Privacy Policy

Effective as of: January 1, 2025

The German version of this privacy policy is legally binding. An English version is available here.

Deutsch

1. Controller

The controller responsible for data processing on this website is:

Tecsteps GmbH
Breitscheidstr. 42
16321 Bernau near Berlin
Germany

Represented by: Fabian Wesner
Email: [email protected]
Commercial Register: HRB 18540 FF
Register Court: District Court Frankfurt (Oder)
VAT ID: DE341723281

2. General Information on Data Protection

The protection of your personal data is of particular concern to us. We process your data exclusively on the basis of legal provisions, in particular the General Data Protection Regulation (GDPR) and the Telemedia Act (TMG).

This privacy policy informs you about the type, scope, and purpose of the collection and use of personal data on our VentureTango platform.

Personal data is any information relating to an identified or identifiable natural person (e.g., name, email address, IP address).

3. Collection and Processing of Personal Data

3.1 When Visiting Our Website (without registration)

Server Log Files

With each access to our website, information is automatically collected that your browser transmits to our server. This data is temporarily stored in so-called server log files:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Amount of data transferred
  • Notification of successful retrieval (HTTP status code)
  • Browser type and version
  • User's operating system
  • Referrer URL (previously visited page)
  • Hostname of the accessing computer
  • User's provider

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

Purpose: This data serves exclusively to ensure trouble-free operation of the website, system security, and technical administration of our network infrastructure.

Storage period: Log files are automatically deleted after 14 days at the latest, unless security-relevant incidents require longer storage.

Disclosure: This data is not combined with other data sources. The data is not passed on to third parties unless we are legally obliged to do so or the disclosure serves to prosecute attacks on our network infrastructure.

3.2 During Registration and Use of an Account

When you register on VentureTango, we collect the following personal data:

Mandatory information:

  • Email address
  • Password (stored encrypted)
  • Name (first and last name)

Optional:

  • Phone number
  • Company/Organization
  • Location/Country
  • Additional profile information

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Purpose: The collection of this data is necessary to:

  • Provide you with a user account
  • Authenticate you and protect your account
  • Communicate with you (e.g., support, important notifications)
  • Provide our services

Storage period: Your account data is stored as long as your account is active. After deleting your account, the data will be deleted unless there are legal retention obligations.

3.3 Usage Data and Content You Enter

When you use VentureTango, we process the data you enter:

User Submissions:

  • Business ideas, descriptions, concepts
  • Market inputs, target group analyses
  • Budget information, strategic information
  • Uploaded documents and files
  • Notes and comments

Usage data:

  • Interactions with the platform (feature usage, clicks)
  • Session duration, frequency of use
  • Features and tools used
  • AI queries (prompts) and generated responses

Legal basis: Art. 6(1)(b) GDPR (contract performance)

Purpose:

  • Provision and improvement of our AI-powered services
  • Personalization of your experience
  • Analysis and optimization of the platform
  • Training and improvement of our AI models (anonymized only)

Storage period: Your user submissions are stored as long as your account is active or until you delete them. Usage data is anonymized after a maximum of 24 months.

Important: Your inputs are treated confidentially. We do not sell your data to third parties and do not use it to develop competing products against you.

4. Disclosure of Data to Third Parties / Third-Party AI Services

4.1 AI Service Providers

VentureTango uses various AI models and APIs from third-party providers to provide our services:

AI providers used:

  • OpenAI (GPT models)
  • Anthropic (Claude)
  • Google (Gemini)
  • xAI (Grok)
  • Perplexity AI

Type of data transmission:
When you use our AI features, your inputs (prompts) are transmitted to these third-party providers to generate AI-generated responses.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in providing intelligent services)

International data transfer:
Some of these providers operate servers outside the European Union (e.g., in the USA). Data transmission is based on:

  • Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR
  • Adequacy decisions of the EU Commission (e.g., EU-US Data Privacy Framework)
  • Additional technical and organizational measures to protect your data

Privacy policies of AI providers:

Important: These providers process your data in accordance with their own privacy policies. We have concluded data processing agreements (DPA) with all providers, where available.

4.2 Hosting Providers

Our website and infrastructure are hosted by:

Web Server Hosting:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Website: https://www.hetzner.com
Privacy Policy: https://www.hetzner.com/legal/privacy-policy

Database Hosting:
Neon (Neon, Inc.)
77 Sutter Street
San Francisco, CA 94104
USA

Website: https://neon.tech
Privacy Policy: https://neon.tech/privacy-policy

Processed data: All data collected on our website is stored on the servers of our hosting providers. This includes:

  • Account data and user profiles
  • User submissions (business ideas, documents)
  • Usage data and log files
  • Session data

Server location:

  • Hetzner: Germany (GDPR-compliant, no third country transfer)
  • Neon: Although Neon is a US company, our database instances are operated on servers in Germany (EU region Frankfurt). No third country transfer takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, reliable, and performant hosting)

Data processing agreements: Data processing agreements (DPA) exist with both hosting providers in accordance with Art. 28 GDPR, ensuring that your data is processed exclusively according to our instructions.

4.3 Payment Service Provider (if applicable)

If you purchase a paid subscription, we use the following payment service provider:

Lemon Squeezy
Lemon Squeezy LLC
251 Little Falls Drive
Wilmington, DE 19808
USA

Website: https://www.lemonsqueezy.com
Privacy Policy: https://www.lemonsqueezy.com/privacy

Processed data: Payment information (credit card data, bank details, PayPal data) is processed directly by Lemon Squeezy. We only receive the necessary information for processing:

  • Transaction status
  • Order number
  • Last 4 digits of payment method
  • Buyer's name and email address
  • Billing address

Legal basis: Art. 6(1)(b) GDPR (contract performance)

International data transfer: Lemon Squeezy is based in the USA. Data transmission is based on Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR and the EU-US Data Privacy Framework.

Merchant of Record: Lemon Squeezy acts as "Merchant of Record" for all payments. This means that Lemon Squeezy assumes legal responsibility for payment processing, including VAT, invoicing, and compliance.

4.4 No Further Data Disclosure

We do not pass on your personal data to third parties, except:

  • It is necessary for contract performance (see above)
  • You have expressly consented (Art. 6(1)(a) GDPR)
  • We are legally obliged to do so (Art. 6(1)(c) GDPR)
  • It is necessary to protect our legitimate interests and your interests do not override (Art. 6(1)(f) GDPR)

5. Cookies and Similar Technologies

5.1 What are Cookies?

Cookies are small text files that are stored on your device and contain certain information. They serve to make our website more user-friendly and effective.

5.2 Which Cookies Do We Use?

Technically necessary cookies:
These cookies are essential for the basic functions of the website:

  • Session cookie to maintain your login
  • Cookie to store your cookie settings
  • Security cookies to prevent Cross-Site Request Forgery (CSRF)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in proper operation)

Storage period: These cookies are deleted after the browser session ends or after a maximum of 30 days.

We do not use analytics or marketing cookies.

5.3 Cookie Management

You can adjust your cookie settings at any time via our cookie banner or delete cookies in your browser settings:

  • Chrome: Settings > Privacy and security > Cookies
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Settings > Privacy > Cookies and Website Data
  • Edge: Settings > Cookies and Site Permissions

Note: Deactivating cookies may limit the functionality of our website.

6. Your Rights as a Data Subject

In accordance with the GDPR, you have the following rights:

6.1 Right of Access (Art. 15 GDPR)

You have the right to obtain information about the personal data we process about you, including:

  • Processing purposes
  • Categories of data processed
  • Recipients or categories of recipients
  • Planned storage period
  • Your rights (rectification, deletion, restriction, objection)
  • Right to lodge a complaint with a supervisory authority
  • Origin of the data (if not collected from you)
  • Information on automated decision-making including profiling

6.2 Right to Rectification (Art. 16 GDPR)

You have the right to request immediate rectification of incorrect or completion of incomplete personal data.

6.3 Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data if:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis
  • You object to processing and there are no overriding legitimate grounds for processing
  • The data has been unlawfully processed
  • Erasure is necessary to fulfill a legal obligation

Exceptions: The right to erasure does not exist if processing is necessary:

  • To fulfill legal obligations
  • For the establishment, exercise, or defense of legal claims

6.4 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing if:

  • The accuracy of the data is contested by you (for the duration of verification)
  • Processing is unlawful and you request restriction instead of erasure
  • We no longer need the data, but you need it for legal claims
  • You have objected (for the duration of verification)

6.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to transmit it to another controller, provided that:

  • Processing is based on consent or a contract
  • Processing is carried out by automated means

6.6 Right to Object (Art. 21 GDPR)

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (legitimate interest).

We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Objection to direct marketing:
If we process your data for direct marketing purposes, you have the right to object at any time. After your objection, we will no longer use your data for direct marketing purposes.

6.7 Right to Withdraw Consent (Art. 7(3) GDPR)

If processing is based on consent, you have the right to withdraw it at any time. The lawfulness of processing carried out until withdrawal remains unaffected.

6.8 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

Competent supervisory authority:

The State Commissioner for Data Protection and the Right to Inspect Files Brandenburg
Stahnsdorfer Damm 77
14532 Kleinmachnow
Germany

Phone: +49 33203 356-0
Email: [email protected]
Website: https://www.lda.brandenburg.de

You can also contact the data protection authority of your place of residence or workplace.

7. Exercising Your Rights

To exercise any of the above rights, please contact us:

Email: [email protected]
Subject: Privacy Request - [Your Concern]

Please provide:

  • Your full name
  • Your email address registered with us
  • Which right you wish to exercise
  • If applicable, additional information for identification

We will respond to your request within one month. In complex cases, this period may be extended by an additional two months. In this case, we will inform you about the delay and the reasons.

Identity verification: To protect your data, we may ask you to verify your identity before we comply with your request.

8. Data Security

We implement technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons:

Technical measures:

  • SSL/TLS encryption for all data transmissions (HTTPS)
  • Encrypted storage of passwords (hashing with bcrypt/Argon2)
  • Regular security updates and patches
  • Firewall systems and intrusion detection
  • Regular backups

Organizational measures:

  • Access to personal data only for authorized employees
  • Confidentiality commitments for all employees
  • Regular training on data protection
  • Data protection impact assessments for high-risk processing

Important: Data transmission over the Internet can have security gaps. Complete protection against access by third parties is not possible.

9. Storage Period

We store personal data only as long as necessary for the respective purposes or as required by legal retention obligations:

Data Type Storage Period
Account data Until account deletion + 30 days
User submissions Until manual deletion by you or account deletion
Usage data 24 months, then anonymization
Server log files 14 days
Payment data According to tax retention requirements (10 years)
Support requests 36 months after completion

After expiry of the storage period, data is routinely deleted unless there is a legal retention obligation or another legal reason for further storage.

10. Automated Decision-Making and Profiling

We do not use automated decision-making within the meaning of Art. 22 GDPR that has legal effects on you or similarly significantly affects you.

AI-generated content:
The suggestions and analyses generated by our AI tools serve exclusively for support and information. They do not make automated decisions about you. The final decision on using the AI outputs always rests with you.

11. Minors

Our service is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you discover that a minor has transmitted personal data to us, please contact us at [email protected] so that we can delete the data.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to adapt it to changed legal situations or changes to our services.

For significant changes we will inform you:

  • By email to your registered email address
  • Through a notice on the website
  • Through a notification at your next login

You can always find the current version on this page. The date of the last update is stated at the top.

Your continued use after the changes take effect is considered acceptance of the updated terms, unless the changes are substantial or significantly affect your rights.

13. Data Protection Contact

If you have questions about data protection, exercising your rights, or complaints, please contact:

Tecsteps GmbH
Data Protection
Breitscheidstr. 42
16321 Bernau near Berlin
Germany

Email: [email protected]

We endeavor to respond to your inquiry within 48 hours (on business days).

14. External Links

Our website may contain links to third-party websites (e.g., market research databases, business intelligence platforms). We have no influence on the content and data protection practices of these external sites. Please inform yourself there about the respective privacy policies.

Status of this privacy policy: January 2025

Thank you for your trust in VentureTango!