(EN) Privacy & Security Statement
(für Deutsch, siehe weiter unten)
We take the protection of your data seriously. This Privacy Statement explains how we collect, share, use, process, and protect personal and non-personal data, as well as how you can protect your data yourself. Please take the time to read this statement carefully and in full so that you are fully informed before using our services.
Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you. For detailed information on data protection, please refer to our privacy policy listed below.
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Notice on the Responsible Entity” in this privacy policy.
How do we collect your data?
Some of your data is collected when you provide it to us. This can happen, for example, by entering information into a contact form.
Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or the time of the page visit). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to receive, at any time and free of charge, information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can revoke this consent at any time with effect for the future. Additionally, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the relevant supervisory authority.
For these and any other questions regarding data protection, you can contact us at any time.
Storage duration
Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless there are other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will take place after these reasons no longer apply.
General Information on the Legal Bases for Data Processing on This Website
If you have given your consent to data processing, we process your personal data based on Art. 6(1)(a) GDPR or, in the case of special categories of data under Art. 9(1) GDPR, on Art. 9(2)(a) GDPR. If explicit consent has been given for the transfer of personal data to third countries, data processing is also based on Art. 49(1)(a) GDPR.
If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is also based on § 25(1) TTDSG. You may revoke your consent at any time.
If data processing is required for the fulfillment of a contract or pre-contractual measures, we process your data based on Art. 6(1)(b) GDPR.
Furthermore, we process your data based on Art. 6(1)(c) GDPR if the processing is required to fulfill a legal obligation.
In some cases, data processing may be based on our legitimate interests in accordance with Art. 6(1)(f) GDPR. Further details on the applicable legal bases can be found in the relevant sections of this privacy policy.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims (objection under Art. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING AT ANY TIME.
If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21(2) GDPR).
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g., inquiries), this site uses SSL or TLS encryption.
You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and a lock icon appears in the browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to Promotional Emails
The use of contact details published in the legal notice for sending unsolicited advertising and informational materials is hereby prohibited.
The operators of this site expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
Privacy & Security
1. Data Controller
The entity responsible for data processing related to your visit to www.tebbl.com and the use of the tebbl web application via app.tebbl.com is:
Tebbl UG (haftungsbeschränkt)
HRB 176747
Represented by Johannes Jamroszczyk and Sandra Heuer
Amtsgericht Hamburg
Behringstraße 97, 22763 Hamburg
Phone: +49 176 6331 9606
Email: info@tebbl.com
Further details about our company can be found at www.tebbl.com.
2. Infrastructure
Systemic separation of our website and the tebbl web application
Our website www.tebbl.com and the web application app.tebbl.com are structurally separated and use different technologies to ensure smooth operation and provide an optimal user experience.
This means that analytical tools used on www.tebbl.com are not automatically applied to the web application at app.tebbl.com. Both platforms are hosted by different service providers and are completely independent in terms of infrastructure. The connection between the two endpoints exists solely through the subdomain structure, ensuring that each application operates independently.
3. Web Analytics
Website: www.tebbl.com
Our website www.tebbl.com uses the following web analytics tools:
Google Analytics
Google Analytics is used to analyze user activity on the website. Cookies collect information about website usage and transfer it to Google. Processing is based on your consent (Art. 6(1)(a) GDPR), and stored data is either anonymized or deleted after 14 months.
Google Tag Manager
Google Tag Manager enables the management of website tags for analysis and tracking of user actions. It does not process personal data itself but works with other tags that may collect data. The deactivation of tracking tags remains effective if performed at the domain or cookie level.
Google Fonts
Google Fonts allows the use of external fonts and may collect visitor traffic information. The processing is based on legitimate interest to improve the web offering (Art. 6(1)(f) GDPR).
Webflow
Our website www.tebbl.com is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. Webflow may process personal data, such as IP addresses and log files, to enable the delivery and display of the website.
The processing is based on Art. 6(1)(f) GDPR, relying on our legitimate interest in the secure and efficient provision of our online presence.
Please note that Webflow is a U.S.-based company. Any transfer of personal data to the USA is carried out under EU Standard Contractual Clauses to ensure an adequate level of data protection. More information is available in Webflow’s privacy policy: https://webflow.com/legal/euprivacy-policy.
4. Cookies
Website: www.tebbl.com
We use cookies to ensure the functionality of the website and to enhance your user experience. A cookie is a small text file stored on your device for a specific period by the visited website. Below, you will find a list of all cookies used on this website.
Privacy
At tebbl, we respect the privacy and security of the data we collect from visitors to our website. As the data controller, we act in accordance with applicable data protection laws and regulations.
Our website uses cookies as well as similar technologies such as pixels and local storage objects (collectively referred to as “cookies”) to:
• Differentiate you from other users
• Provide a smooth user experience
• Improve our services
• Personalize content and advertising
What Are Cookies?
A cookie is a small file consisting of letters and numbers that we store in your browser or on your device’s hard drive. This file acts as a memory on your computer.
Types of Cookies Used
First-party Cookies
Set by the website you are visiting (e.g., cookies set by our domain).
Third-party Cookies
Set by a domain other than the one you are visiting.
Persistent Cookies
These cookies remain on your device for the duration specified in the cookie and are activated each time you visit the website.
Session Cookies
These cookies link user actions within a session. They are stored temporarily and deleted when you close your browser.
Which cookies do we use and why?
In general, we use cookies to distinguish you from other users of the website, to improve your user experience, and to optimize our website. The cookies we use on the website can be categorized as follows:
Strictly Necessary Cookies
These cookies are essential for you to navigate the website and use its basic functions. Without these cookies, we cannot provide the requested services. We use these cookies to:
• Identify and authenticate you as a logged-in user.
• Ensure that you are connected to the correct service on the website.
• Maintain security purposes.
Cloudflare Cookies
__cf_bm
• Purpose: Differentiates between humans and bots to enhance website usage.
• Expires after: 2 hours, 31 minutes
• Domains: .verified.zendesk.com, .hubspot.com, .cdn.webflow.com.
_cfuvid
• Purpose: Allows Cloudflare to distinguish users with the same IP address.
• Expires after: Upon closing the browser
• Domains: .verified.zendesk.com, .vimeo.com, .hubspot.com.
__cfruid
• Purpose: Supports Cloudflare in services such as load balancing, content delivery, and DNS management.
• Expires after: Upon closing the browser
• Domains: .verified.zendesk.com.
CookieTractor Cookies
_cc_cookieConsent
• Purpose: Stores your cookie settings across multiple visits.
• Expires after: 11 months, 30 days
• Domains: www.verified.eu, verified-dev.webflow.io.
Performance Cookies
These cookies collect information about website usage, such as the pages visited or errors encountered, to improve website functionality. We use performance cookies to:
• Conduct web analytics and provide statistics on website usage.
• Perform affiliate tracking and provide feedback to partners.
• Collect data on the number of users who have viewed a product or service.
• Measure website errors and test design improvements.
Google Analytics Cookies
_ga
• Purpose: Distinguishes unique users and tracks page views as well as session duration.
• Expires after: 1 year, 11 months
• Domains: .verified.eu.
_ga*
• Purpose: Stores and tracks website visits.
• Expires after: 1 year, 11 months
• Domains: .verified.eu.
Functionality Cookies
We use functionality cookies to:
• Store settings such as layout, text size, and colors.
• Remember whether we have already asked you to participate in a survey.
• Provide embedded video content.
Targeting Cookies
These cookies track your visits to the website and other websites and apps to display targeted advertising. We use targeting cookies to:
• Serve targeted ads on the website and measure the effectiveness of advertising campaigns.
Cookies in the Web Application: https://app.tebbl.com
We take a clear stance and only use cookies in our web application tebbl that are essential for the smooth operation of the software.
The use of session tokens and cookies in the web application poses no security risk to your data and does not result in the unauthorized transfer of your processed data in the tebbl web application to third parties.
Strictly Necessary Cookies
These cookies are essential for you to navigate the website and use its basic functions. Without these cookies, we cannot provide the requested services. We use these cookies to:
• Identify and authenticate you as a logged-in user.
• Ensure that you are connected to the correct service on the website.
• Maintain security purposes.
Functionality Cookies
We use functionality cookies to:
• Store settings such as layout, text size, and colors.
• Remember whether we have already asked you to participate in a survey.
• Provide embedded video content.
Performance Cookies
These cookies collect information about website usage, such as visited pages or encountered errors, to improve the website’s functionality. We use performance cookies to conduct web analytics and provide statistics on website usage.
When do we need your consent?
Your consent is required before cookies are placed on your device, except for strictly necessary cookies. You can grant or withdraw your consent via the cookie settings in the banner. Please note that blocking cookies may affect the website’s functionality.
How can you delete or block cookies?
You can manage cookies through your browser settings. If you block all cookies, you may not be able to access certain areas of the website. For more information, visit www.aboutcookies.org.
Changes
We reserve the right to modify this cookie policy at any time. Please check this page regularly to stay informed about any updates.
Contact
If you have any questions, please contact us at:
Email: support@tebbl.com.
5. Processing of Personal Data
The processing of your personal data is carried out in accordance with applicable data protection laws and for the following purposes:
Visiting Our Website
When you visit our website, we automatically collect certain personal data from your device, including:
• Referrer URL
• Name and URL of the requested page
• Date and time of access
• Details of the web browser used (type, language, version)
• IP address
• Data volume transferred
• Information about the operating system
• Access status (HTTP status code)
• GMT time zone difference
This information is necessary to keep our website content up to date and optimized, ensure the functionality of our IT systems, and provide relevant information to law enforcement in the event of cyberattacks. These data are collected using cookies and similar tracking technologies. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in operating our website properly, preventing fraud, and ensuring security.
Use of Our Services
When you place an order with us or purchase a license for the tebbl web application, we collect and use personal data necessary for providing the services. Most of this data is voluntarily provided by customers and may include:
• Name
• Company affiliation
• Contact details
• Financial information
• Special categories of personal data
We process these data for contract fulfillment, compliance with legal obligations, and business operations. This processing is based on Art. 6(1)(b) and (c) GDPR. Information may be disclosed to third parties if necessary for our work and legally required.
Contacting Us
When you contact us via email or phone, we process your contact details and the content of your message. This serves to handle your request and is based on contract fulfillment, pre-contractual measures, or our legitimate interest (Art. 6(1)(b) and (f) GDPR).
Newsletter
If you subscribe to our newsletter, we may send you information about our business and services via email. This processing is based on your consent or our legitimate interest (Art. 6(1)(a) and (f) GDPR). You can unsubscribe at any time.
We also process data for marketing surveys to improve our marketing activities, based on our legitimate interest (Art. 6(1)(f) GDPR).
For events, we use video conferencing tools, and the processing of your data is based on your consent or contract fulfillment (Art. 6(1)(a) and (b) GDPR).
User Account
By creating a user account or requesting the creation of a user account, you consent to the storage of your personal information, including:
• Your name
• Your address
• Your email address
• Your login credentials (username and password)
This allows you to log in using your email address and a unique password. We store your personal password only in encrypted form.
6. Storage of Personal Data
In general, we retain your personal data only for as long as necessary to fulfill the purposes for which they were collected. Once these purposes have been achieved, the data will be deleted unless legal retention obligations require longer storage.
Visiting Our Website
Relevant personal data is stored for a maximum of two years from the date of our last interaction with you.
Providing Services to Customers
Relevant personal data is stored for at least 10 years from the date of our last interaction with the customer. This is in accordance with our obligations under national law or longer if required by regulatory requirements or professional insurance obligations. After this period, we may delete these records without further notice or liability.
Job Applications
Relevant personal data is stored throughout the entire application process. Within six months after the conclusion of the application process, all personal data will be deleted.
7. Transfer of Personal Data to Third Parties
Recipients
The following recipients, who generally act as data processors, may have access to your personal data:
• Service providers for operating our website and processing data stored or transmitted by our systems (e.g., data center services, payment processing, IT security).
• Government agencies/authorities, where required to fulfill a legal obligation.
• Individuals involved in our business operations (e.g., auditors, banks, insurance companies, legal advisors, regulatory authorities, participants in business acquisitions or the formation of joint ventures).
• In the course of our business relationships, your personal data may be shared with or disclosed to third-party companies, including those outside the European Economic Area (EEA), i.e., in third countries. This processing occurs solely to fulfill contractual and business obligations and to maintain our business relationship with you.
Adequacy Decisions
The European Commission has issued adequacy decisions for certain third countries, ensuring that their data protection standards are equivalent to those in the EEA.
A list of these countries and copies of the adequacy decisions can be found here:
Special Cases
In other third countries where personal data may be transferred, a consistently high level of data protection cannot be guaranteed due to the lack of legal regulations. In such cases, we take measures to ensure adequate data protection, including:
• Binding corporate rules
• Use of the European Commission’s standard contractual clauses for data protection
• Certification mechanisms
• Compliance with recognized codes of conduct
Consent
Additionally, we will only share your personal data with third parties if you have explicitly given your consent.
Compliance
All recipients of transferred data are only engaged if they are legally or contractually obligated to comply with the General Data Protection Regulation (GDPR).
8. Data Protection Rights
You can exercise your rights as a data subject regarding the processing of your personal data at any time using the contact information provided. As a data subject, you have the following rights:
Access
Under Article 15 GDPR, you have the right to request information about the personal data we process. This includes details about:
• The purposes of processing
• The types of data being processed
• The categories of recipients to whom your data has been or will be disclosed
• The planned retention period
• Your rights to rectification, erasure, restriction of processing, or objection
• Your right to lodge a complaint
• The source of your data (if not collected directly from you)
• The existence of automated decision-making, including profiling, and, if applicable, meaningful information about these processes
Rectification
Under Article 16 GDPR, you have the right to request immediate correction of inaccurate or completion of incomplete data stored by us.
Erasure
Under Article 17 GDPR, you can request the deletion of your personal data stored by us unless processing is required for:
• Exercising the right to freedom of expression and information
• Compliance with a legal obligation
• Reasons of public interest
• The establishment, exercise, or defense of legal claims
Restriction of Processing
Under Article 18 GDPR, you have the right to restrict the processing of your data if:
• You contest the accuracy of your data
• The processing is unlawful
Data Portability
Under Article 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer of this data to another controller (data portability).
Objection
Under Article 21 GDPR, you have the right to object to the processing of your data, particularly if the processing is not necessary for fulfilling a contract with you.
If you object to direct marketing, please provide reasons why we should no longer process your data as we have been. In case of a legitimate objection, we will either stop or adjust the data processing and explain our compelling legitimate grounds for continuing the processing.
Withdrawal of Consent
Under Article 7(3) GDPR, you may withdraw any consent you have given to us at any time, including consent provided before GDPR came into effect on May 25, 2018.
A withdrawal means that we may no longer process your data based on that consent in the future.
Complaint
Under Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
The competent authority for our company is:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 20459 Hamburg
https://datenschutz-hamburg.de
9. Security of Your Data
We take the protection of your personal data very seriously and implement comprehensive technical and organizational measures to ensure data security. Our measures are designed to provide an appropriate level of protection corresponding to the risks associated with the processing of personal data while ensuring compliance with the General Data Protection Regulation (GDPR).
Security Measures
To ensure the security of your data, we use a combination of digital and analog security measures:
Digital Measures
- Secure Passwords -
All access to sensitive information is protected by secure and unique passwords. At tebbl, we require that all passwords be unique and diverse, meeting security standards to withstand common hacking methods such as brute force attacks and rainbow table lookups.
- Two-Factor Authentication (2FA) -
We use 2FA for access to critical systems and data.
- Encryption -
Sensitive information is protected using state-of-the-art encryption methods (e.g., encryption of all employees’ hard drives).
- Key Vaults -
We utilize secure key storage systems to manage sensitive credentials.
- Access Management -
Access to sensitive data is strictly regulated and granted based on employee permissions.
- Tokenization -
User sessions within our software are protected through encrypted tokens.
- Automatic Session Termination -
User session tokens are automatically deleted after a certain period to prevent unauthorized reuse.
- Security Protocols -
We regularly review and update all security protocols and infrastructure.
- Storage Devices -
The hard drives of employees with access to sensitive data are encrypted.
- Firewall and Intrusion Detection Systems (IDS) -
Our servers are protected by provider-side firewalls and IDS to prevent unauthorized access.
- Regular Updates -
Software and operating systems are regularly updated to patch vulnerabilities.
- Backups -
We conduct regular, encrypted backups of all critical data to prevent data loss.
Analog Measures
- Employee Training -
We conduct regular training sessions for all employees on data security and data protection.
- Confidentiality Agreement -
Employees are contractually obligated to maintain the confidentiality of sensitive data, even after the termination of their employment.
- Internal Data Audits -
We regularly review and delete company data that is no longer in use.
- Code Audits -
We systematically review source code and interfaces to identify and fix security vulnerabilities.
- Social Engineering Tests -
We conduct penetration tests, including dummy phishing attacks, to train and raise awareness among employees.
- Device Security Policy -
We enforce clear policies on the secure handling of sensitive data on employee devices.
- Physical Security -
Access to sensitive information and workspaces is restricted through access controls.
10. Third-Party Processors and Data Security
The provision of highly complex applications with significant added value often relies on third-party technologies. Like many web applications that perform complex data analyses, we also utilize third-party services. We understand that this may raise questions regarding data security.
We ensure that all data processed through our solution is always handled in accordance with the data protection regulations of the European Union (EU) and the European Economic Area (EEA). All evaluation methods and processes involving third-party providers are conducted exclusively within the EU/EEA to comply with the legal requirements of the General Data Protection Regulation (GDPR).
For services that are not directly related to processing uploaded data, such as hosting or rendering the web application, we may collaborate with providers outside the EU/EEA. In such cases:
• These providers do not have direct access to your personal data.
• These providers voluntarily commit to GDPR compliance through certifications and have a Data Protection Addendum (DPA) in place.
Third-Party Providers and Their Functions
Below, we explain the third-party providers we use for operating our web application app.tebbl.com and their specific functions:
- Render -
Function:
Provides server infrastructure for rendering the web application and ensuring availability at https://app.tebbl.com.
Data Protection:
Render, a US-based company, is GDPR-certified. The Data Processing Addendum can be requested via our support. Render meets the highest security standards, including:
• GDPR compliance
• ISO 27001
• SOC 2 & SOC 3 certifications
More information: Render Trust & Security
Service Location:
Render services are hosted on an EU-based server (Germany) and are therefore subject to GDPR regulations.
- Microsoft Azure -
Function:
Infrastructure services for blob storage, API management, load balancing, and backup.
Data Protection:
Microsoft Azure meets the highest security standards, including:
• GDPR compliance
• ISO 27001
• SOC 2 & SOC 3 certifications
More information: Microsoft Azure Privacy
Service Location:
All customer-related stored data remains exclusively on servers within the EU/EEA, including:
• Germany, France, Netherlands, Poland, Sweden, Spain
- Microsoft OpenAI & AI Studio -
Function:
Use of language models and AI models for inference within the EU/EEA.
Data Protection:
All inference processes and data processing take place strictly within GDPR-compliant data zones in the EU/EEA. Training with user data is excluded.
More information: Microsoft Azure Privacy
Service Location:
All customer-related stored and processed data remains exclusively on servers within the EU/EEA, including:
• Germany, France, Netherlands, Poland, Sweden, Spain
- Google Firestore & Firebase -
Function:
• Storage of login data (e.g., email, password hashes)
• Usage metrics such as token consumption and session information
• Real-time databases for tracking work progress
Data Protection:
Google meets the highest security standards, including:
• GDPR compliance
• ISO 27001
• SOC 2 & SOC 3 certifications
More information: Google Firebase Privacy
Service Location:
Services are operated in GDPR-compliant zones within the EU/EEA (Belgium).
- AssemblyAI -
Function:
• AI-powered speech-to-text processing for transcriptions.
• Processing of audio data exclusively within the EU endpoints.
Data Protection:
AssemblyAI meets high security and compliance standards, including:
• GDPR compliance
• EU Data Residency (processing in Dublin, Ireland)
• Third-party assessment of security controls
• Ongoing PCI-DSS compliance audit (expected completion in 2024)
More information: AssemblyAI Security & Compliance
Final Remarks
We take appropriate measures to protect your data and ensure a secure experience when using our web application. Providing transparent and detailed information about our security measures is a gold standard for us.
If you have any further questions regarding data security or privacy, feel free to contact us at any time through our support channels.
11. Updates to the Privacy Policy
We will update this privacy policy to reflect legal, technical, or business developments. We will take appropriate measures to inform you about any changes.
12. Contact
If you have any questions or concerns regarding the use of your personal data or the contents of this privacy policy, you can contact our Data Protection Officer, Johannes Jamroszczyk, at johannes@tebbl.com at any time.
We will respond to all inquiries from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.