Privacy Policy

Last updated: 24 May 2026 · Effective: 24 May 2026

1. Who we are

Teckologs AI is operated by Teckologs Ltd ("we", "us", "our"). We provide an AI-powered document platform for any business — contracts, invoices, HR paperwork, and transport & trade documents — at teckologs.ai. For all privacy enquiries: teckologs@gmail.com.

We act as the data controller for personal data processed through this service. We comply with the EU General Data Protection Regulation (GDPR), and our practices also meet the standards of equivalent frameworks including the UK GDPR, California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide.

2. What data we collect

  • Account data: email address, name, company name, VAT/tax number, address, phone number
  • Document data: the details you enter into forms (party names, addresses, item/cargo descriptions, weights, amounts)
  • Usage & audit logs: which documents you generate, timestamps, IP addresses for security
  • Payment data: handled entirely by Stripe — we never store card numbers or banking details. We receive only a Stripe customer ID and subscription status.
  • Technical data: authentication session tokens (stored as HTTP-only cookies)

3. Legal basis for processing

  • Art. 6(1)(b) — Contract performance: account data, document data, and billing data processed to provide the service you contracted
  • Art. 6(1)(f) — Legitimate interest: security logging, fraud prevention, service reliability, and abuse detection
  • Legal obligation: retaining invoices and transaction records as required by applicable tax and accounting law in your jurisdiction (typically 5–10 years)

4. How we use your data

  • To generate business documents on your behalf using Claude AI (Anthropic API)
  • To store and retrieve your documents securely in Google Cloud Storage
  • To send transactional emails (account confirmation, invite notifications) via Resend
  • To process payments and manage subscriptions via Stripe
  • To detect and prevent abuse, brute-force attacks, and fraud
  • We do not sell your data to any third party
  • We do not use your document content to train AI models
  • We do not serve advertising or share data with advertising networks

5. Sub-processors and international data transfers

We use the following sub-processors. Cross-border data transfers rely on Standard Contractual Clauses (SCCs) or equivalent safeguards recognised under applicable data protection law.

  • Google Cloud Platform — database (Cloud SQL) and file storage (Cloud Storage). DPA
  • Anthropic (US) — AI document generation. Your form inputs are sent to Anthropic's API and subject to their privacy policy. Transfer: SCCs.
  • Stripe (US/EU) — payment processing. Stripe is certified under EU-US Data Privacy Framework. Privacy policy
  • Resend (US) — transactional email. Transfer: SCCs.

6. Data retention

  • Account & document data: retained while your account is active
  • On account deletion: all personal data and document files are deleted immediately (GCS files purged on request; database records deleted within the same request). Audit records are retained for 90 days for security purposes.
  • Financial records: payment transaction references retained for 7 years to comply with applicable tax and accounting law
  • Security logs: IP-based rate-limit counters are stored in-memory and cleared within 15–60 minutes

7. Your rights

  • Right of access (Art. 15): request a copy of your data via Settings → Export data
  • Right to rectification (Art. 16): update your details in Settings
  • Right to erasure (Art. 17): delete your account instantly via Settings → Danger zone. All data including GCS files is removed immediately.
  • Right to data portability (Art. 20): download a JSON export of all your data via Settings → Export data
  • Right to restrict processing (Art. 18): contact us
  • Right to object (Art. 21): contact us

To exercise any right, use our support form. We will respond within 30 days. California residents (CCPA) may also submit requests by emailing teckologs@gmail.com with "Privacy Request" in the subject line.

8. Cookies

We use only strictly necessary cookies required for authentication (HTTP-only session tokens, secure, SameSite=Lax). We do not use tracking, advertising, analytics, or third-party cookies. No cookie consent banner is required as we rely solely on essential cookies (GDPR recital 30 / ePrivacy Directive Art. 5(3)).

9. Security

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256 via Google Cloud)
  • Organization-level data isolation enforced in the database
  • API secrets and credentials stored in GCP Secret Manager — never exposed to the browser
  • Rate limiting applied to authentication and document generation endpoints
  • Authentication tokens are short-lived JWTs stored in secure cookies

10. Supervisory authority & complaints

Use our support form to reach us. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority (e.g. the ICO in the UK, your EU member state's supervisory authority, the FTC in the US, or your local equivalent).

11. Changes to this policy

We will notify you by email of material changes to this policy at least 30 days before they take effect. Continued use of the service after that period constitutes acceptance.