Privacy Policy
TetaPi GmbH · Last updated: June 2026
Controller: TetaPi GmbH, Frankfurt am Main, Germany
Contact: hello@tetapi.dev
Data Protection Officer: hello@tetapi.dev
1. Scope
This privacy policy applies to all services operated by TetaPi GmbH under the domain tetapi.dev and its subdomains (app.tetapi.dev, api.tetapi.dev). It describes what personal data we collect, why, and your rights under the EU General Data Protection Regulation (GDPR / DSGVO).
2. Data we collect
We collect the following categories of data:
- Account data: email address, name, and the entity details you provide during registration (company name, registry number, entity type).
- Verification data: information submitted for the verification process, including official registry identifiers (e.g., Handelsregisternummer), certification IDs, and supporting documents.
- Usage data: log files including IP address, browser type, pages visited, and timestamps. These are stored for up to 30 days for security and operational purposes.
- API access data: API keys, request logs, and rate-limit counters for authenticated API users.
3. Legal basis for processing
- Contract performance (Art. 6(1)(b) GDPR): Processing your account and verification data is necessary to provide the TETA+PI verification service.
- Legitimate interests (Art. 6(1)(f) GDPR): Server logs and security monitoring to protect the integrity of the platform.
- Legal obligation (Art. 6(1)(c) GDPR): Retention of records required under German commercial and tax law.
4. Public verification data
Once verified, your entity profile (name, entity type, trust level, and registry reference) becomes publicly accessible via the TETA+PI API and search. This is the core function of the service — verified entities are discoverable by AI agents. By completing verification, you consent to this public display.
You may request removal of your entity profile at any time by contacting hello@tetapi.dev. Note that Bitcoin timestamps are immutable and cannot be deleted from the blockchain.
5. Data sharing
We do not sell personal data. We share data only in the following cases:
- Official registries: We query public government registries (Handelsregister, EU VAT, GLEIF, etc.) to verify your entity. No personal data is sent to these registries — we only query them using identifiers you provide.
- Infrastructure providers: We use DigitalOcean (data center: Frankfurt, EU) for hosting. All data is processed within the EU.
- Legal requirements: We may disclose data if required by law or court order.
6. Data retention
- Account and verification data: retained for the duration of your account, plus 10 years as required by German commercial law (§ 257 HGB).
- Server logs: 30 days.
- API logs: 90 days.
- Bitcoin timestamps: immutable, permanently public on the Bitcoin blockchain.
7. Your rights (DSGVO)
Under GDPR, you have the right to:
- Access (Art. 15): request a copy of all data we hold about you.
- Rectification (Art. 16): correct inaccurate data.
- Erasure (Art. 17): request deletion of your data, subject to legal retention obligations.
- Restriction (Art. 18): limit how we process your data.
- Portability (Art. 20): receive your data in machine-readable format.
- Object (Art. 21): object to processing based on legitimate interests.
To exercise any of these rights, email hello@tetapi.dev. We will respond within 30 days.
You also have the right to lodge a complaint with the German supervisory authority: Hessischer Beauftragter für Datenschutz und Informationsfreiheit, Wiesbaden.
8. Cookies
The main landing page (tetapi.dev) uses no cookies and loads no third-party analytics scripts. The application (app.tetapi.dev) uses only essential session cookies required for authentication. No advertising or tracking cookies are used.
9. Contact
For any privacy-related questions or requests:
TetaPi GmbH · Frankfurt am Main · hello@tetapi.dev