Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is: Stefan Maksimek, c/o Postflex #10590, Emsdettener Str. 10, 48268 Greven, Germany, Tel.: 01602497325, E-Mail: info@telvr.ai. The controller is the natural or legal person who decides, alone or jointly with others, on the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When you use our website for informational purposes only, i.e., if you do not register or provide us with information in any other way, we only collect data that your browser transmits to the server (so-called "server log files"). When you access our website, we collect the following data that are technically necessary to display the website to you:

• The website visited
• Date and time of access
• Amount of data transmitted in bytes
• Source/referrer from which you accessed the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymized form)

Processing is performed in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. Data is not forwarded or used in any other way. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock icon in your browser address bar.

3) Hosting & Content Delivery Network

Vercel

For hosting our website and displaying page content, we use the system of the following provider: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA.

All data collected on our website is processed on the provider's servers.

We have entered into a Data Processing Agreement (DPA) with the provider that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has committed to the EU-U.S. Data Privacy Framework (DPF), which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

4) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If personal data is processed by individual cookies we use, processing is performed in accordance with Art. 6(1)(b) GDPR either for the fulfillment of a contract, in accordance with Art. 6(1)(a) GDPR in the case of given consent, or in accordance with Art. 6(1)(f) GDPR to protect our legitimate interests in optimal website functionality and a customer-friendly and effective design of your website visit.

You can configure your browser to notify you when cookies are set and to decide individually whether to accept them, or you can exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be restricted.

5) Contact

In the context of contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of processing and answering your inquiry and only to the extent necessary.

The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, Art. 6(1)(b) GDPR also serves as the legal basis for processing. Your data will be deleted when it can be inferred from the circumstances that the matter at issue has been conclusively resolved and provided that no statutory retention obligations stand in the way.

6) Data Processing When Opening a Customer Account

In accordance with Art. 6(1)(b) GDPR, personal data is collected and processed to the extent required when you provide it to us when opening a customer account. You can find which data is required for account opening in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above address of the controller. After deletion of your customer account, your data will be deleted provided that all contracts concluded through it have been completely fulfilled, no statutory retention periods stand in the way, and we no longer have a legitimate interest in further storage.

7) Data Processing for Order Processing

7.1 To the extent necessary for contract processing for delivery and payment purposes, we transfer the personal data we collect in accordance with Art. 6(1)(b) GDPR to the commissioned transport company and the commissioned credit institution.

If we owe you updates for goods with digital elements or digital products on the basis of a corresponding contract, we process the contact data you provided when placing the order to inform you personally in accordance with our statutory information obligations in accordance with Art. 6(1)(c) GDPR. Your contact data is used strictly for the purpose of communicating updates we owe to you and is processed by us only to the extent necessary for the respective information.

To process your order, we further work with the following service provider(s) who support us in whole or in part in fulfilling concluded contracts. Certain personal data is transmitted to these service providers according to the information below.

7.2 Use of Payment Service Providers

PayPal

One or more online payment methods of the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If you select a payment method of this provider where you make an advance payment, your payment data provided in the course of the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are transferred to this provider in accordance with Art. 6(1)(b) GDPR. Data is transferred only for the purpose of payment processing with the provider and only to the extent required.

If you select a payment method where we make an advance payment, you will also be asked in the course of the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, if applicable data on an alternative payment method).

To protect our legitimate interest in determining your creditworthiness in such cases, this data is transferred by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. On the basis of the personal data you have provided and further data (such as shopping cart, invoice amount, order history, payment history), the provider checks whether the payment method you have selected can be granted in view of payment and/or default risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things, but not exclusively, address data.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may continue to be entitled to process your personal data if this is required for contractual payment processing.

Stripe

One or more online payment methods of the following provider are available on this website: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

If you select a payment method of this provider where you make an advance payment (such as credit card payment), your payment data provided in the course of the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are transferred to this provider in accordance with Art. 6(1)(b) GDPR. Data is transferred only for the purpose of payment processing with the provider and only to the extent required.

If you select a payment method where the provider makes an advance payment (such as invoice purchase, installment purchase, or direct debit), you will also be asked in the course of the order process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, phone number, if applicable data on an alternative payment method).

To protect our legitimate interest in determining the creditworthiness of our customers, this data is transferred by us to the provider in accordance with Art. 6(1)(f) GDPR for the purpose of a credit check. On the basis of the personal data you have provided and further data (such as shopping cart, invoice amount, order history, payment history), the provider checks whether the payment method you have selected can be granted in view of payment and/or default risks.

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. The calculation of score values includes, among other things, but not exclusively, address data.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may continue to be entitled to process your personal data if this is required for contractual payment processing.

8) Rights of Data Subjects

8.1 Applicable data protection law grants you the following data subject rights (rights to information and intervention) in relation to the controller with regard to the processing of your personal data, whereby the applicable legal basis cited applies to the respective conditions of exercise:

• Right of access in accordance with Art. 15 GDPR;
• Right to rectification in accordance with Art. 16 GDPR;
• Right to erasure in accordance with Art. 17 GDPR;
• Right to restrict processing in accordance with Art. 18 GDPR;
• Right to be informed in accordance with Art. 19 GDPR;
• Right to data portability in accordance with Art. 20 GDPR;
• Right to withdraw consent in accordance with Art. 7(3) GDPR;
• Right to lodge a complaint in accordance with Art. 77 GDPR.

8.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA. CONTINUED PROCESSING REMAINS RESERVED, HOWEVER, IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE AFFECTED DATA FOR DIRECT MARKETING PURPOSES.

9) Duration of Storage of Personal Data

The duration of storage of personal data is determined according to the respective legal basis, the processing purpose, and—if applicable—the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of explicit consent in accordance with Art. 6(1)(a) GDPR, the affected data is stored until you revoke your consent.

If statutory retention periods exist for data processed within the scope of legal or legal-like obligations on the basis of Art. 6(1)(b) GDPR, this data is routinely deleted after the expiration of the retention periods, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in continued storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object in accordance with Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purposes of direct marketing on the basis of Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object in accordance with Art. 21(2) GDPR.

Unless otherwise stated in the other information in this declaration regarding specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

10) Authentication and User Management

10.1 Use of Clerk

For authentication and user management in our desktop application, we use the service of the following provider: Clerk, Inc., 660 King Street, Unit 345, San Francisco, CA 94107, USA.

Clerk enables the registration, login, and session management of user accounts. When using the service, the following personal data is processed:

• Email address
• Name
• IP address
• Device information (browser, operating system)
• Session data (session tokens)

Processing of this data is performed in accordance with Art. 6(1)(b) GDPR for the fulfillment of a contract, as authentication is required for the use of our service.

Clerk is certified under the EU-U.S. Data Privacy Framework (DPF) (as of February 22, 2024), which, on the basis of an adequacy decision of the European Commission dated July 10, 2023, ensures compliance with the European level of data protection. Additionally, Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 have been established.

We have concluded a Data Processing Agreement (DPA) with Clerk that ensures the protection of your data and prohibits unauthorized disclosure to third parties.

EU Representative in accordance with Art. 27 GDPR: VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.

For further information on data protection at Clerk, please visit: https://clerk.com/legal/privacy

11) AI-Based Speech Processing

11.1 Use of Groq (Speech-to-Text)

For converting speech to text in our desktop application, we use the API of the following provider: Groq, Inc., P.O. Box 1778, Mountain View, California 94042, USA.

When using the speech-to-text function, audio data (voice recordings) is transmitted to Groq's servers and converted into text in real time. The following data is processed:

• Audio data (voice recordings)—exclusively for the purpose of transcription
• Request metadata (timestamp, language model)

Processing is performed in accordance with Art. 6(1)(b) GDPR for the fulfillment of a contract, as speech processing constitutes the core function of our service.

Important information on data processing at Groq:

• Audio data is standardly NOT permanently stored. Temporary storage of up to 30 days may occur for system reliability and abuse detection purposes.
• Groq is contractually prohibited from using your inputs or outputs for training AI models.
• Audio data is used exclusively for transcription, not for person identification based on voice.

For the transmission of personal data to the USA, Standard Contractual Clauses (SCCs) in accordance with Commission Implementing Decision (EU) 2021/914 (Module 2: Controller to Processor) have been established.

We have concluded a Data Processing Agreement (Customer Data Processing Addendum) with Groq.

EU Representative in accordance with Art. 27 GDPR: DP-Dock GmbH, Ballindamm 39, 20095 Hamburg, Germany, E-Mail: groq@gdpr-rep.com.

For further information on data protection at Groq, please visit: https://groq.com/privacy-policy-oct-15-2025

12) Database Hosting

12.1 Use of Neon

For hosting our database, we use the service of the following provider: Neon, LLC, 2128 Sand Hill Road, Menlo Park, California 94025, USA.

The database stores user data required for contract fulfillment, including:

• Account data (name, email address)
• Transaction data (balance top-ups, consumption)
• Usage data (settings, preferences)

Processing of this data is performed in accordance with Art. 6(1)(b) GDPR for the fulfillment of a contract.

Neon is certified under the EU-U.S. Data Privacy Framework (DPF) (including UK Extension and Swiss-U.S. DPF), which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection. Additionally, Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 have been established.

We have concluded a Data Processing Agreement (DPA) with Neon that ensures the protection of your data and prohibits unauthorized disclosure to third parties.

For further information on data protection at Neon, please visit: https://neon.com/privacy-policy

13) Backend Hosting

13.1 Use of Railway

For hosting our backend application, we use the service of the following provider: Railway Corp., San Francisco, California, USA.

All data transmitted through our application is processed on Railway's servers, including API requests, authentication data, and transaction data.

Processing is performed in accordance with Art. 6(1)(b) GDPR for the fulfillment of a contract and in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in reliable and secure operation of our application.

Railway is certified under the EU-U.S. Data Privacy Framework (DPF) (including Swiss-U.S. DPF), which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection.

We have concluded a Data Processing Agreement (DPA) with Railway.

For further information on data protection at Railway, please visit: https://railway.com/legal/privacy

14) DNS and Security Services

14.1 Use of Cloudflare

For DNS management and protection of our online presence, we use the service of the following provider: Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

When accessing our website and using our application, your requests are routed through Cloudflare's servers. The following data is processed:

• IP address
• HTTP request metadata (browser type, request time, requested URL)
• DNS query data

Processing is performed in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in protecting our online presence from misuse and ensuring reliable and secure accessibility.

Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF) (including UK Extension and Swiss-U.S. DPF), which, on the basis of an adequacy decision of the European Commission, ensures compliance with the European level of data protection. Additionally, Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 have been established.

We have concluded a Data Processing Agreement (DPA v6.3) with Cloudflare that ensures the protection of your data and prohibits unauthorized disclosure to third parties.

For further information on data protection at Cloudflare, please visit: https://www.cloudflare.com/privacypolicy/

15) Email Transmission

15.1 Use of All-Inkl (Transactional Emails)

For sending transactional emails (e.g., registration confirmations, payment receipts, account warnings), we use the SMTP service of the following provider: ALL-INKL.COM - Neue Medien Münnich, Owner René Münnich, Hauptstrasse 68, 02742 Friedersdorf, Germany.

Processing is performed in accordance with Art. 6(1)(b) GDPR for the fulfillment of a contract. Only data necessary for transmission is transferred to the email service provider (email address and message content).

As the provider is based in Germany, no third-country transfer occurs.