authentication, and access control
- Processing payments and payouts
- Communication via email and messaging platforms
- Fraud prevention and identity verification
- Aggregate analytics and reporting
- Compliance with legal and regulatory obligations
3.2 Traffic Data
- Conversion tracking and attribution to the correct affiliate
- Fraud detection and prevention (bot detection, click quality scoring)
- Aggregate analytics (breakdowns by geography, device, OS, etc.)
- Traffic quality scoring and network intelligence (subnet/ASN analysis)
- Protecting the integrity of our platform and advertisers
4. Legal Basis for Processing (GDPR Article 6)
We process personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)) — processing necessary to fulfil the affiliate agreement, including account management, tracking, and payment processing.
- Legitimate interest (Art. 6(1)(f)) — fraud prevention, security, analytics, and improving our services. We balance these interests against your privacy rights.
- Consent (Art. 6(1)(a)) — marketing emails and re-engagement communications. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) — retention of financial records and tax documentation as required by law.
5. Data Sharing
We share personal data only with the following categories of recipients, and only to the extent necessary:
- Payment processors (PayPal, Paxum) — to process affiliate payouts. They receive only the data required to execute payments.
- Cloudflare, Inc. — our infrastructure provider (Workers, D1 database, KV storage). Cloudflare processes data as a sub-processor under a Data Processing Agreement.
- Resend — for transactional email delivery (account notifications, payment confirmations).
- Law enforcement — when required by law, court order, or to protect our legal rights.
We do not:
- Sell personal data to third parties
- Share affiliate data with other affiliates
- Use personal data for third-party advertising
6. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Affiliate account data | Active account + 7 years (tax/legal) |
| Payment records | 7 years (legal requirement) |
| Click data | 90 days (then automatically purged) |
| IP address hashes | 90 days |
| Fingerprint data | 90 days |
| Aggregated statistics | Indefinitely (contains no personal data) |
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit — all data transmitted over TLS (HTTPS)
- Password hashing — passwords are hashed using PBKDF2 with 100,000 iterations
- IP anonymization — IP addresses are stored as irreversible one-way hashes
- Encryption at rest — database hosted on Cloudflare D1 with encryption at rest
- Access control — access to personal data is limited to authorized personnel only
- Security reviews — regular security audits of our infrastructure and code
8. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time where processing is based on consent
- Right to lodge a complaint — file a complaint with the Estonian Data Protection Authority (Andmekaitse Inspektsioon)
9. How to Exercise Your Rights
To exercise any of the rights listed above, please contact us:
- Email: partners@affury.com
- Telegram: @affury_bot
We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will inform you of any such extension.
We may need to verify your identity before processing your request to protect your data from unauthorized access.
10. International Data Transfers
Your data is processed on Cloudflare's global network, which may involve transfers outside the EEA. These transfers are protected by:
- Cloudflare's compliance with the EU-US Data Privacy Framework
- Standard Contractual Clauses (SCCs) approved by the European Commission, where required
- Cloudflare's Data Processing Agreement, which ensures appropriate safeguards
11. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete that data.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:
- The updated policy will be posted on this page with a revised "Last updated" date
- We will notify affected users via email for significant changes
- Continued use of our services after changes constitutes acceptance of the updated policy
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please reach out: