Privacy Policy

Last updated: March 4, 2026

1. Data Controller

The data controller responsible for processing your personal data is:

tepete
[Company Address]
Email: privacy@tepete.com

2. Data We Collect

We collect and process the following personal data:

Data Category	Details	Legal Basis (Art. 6 GDPR)
Account Data	Name, email, password (hashed)	Art. 6(1)(b) — Contract performance
Usage Data	Login timestamps, IP address, actions	Art. 6(1)(f) — Legitimate interest
Content Data	Checklist items, sections, schedules	Art. 6(1)(b) — Contract performance
Technical Data	Browser type, device info, cookies	Art. 6(1)(f) — Legitimate interest

3. How We Use Your Data

To provide and maintain the Service
To authenticate your identity and secure your account
To send service-related notifications (e.g., password resets)
To improve the Service and fix issues
To comply with legal obligations

4. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

Account and content data: deleted within 30 days
Audit logs: retained for up to 12 months for security
Backup data: purged within 90 days

5. Data Sharing

We do not sell your personal data. We may share data with:

Infrastructure providers: Server hosting (Hetzner, Germany) for service operation
Legal authorities: When required by law or valid legal process
Team members: Data shared within your team as part of the Service functionality

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

Right of Access (Art. 15) — Request a copy of your personal data
Right to Rectification (Art. 16) — Correct inaccurate data
Right to Erasure (Art. 17) — Request deletion of your data
Right to Restriction (Art. 18) — Restrict processing
Right to Data Portability (Art. 20) — Receive data in a machine-readable format
Right to Object (Art. 21) — Object to processing based on legitimate interest

To exercise these rights, contact privacy@tepete.com.

7. Cookies

We use the following cookies:

Cookie	Purpose	Duration
token	Authentication (httpOnly)	24 hours
_csrf	CSRF protection	Session

These are strictly necessary cookies required for the Service to function. No tracking or advertising cookies are used.

8. International Transfers

Your data is stored and processed within the European Union (Germany). We do not transfer data to third countries. If this changes, we will ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

9. Data Security

We implement appropriate technical and organizational measures including:

Encryption in transit (TLS/HTTPS) and at rest
Secure password hashing (bcrypt)
Role-based access control
Regular security audits and monitoring

10. Complaint Rights

You have the right to lodge a complaint with a supervisory authority. The competent authority in Germany can be found at: www.bfdi.bund.de

11. Contact

Data Protection Officer:
Email: privacy@tepete.com