TerminTacho

Privacy Policy

Last Updated: April 1, 2026

1. Introduction

TerminTacho ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, in compliance with the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:
Sharan Kumar Reddy Lankala
Augartenstraße 38, 76137 Karlsruhe
Email: termintacho@gmail.com

3. Information We Collect

3.1 Personal Data You Provide

  • Authentication Data: Email address and OAuth provider account information (Google)
  • Timeline Reports: Processing office, process type, submission dates, decision dates, status (anonymous by default)
  • Reviews: Ratings, review content, optional title and process type
  • Contact Form: Name, email address, subject, message content
  • Newsletter: Email address and verification token for double opt-in

3.2 Automatically Collected Data

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent on pages, clickstream data (only if analytics consent is given)
  • Security Data: CAPTCHA verification tokens and related security signals (Turnstile)
  • Cookies & Similar Storage: Session and authentication data, consent preference, analytics identifiers (see Cookie Policy)
  • Consent Logs: Cookie consent choice, timestamp, masked IP, user agent

4. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on:

  • Consent (Art. 6(1)(a)): Analytics cookies, newsletter subscription, optional cookies
  • Contract / Pre-Contractual Steps (Art. 6(1)(b)): Account access, authentication, and user requests
  • Legitimate Interest (Art. 6(1)(f)): Security, fraud prevention, abuse protection, and service improvement
  • Legal Obligation (Art. 6(1)(c)): Compliance with German and EU law

5. How We Use Your Information

  • To provide and maintain our service
  • To authenticate users and prevent abuse
  • To display aggregated, anonymous processing time statistics
  • To respond to your inquiries and support requests
  • To improve our website and services
  • To comply with legal obligations

6. Data Retention

  • Account & Authentication Data: Kept while your account is active or as required to provide the service
  • Reports & Reviews: Retained for community statistics and integrity, or anonymized where possible
  • Contact & Newsletter Data: Kept only as long as necessary to respond or maintain your subscription
  • Security & Consent Logs: Kept for compliance, fraud prevention, and audit purposes
  • General Rule: We review and delete or anonymize data when it is no longer needed for the purposes described above or when required by law

7. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to data processing
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time

To exercise these rights, contact us at termintacho@gmail.com

8. Data Sharing and Third Parties

We may share your data with:

  • OAuth Providers: Google (authentication only)
  • Analytics: Google Analytics (only with consent)
  • Error & Performance Monitoring: Sentry (to diagnose errors and improve stability)
  • Security / Anti-Abuse: Cloudflare Turnstile (CAPTCHA protection)
  • Email Delivery: Resend (transactional and verification emails)
  • Database Provider: Supabase (data processing agreement in place)
  • Hosting Provider: Website hosting and infrastructure providers used to operate TerminTacho

We do not sell your personal data to third parties.

9. International Data Transfers

Some of our providers may process data outside the EU/EEA. We ensure appropriate safeguards through:

  • EU Standard Contractual Clauses (SCCs)
  • EU-US Data Privacy Framework (where applicable)
  • Adequacy decisions by the EU Commission

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for data transmission
  • Secure database with access controls
  • Regular security audits
  • Password hashing and secure authentication

11. Children's Privacy

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated "Last Updated" date.

13. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at:
Email: termintacho@gmail.com

You also have the right to lodge a complaint with your local data protection authority.