Privacy Policy
Last updated: February 26, 2026
1. Controller
The controller responsible for data processing on this website is: Tristan Doehl (sole proprietor), operating Teetrack.it, Adalbertsteinweg 210, 52066 Aachen, Germany. For privacy-related inquiries, please contact: privacy@teetrack.it. A Data Protection Officer has not been appointed.
2. Data Collected & Legal Bases
We collect and process the following personal data:
| Category | Data | Legal Basis |
|---|---|---|
| Account | Email address, hashed password | Art. 6(1)(b) GDPR -- contract performance |
| Time tracking | Time entries, descriptions, project assignments | Art. 6(1)(b) GDPR -- contract performance |
| Billing (Stripe) | Payment method details (processed by Stripe), invoices, subscription status | Art. 6(1)(b) GDPR -- contract performance; Art. 6(1)(c) GDPR -- legal obligation (retention) |
| Support submissions | Subject, message, and (for anonymous users) IP address | Art. 6(1)(f) GDPR -- legitimate interest (providing support) |
| Rate limiting | IP address (short-lived, not stored persistently) | Art. 6(1)(f) GDPR -- legitimate interest (security) |
| Session | Session cookie for authentication | Art. 6(1)(b) GDPR -- contract performance |
| Transactional emails (password reset, account confirmation) | Art. 6(1)(b) GDPR -- contract performance | |
| Server logs | IP address, user agent, timestamps (auto-deleted) | Art. 6(1)(f) GDPR -- legitimate interest (security, debugging) |
Providing this data is required to create and maintain your account and to use paid features. If you do not provide it, we cannot provide the service or process payments.
3. Sub-Processors
We use the following third-party services to operate Teetrack:
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing & subscription management | USA (SCCs / EU-US DPF) |
| Hetzner Online GmbH | Application and database hosting | Germany |
| kasserver.com (All-Inkl) | SMTP email delivery | Germany |
4. International Data Transfers
Stripe, Inc. is based in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) and, where applicable, Stripe's certification under the EU-US Data Privacy Framework (DPF). You can request a copy of the SCCs by contacting us at privacy@teetrack.it. All other processing takes place within the EU/EEA.
5. Data Retention
- Account data and time tracking entries are retained for the lifetime of your account. Upon account deletion, all personal data is removed within 30 days.
- Billing records and invoices are retained for the statutory retention period under German tax/commercial law (generally 8 years after the end of the calendar year in which they were created; in some cases 10 years).
- Server logs and rate-limiting data are automatically purged within 7 days.
- Support submissions are retained for up to 1 year after resolution. IP addresses stored with anonymous submissions are deleted within 90 days.
6. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority is the data protection authority of the German federal state in which the controller is established.
7. Cookies
Teetrack uses a single, strictly necessary session cookie to keep you logged in. We do not use any tracking, analytics, or advertising cookies. Because this cookie is essential to provide the service you requested, consent is not required under §25(2) TDDDG.
8. Security Measures
We protect your data with industry-standard measures including TLS encryption for all traffic, bcrypt password hashing, IP-based rate limiting, and role-based access controls. Payment data is handled entirely by Stripe and never touches our servers.
9. Automated Decision-Making
Teetrack does not use automated decision-making or profiling as defined in Art. 22 GDPR.
10. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email or an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.
11. Contact
If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us at: