Traivis logo

Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how Traivis UG (haftungsbeschränkt) (“Traivis”, “we”, “us”, or “our”) processes personal data when you use our websites and platform. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German law, including the Telecommunications Digital Services Data Protection Act (TDDDG).

This policy covers two distinct online services:

Where a section applies only to one of them, we say so.

1. Controller

The controller responsible for data processing is:

Traivis UG (haftungsbeschränkt)
c/o Dr. Peter Koval
Brunnenstr. 164
10119 Berlin
Germany

For any privacy-related questions or requests, contact privacy@traivis.app.

2. What data we collect

Website (traivis.app). The Website is designed to operate without cookies and without cross-site tracking. We do not set any cookies of our own on the Website. We use Vercel Web Analytics, which measures aggregated traffic without cookies and without creating cross-site identifiers. If you choose to book a demo, the booking page embeds a scheduling interface from our processor Cal.com; see Section 4 (Cookies and similar technologies) for how that embed is handled and Section 2 for the data you submit when booking.

App (app.traivis.app). When you register and use the App, we process:

  • the email address you provide when registering, and authentication data used to keep you signed in;
  • account and workspace data, including workspace settings and your theme/display preferences;
  • the content you input to operate the Service, such as brand names, competitor names, URLs, prompts, topics, and similar tracking inputs;
  • billing information, which is processed by our payment provider Stripe; we do not store full payment-card details on our systems; and
  • technical and usage data necessary to operate and secure the App, and error diagnostics via Sentry, which is configured to exclude personally identifiable information.

3. Authentication and storage (App)

To keep you signed in, the App uses strictly necessary session storage and authentication cookies provided through Supabase. These are required to deliver a service you have explicitly requested and do not require consent. Local storage is used only to remember preferences such as your selected theme. The App does not set advertising or cross-site tracking cookies, and does not place third-party cookies on the app.traivis.app domain.

4. Cookies and similar technologies

We take a deliberately minimal approach to cookies and similar technologies.

Website (traivis.app). We set no cookies of our own. Web analytics is cookieless. The only third-party technology that may set cookies in connection with the Website is the Cal.com scheduling embed on the demo-booking page, and only when that embed is loaded. Any such cookies are functional/necessary to provide the booking interface you requested; we do not use them for advertising or cross-site tracking. Because we set no cookies of our own and use no consent-requiring tracking, the Website does not display a cookie-consent banner.

App (app.traivis.app). All storage the App sets is either strictly necessary or functional/preference (for example, your session and your theme choice). The App sets no advertising or cross-site tracking cookies and no third-party cookies on its own domain. Storage that is strictly necessary to provide a service you have explicitly requested does not require consent under § 25(2) TDDDG, so the App does not display a cookie-consent banner for its own storage.

Stripe (payment and billing). When you proceed to pay or manage billing, you are redirected to Stripe. Stripe may set its own cookies on Stripe’s pages, governed by Stripe’s privacy policy. These are not set by us and are outside our control.

5. Purposes and legal bases

We process personal data on the following bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): creating and administering your account, providing the App and its features, processing subscriptions and payments, and providing support. Booking a demo and the resulting contact is handled on this basis or, where you are not yet a customer, on the basis of taking steps at your request prior to entering into a contract.
  • Legitimate interests (Art. 6(1)(f) GDPR): operating, securing, and improving the Service, including cookieless analytics, error monitoring, and abuse and fraud prevention. Our legitimate interest is to keep the Service reliable, secure, and functional, balanced against your interests and rights.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): retaining business and billing records as required by German commercial and tax law.

6. Communications

We use the email address associated with your account to communicate with you.

Service and account communications. We send communications that are necessary to provide and administer the Service, such as trial and subscription notices (including notices that a trial is ending and how to continue the Service), billing and payment messages, security and account alerts, onboarding and setup guidance, and responses to support requests. We send these on the basis of performing our contract with you and taking steps at your request (Art. 6(1)(b) GDPR). Because these communications are part of providing the Service you have requested, they do not require separate consent.

Marketing communications. Where you have given your consent, we send marketing communications, such as product news, tips, and updates about Traivis. We send these on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time, with effect for the future, by using the unsubscribe link in any such email or by contacting privacy@traivis.app. Withdrawing consent does not affect service and account communications, which you continue to receive while you have an account.

7. Third-party processors and international transfers

We use the following processors to provide the Service:

ProcessorFunctionLocation
SupabaseDatabase, authenticationEU
VercelHosting, cookieless web analyticsUS
StripePayment and billingUS
AWS SESTransactional emailEU
Sentry (Functional Software, Inc.)Error monitoringUS
Cal.comDemo scheduling (booking page only)US
AttioCRM / contact managementUS

Where personal data is transferred to processors in the United States, we rely on one of the following transfer mechanisms. Vercel, Stripe, and Sentry (Functional Software, Inc.) are certified under the EU–US Data Privacy Framework (DPF), and transfers to them are based on the DPF adequacy decision. For Attio and Cal.com, and for any other US processor or transfer not covered by the DPF, transfers are based on the European Commission’s Standard Contractual Clauses (SCCs). Processors located in the EU/EEA do not involve a third-country transfer.

A current list of subprocessors is available on request and is referenced in our Terms of Service and, where applicable, our Data Processing Agreement.

8. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data is retained for the duration of your account. You can request deletion at any time through Account → Delete Account, which begins an immediate soft-deletion with a 30-day reversal window; after that window, the account and associated data are permanently deleted or irreversibly anonymised.
  • Where an account is suspended rather than deleted by you, associated data may be retained for up to 90 days, with at least 30 days’ notice before permanent deletion where reasonably practicable, consistent with the lifecycle described in our Terms of Service.
  • Billing and accounting records are retained for up to 10 years, as required by German commercial and tax law (§ 257 HGB, § 147 AO).
  • Error and diagnostic logs are retained for up to 90 days.

9. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing carried out on the basis of our legitimate interests. To exercise these rights, contact privacy@traivis.app.

You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

10. Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or misuse. No method of transmission or storage is completely secure, but we work to safeguard your data using industry-standard practices.

11. Children

The Service is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. The updated version becomes effective upon publication unless otherwise stated.

13. Contact

Traivis UG (haftungsbeschränkt)
c/o Dr. Peter Koval
Brunnenstr. 164
10119 Berlin
Germany

Email: privacy@traivis.app