Privacy Policy

1. Data Controller

2. Types of Personal Data Collected

We collect and process the following categories of personal data:

• Contact Information: Name, email address, phone number, company name
• Authentication Data: Email address, authentication tokens (managed by Clerk)
• Organization Information: Organization name, invoice email addresses, billing information
• Project Data: Quote details, project specifications, payment information
• Technical Information: IP address, browser type, device information, access times
• Payment Information: Payment data processed through Stripe or by Bank Transfer (we do not store complete credit card information)

3. Legal Bases for Processing

We process your personal data based on the following legal grounds under the EU General Data Protection Regulation (GDPR) and the Danish Data Protection Act (Databeskyttelsesloven):

• Contract Performance (GDPR Art. 6(1)(b)): Processing necessary for the performance of contracts for our services
• Consent (GDPR Art. 6(1)(a)): Where you have given explicit consent for specific processing activities
• Legal Obligation (GDPR Art. 6(1)(c)): To comply with legal obligations such as accounting and tax laws
• Legitimate Interest (GDPR Art. 6(1)(f)): For fraud prevention, security, and improvement of our services

4. Purposes for Data Collection

We process your personal data for the following purposes:

• Providing and managing our partner dashboard services
• User authentication and account management
• Processing quotes, invoices, and payments for custom software projects
• Communication regarding projects and services
• Compliance with legal and regulatory requirements
• Security monitoring and protection against fraud or unauthorized access
• Improving and developing our services

5. Recipients of Personal Data

We may share your personal data with the following categories of recipients:

• Authentication Services: Clerk (for user authentication and account management)
• Payment Processors: Stripe (for payment processing and invoicing)
• Hosting Providers: Vercel (for website hosting)
• Database Services: Service providers for data storage and management
• Legal and Regulatory Authorities: When required by law or to protect our rights

All third-party service providers are carefully selected and contractually bound to comply with GDPR requirements.

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

7. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for the duration of your account plus 30 days after account deletion
• Project and Quote Data: Retained for the duration of the project plus 5 years (for legal and accounting purposes)
• Financial and Invoice Data: Retained for 5 years in accordance with Danish bookkeeping requirements (Bogføringsloven)
• Technical Logs: Retained for up to 90 days for security purposes

8. Your Rights

Under the GDPR and Danish Data Protection Act, you have the following rights regarding your personal data:

• Right of Access (Indsigtsret): You have the right to obtain confirmation as to whether we process your personal data and, if so, to access that data and receive information about how it is processed.
• Right to Rectification (Berigtigelse): You have the right to request correction of inaccurate personal data and to have incomplete personal data completed.
• Right to Erasure (Sletning/Ret til at blive glemt): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
• Right to Restriction of Processing (Begrænsning af behandling): You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data.
• Right to Data Portability (Dataportabilitet): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
• Right to Object (Indsigelse): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at hi@talktweak.com. We will respond to your request within one month.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

In Denmark, the competent supervisory authority is:

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure authentication through trusted third-party providers (Clerk)
• Payment data security through PCI DSS-compliant payment processors (Stripe)
• Regular backups and disaster recovery procedures
• Staff training on data protection and security

11. Cookies

Our website uses cookies and similar technologies to provide functionality and improve your experience. Cookies are small text files stored on your device when you visit our website.

Types of cookies we use:

• Strictly Necessary Cookies: Required for authentication and security features
• Functional Cookies: Remember your preferences and settings

You can control and/or delete cookies as you wish through your browser settings. However, disabling certain cookies may affect the functionality of our services.

12. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date below. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us: