GDPR & NDPA Compliant

Privacy Policy

Version 3.0 Effective 1 March 2026 Tailorte — Devpitch UG (haftungsbeschränkt)
01

Introduction §

This Privacy Policy explains how Tailorte — Devpitch UG (haftungsbeschränkt) ('Tailorte', 'we', 'us') collects, uses, processes, stores, and protects personal data when you use our mobile application, website, and related services.

We comply with the General Data Protection Regulation (GDPR) and the Nigeria Data Protection Act (NDPA) 2023 where applicable.

Because Tailorte is available to users worldwide, local privacy, consumer protection, cookie, and marketing rules may also apply depending on your country or region. Where local law grants you additional protections, we will apply those protections to the extent required.

Effective Date: 23 February 2026. Last updated: 1 June 2026.

02

Data Controller §

Tailorte — Devpitch UG (haftungsbeschränkt) is the data controller responsible for your personal data.

Tailorte — Devpitch UG (haftungsbeschränkt) — Germany
Privacy enquiries: hello@tailorte.com  |  privacy@tailorte.com

04

Categories of Data We Collect §

Account Data §

NameEmail addressPhone numberUsernameProfile photoDate of birthGenderCountry

Phone Number: Used exclusively to match users to customer records within the Tailorte backend system. Not shared with third parties.

Email Address: Used for account management and communications only.

Gender: Used solely for anatomical style matching. Processed internally, never shared.

Date of Birth: Used for age verification. May be used in anonymised aggregated analytics.

Country: May be publicly displayed for transparency and fraud prevention.

Third-Party Sign-In Data (Google & Apple) §

Name (from provider)Email address (from provider)Provider user ID

When you register or log in via Google Sign-In or Sign in with Apple, the respective provider shares your name, email address, and a unique account identifier with Tailorte solely for the purpose of creating or authenticating your account. Tailorte does not receive or store your password from these providers. No additional data is requested from or stored from these providers beyond what is listed above.

Calendar & Appointment Data (Business Accounts) §

Google Calendar event IDGoogle Meet / Hangout link (virtual appointments only)

For business users who connect Google Calendar, Tailorte stores only the event ID returned by the Google Calendar API when a calendar event is created upon acceptance of a client appointment, and — where the appointment is a virtual meeting — the Google Meet / Hangout link generated at event creation. This data is used solely to: (a) share the meeting link with both the business user and their client within Tailorte; and (b) cancel the calendar event if the appointment is subsequently cancelled on Tailorte. Tailorte does not read, access, or store any other calendar data. Both the event ID and meeting link are permanently deleted from Tailorte's servers when the appointment is cancelled, the event is deleted by the user within Tailorte, or the user's Tailorte account is deleted.

Location Data §

Exact location (proximity suggestions)Country (public profile)

Exact location data is used only to power proximity-based service suggestions and is not shared with third parties.

Usage & Content Data §

App interactionsSearch queriesEngagement metricsPosts & portfoliosSaved contentComments

Device & Technical Data §

IP addressDevice typeOperating systemApp versionBrowser typeSession cookies

Push Notification Data §

Push notification token (FCM / APNs)

Push tokens are used solely to deliver notifications you choose to receive. You may disable push notifications at any time in your device settings.

05

Analytics & Advertising Measurement §

We use analytics and measurement technologies on our app and website to understand service performance, improve user experience, measure campaign effectiveness, and understand how users discover and interact with Tailorte.

These services may include Firebase Analytics (Google LLC), the Meta Pixel, and the TikTok Pixel. On our website, Meta Pixel and TikTok Pixel are loaded only after a user has granted consent for analytics cookies through our cookie consent banner where such consent is required by law.

  • Firebase Analytics may collect usage data, device information, approximate location, and app performance metrics to help us improve app functionality and user experience.
  • Meta Pixel and TikTok Pixel may collect or receive technical and usage information from your browser or device, such as IP address, browser type, device information, pages viewed, referral URL, session information, clicks, and events relating to website interactions.
  • These tools help us understand aggregated usage trends, campaign attribution, conversion measurement, and the effectiveness of marketing channels.
  • We do not sell your personal data. However, data collected through advertising and measurement technologies may be processed by third-party providers under their own roles as independent controllers or service providers, depending on the applicable product and jurisdiction.
  • Where legally required, the lawful basis for these website analytics and marketing technologies is your consent. Where consent is not legally required, we rely on our legitimate interests in operating, securing, and improving the platform, subject to applicable law.

Google, Meta, and TikTok may process certain information outside your country of residence. Their processing is governed by their own privacy terms, platform documentation, contractual safeguards, and any applicable international transfer mechanisms.

06

Push Notifications §

We use Firebase Cloud Messaging (FCM) to deliver push notifications. For iOS devices, notifications are also routed via Apple Push Notification Service (APNs).

  • Push tokens are used only to send notifications you choose to receive.
  • No notification content is stored beyond delivery.
  • You may disable push notifications at any time in your device settings.
07

Hosting & Infrastructure §

Our infrastructure and primary databases are hosted on Amazon Web Services (AWS) servers located in Ireland (European Union).

  • Core user data is stored within the European Economic Area (EEA).
  • AWS acts as a data processor under GDPR Article 28, bound by a Data Processing Agreement.
  • Backups and failover systems are also maintained within the EEA.
08

International Data Transfers §

Certain service providers — including Google (Firebase), Meta, TikTok, and Apple (APNs) — may process limited data outside the EEA. Because Tailorte serves users globally, data may be accessed or processed in multiple jurisdictions where our providers operate. Where such transfers occur, appropriate safeguards are applied:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions recognised by the European Commission where applicable.

For users in Nigeria, cross-border transfers comply with the Nigeria Data Protection Act (NDPA) 2023 and the NDPC's transfer framework.

09

Data Sharing §

Tailorte does not sell, rent, trade, or monetise personal data under any circumstances.

Data is shared only in the following limited circumstances:

Service processors
Contracted hosting (AWS), analytics (Firebase), website analytics and advertising measurement partners (including Meta Pixel and TikTok Pixel where consent has been granted), notification (FCM/APNs), and calendar integration (Google Calendar API) providers, bound by contractual and legal obligations appropriate to their role. Google Calendar is used solely to create and cancel appointment events on behalf of business users who have explicitly granted calendar access.
Platform and ad measurement partners
Where you consent to analytics or marketing cookies on our website, limited browser, device, and interaction data may be transmitted to providers such as Meta and TikTok for campaign attribution, audience measurement, fraud prevention, and service analytics in accordance with their platform terms and privacy notices.
Legal requirements
Where required by valid court order, law enforcement request, or statutory obligation.
Business transfer
In the context of a merger, acquisition, or asset sale, subject to confidentiality obligations. Users will be notified.
10

Data Retention §

Personal data is retained only as long as necessary to:

  • Provide the platform services you use.
  • Comply with applicable legal retention obligations.
  • Resolve disputes and enforce our policies.
  • Prevent fraud and protect platform security.

When you delete your account, public profile content is removed within 30 days. Anonymised aggregate data may be retained for analytics for up to 24 months. Legal compliance records may be retained for up to 7 years.

Calendar data: Google Calendar event IDs and Google Meet / Hangout links are deleted from Tailorte's servers immediately upon the earliest of: appointment cancellation by the business user, manual event deletion within Tailorte, or account deletion. No calendar data is retained beyond these events.

You may request deletion by contacting hello@tailorte.com.

11

Data Security §

Tailorte implements the following safeguards to protect personal data:

  • Encryption of data in transit using TLS.
  • Secure cloud hosting on AWS (EEA) with access controls and monitoring.
  • Password hashing using industry-standard algorithms.
  • Regular security reviews and vulnerability assessments.

While no internet system can guarantee complete security, we apply industry-standard safeguards and will notify affected users and supervisory authorities in the event of a data breach, as required by GDPR Article 33 (within 72 hours of discovery).

🔒 Security issues: security@tailorte.com
12

Automated Decision-Making §

Tailorte does not engage in automated decision-making that produces legal or similarly significant effects under GDPR Article 22. Content recommendations and feed curation are algorithmic but do not result in legally significant decisions about you.

13

Children's Privacy §

Tailorte is not intended for children below the legally required minimum age (16 in most jurisdictions; higher where required by local law).

If we discover or are notified that we have unlawfully collected personal data from a child below the minimum age, we will delete that data promptly.

If you believe a child has provided personal data to Tailorte without appropriate consent, please contact privacy@tailorte.com.

14

Your Rights (GDPR & NDPA) §

Under the GDPR and the Nigeria Data Protection Act 2023, you have the following rights:

Right of Access
Obtain a copy of personal data we hold about you (GDPR Art. 15; NDPA s.34).
Right to Rectification
Request correction of inaccurate or incomplete data (GDPR Art. 16).
Right to Erasure
Request deletion of your data where retention is no longer necessary — 'Right to be Forgotten' (GDPR Art. 17).
Right to Restriction
Request that we limit how we process your data in certain circumstances (GDPR Art. 18).
Right to Portability
Receive your data in a structured, machine-readable format (GDPR Art. 20).
Right to Object
Object to processing based on legitimate interests or for direct marketing (GDPR Art. 21).
Withdraw Consent
Withdraw consent at any time without affecting prior processing (GDPR Art. 7(3)).
Lodge a Complaint
File a complaint with an EU supervisory authority (e.g. Germany's BfDI) or the Nigeria Data Protection Commission (NDPC).

To exercise any right, contact privacy@tailorte.com. We will respond within 30 days (GDPR) or as required by the NDPA.

15

Cookies & Tracking §

Tailorte uses cookies, pixels, local storage, and similar technologies on its website. On first visit, users are presented with a cookie consent banner. Categories:

Strictly Necessary
Essential to platform functionality, security, fraud prevention, and preference storage. These cannot be disabled through the cookie banner.
Performance & Analytics
Tools such as Firebase Analytics, Meta Pixel, TikTok Pixel, and similar measurement technologies used to understand site usage, campaign effectiveness, conversions, and product performance. Where required by law, these load only after your consent.
Personalisation
Enable content recommendations, user experience improvements, and preference memory.

Depending on your jurisdiction, analytics and advertising technologies may be treated as analytics cookies, marketing cookies, or similar regulated technologies. You may accept, reject, or later withdraw consent through the Privacy Settings menu, or by adjusting your browser settings. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

If you are located in a region that requires prior consent for non-essential cookies or advertising technologies, Tailorte will seek that consent before loading those technologies on the website.

16

Changes to This Policy §

We may update this Privacy Policy periodically. Updates will be reflected with a revised Effective Date at the top of this page. For material changes, we will notify you via in-app notification or email at least 14 days in advance.

Continued use of the platform after the effective date of changes constitutes acceptance.

17

Contact §

For all privacy-related matters:

hello@tailorte.com — General enquiries
privacy@tailorte.com — Privacy & data rights
📞 Phone (EU, Berlin): +49 152 171 23159