Privacy Policy

Last updated: March 5, 2026

This Privacy Policy explains how ToolTogether processes personal data when you use the platform.

1. Data Controller

Controller under Art. 4(7) GDPR:
Holger Krupp
Schilfweg 35, 21614 Buxtehude, Germany
holger@tooltogether.eu

2. What We Process

• Account data: email, public username, passkey credential identifiers and metadata.
• Profile data: display name, preferred language, home address and coordinates you provide.
• Offer data: title, description, category/model, photos, offer location data.
• Messaging data: message content, sender/recipient metadata, timestamps, read status.
• Moderation/safety data: reports, moderation actions, and related logs.
• Technical data: server logs required for security and service operation.

3. Purposes and Legal Bases (Art. 6 GDPR)

• To provide the service (account, offers, messaging): Art. 6(1)(b) GDPR (contract/performance).
• To secure the service and prevent abuse: Art. 6(1)(f) GDPR (legitimate interests).
• To comply with legal obligations: Art. 6(1)(c) GDPR.
• Where consent is required (if applicable): Art. 6(1)(a) GDPR.

4. Location and Privacy by Design

Your home location is used to show relevant nearby offers and distance calculations. Exact offer coordinates are not publicly exposed to other users by default. The platform shows reduced/approximate location information to protect user privacy.

5. Recipients and Processors

We share data only where necessary to operate the platform (e.g., hosting/infrastructure providers) and under data processing agreements where required by Art. 28 GDPR.

6. International Transfers

If personal data is transferred outside the EEA, we apply appropriate safeguards (for example, adequacy decisions or standard contractual clauses), unless another lawful transfer mechanism applies.

7. Retention

• Account and profile data: retained while your account is active.
• Offers and messages: retained while needed for service operation, moderation, and legal defense.
• Security and technical logs: retained for a limited period required for security and troubleshooting.

Exact retention schedules: [insert retention schedule].

8. Your Rights

Under GDPR, you may have rights to access, rectification, erasure, restriction, portability, and objection (Arts. 15–21 GDPR), and the right to withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), for example in your place of residence/work or where the infringement is alleged.

9. Security

We apply technical and organizational measures to protect personal data, including access controls, transport security where applicable, and role-based moderation access.

10. Cookies / Local Storage

The platform stores essential session information and settings (for example, authentication token and language preference) in browser storage to operate the service. If additional tracking technologies are added, this policy and consent mechanisms will be updated accordingly.

11. Legal Context (Germany / EU)

This policy is drafted with GDPR and applicable German digital-services framework in mind, including DDG and TDDDG requirements relevant to digital services.

12. Changes

We may update this Privacy Policy when legal or operational requirements change. Material changes will be communicated appropriately in the service.

Note: This is a practical template and should be reviewed by qualified legal counsel for your exact setup in Germany.

Back to ToolTogether