Privacy Policy

1. Data Controller

The data controller responsible for processing your personal data is:

tippel
Represented by: Lukas Friedrich
Kampweg 4
34369 Hofgeismar
Deutschland
Email: info@tippel.ai
Phone: +491785879849

2. Types of Data Collected

We collect and process the following categories of personal data:

• Contact Data: Name, email address, postal address, phone number provided during registration or when using our contact forms
• Account Data: Login credentials (passwords are stored as hashed values), user ID, registration date
• Business Data: Company name, industry category, website content, images, and documents you upload for website creation
• Payment Data: Payment information is processed securely by our payment provider Stripe. We do not store full credit card details on our servers
• Usage Data: IP address, browser type, operating system, referring URLs, pages visited, time spent on site
• Communication Data: Content of emails, support tickets, and change requests submitted through our platform

3. Purpose and Legal Basis of Processing

We process your personal data for the following purposes:

• Service Provision (Art. 6(1)(b) GDPR): Creating website previews, hosting services, domain registration, and fulfilling our contractual obligations
• Legitimate Interests (Art. 6(1)(f) GDPR): Improving our services, fraud prevention, network security, and direct marketing (with opt-out option)
• Legal Obligations (Art. 6(1)(c) GDPR): Compliance with tax laws, commercial law, and data retention requirements
• Consent (Art. 6(1)(a) GDPR): Where explicitly obtained, for marketing communications and analytics cookies

4. Data Retention

We retain your personal data only as long as necessary for the purposes outlined:

• Active accounts: Data retained while your account is active
• Inactive accounts: Deleted after 2 years of inactivity, unless legal retention periods require longer storage
• Payment records: Retained for 10 years per German tax laws (§ 147 AO)
• Server logs: Retained for 7 days for security purposes
• Canceled subscriptions: Personal data anonymized after contract termination and legal retention periods expire

5. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

• Hosting Providers: Infrastructure services for website hosting and data storage (processed within EU/EEA)
• Payment Processors: Stripe Inc. for payment processing. Data may be transferred to the USA under Standard Contractual Clauses (SCCs)
• Domain Registries: Required domain registration data (WHOIS data) is shared with domain registries as required by ICANN and registry policies
• Analytics: Google Analytics for website usage analysis (IP anonymization enabled)
• Legal Authorities: When required by law, court order, or to protect our rights

6. International Data Transfers

While we primarily process data within the European Union, some service providers (e.g., Stripe, Google) may process data outside the EU/EEA. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) or adequacy decisions approved by the European Commission.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for site functionality (session management, security, CSRF protection)
• Analytics Cookies: Google Analytics for usage statistics (with IP anonymization)

You can control cookie preferences through your browser settings. Essential cookies cannot be disabled as they are necessary for service operation.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your data ("Right to be Forgotten"), subject to legal retention periods
• Right to Restriction (Art. 18): Limit processing of your data
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time for processing based on consent

To exercise these rights, contact us at info@tippel.ai. We will respond within one month as required by law.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data transmission
• Hashed password storage using bcrypt
• CSRF tokens for form protection
• Regular security audits and updates
• Access controls and authentication requirements
• Automated backups with encryption

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you or significantly affects you.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, please contact us immediately for deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Details

For questions regarding this Privacy Policy or data protection matters, contact:

Email: info@tippel.ai
Address: tippel, Kampweg 4, 34369 Hofgeismar, Deutschland

You also have the right to lodge a complaint with a supervisory authority (Datenschutzaufsichtsbehörde) if you believe our processing violates applicable data protection laws.