Privacy Policy

1. Overview of Data Protection

1.1 The following information provides a simple overview of what happens to your personal data when you use our Thymis Cloud platform or visit our website.

1.2 Personal data is any information that can be used to identify you personally.

1.3 Detailed information can be found in the sections below.

2. Controller

2.1 The controller responsible for data processing is Udysseus GmbH, Technologiepark 6, 33100 Paderborn, Germany.

2.2 Contact:

Phone: +49 5251 297 2162
Email: datenschutz@udysseus.com

2.3 The controller is the natural or legal person that determines, alone or jointly with others, the purposes and means of processing personal data.

3. Hosting and Infrastructure

3.1 Our platform is hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

3.2 All data is stored exclusively on servers located in Germany.

4. Data We Process

4.1 When visiting the website, we collect:

technical data (browser type, operating system, IP address, time of access)
server log files for system operation and security

4.2 When using the platform (SaaS), we process:

registration data (name, email address, password)
contract and billing data (plan, billing address, payment data via Stripe)
usage data (logins, API requests, device interactions)
communication data (emails, support requests)
project data (content, configurations, deployments that you upload or manage)

4.3 Payment processing is handled by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Privacy Policy: https://stripe.com/privacy

5. Purposes and Legal Bases of Processing

5.1 Contract performance (Art. 6(1)(b) GDPR): Provision of the platform, device management, support, billing

5.2 Legitimate interests (Art. 6(1)(f) GDPR): Operation, security, prevention of misuse, usage analysis

5.3 Consent (Art. 6(1)(a) GDPR, § 25 TTDSG): e.g., cookies, Google reCAPTCHA, newsletters

5.4 Legal obligations (Art. 6(1)(c) GDPR): Fulfillment of tax and commercial retention obligations

6. Data Retention

6.1 Your data will only be stored as long as necessary for the respective purpose.

6.2 Once the purpose ceases to apply, your data will be deleted unless legal retention periods require otherwise.

7. Data Security

7.1 We implement technical and organizational measures, including:

TLS/SSL encryption for all connections
access controls to platform and systems
backup and recovery mechanisms

8.1 Data is only shared if:

required for contract performance (e.g., payment processing with Stripe),
we are legally obliged to do so,
you have given your consent.

8.2 Transfers to third countries may occur when using services such as Google reCAPTCHA (USA) and only after your explicit consent.

9. Data Processing Agreements

9.1 With business customers, we provide a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR upon request.

10. Cookies and Tools

10.1 We use cookies that are technically necessary for operating the platform. Additional cookies are only set with your consent.

10.2 To protect against abuse, we use Google reCAPTCHA – but only after your explicit consent.
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
More information: Google Privacy Policy, Google Terms of Service.

11. Your Rights

11.1 You have the following rights:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7(3) GDPR)

11.2 You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).

12. Contact for Data Protection

12.1 For any data protection inquiries, please contact:
Email: datenschutz@udysseus.com

13. Changes

13.1 We reserve the right to amend this privacy policy if necessary, e.g., when new features are introduced or when legal requirements change.