Taleshape Logo
← Back to Home

Privacy Policy

Last Updated: June 1, 2026

1. Introduction

Taleshape OÜ ("Taleshape", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use the Taleshape Cloud service.

We comply with the European Union's General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller:
Taleshape OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Registration number: 16962132
Email: contact@taleshape.com

2. What Data We Collect

We collect the following types of personal data:

Account Information

  • Email address (used for account creation and communication)
  • Account credentials (password, stored encrypted)
  • Organization name and contact details

Billing Information

  • Payment method information (processed by Stripe or Wise; we do not store full credit card numbers)
  • Billing address and tax information
  • Transaction history

Usage Data

  • Service usage metrics (dashboard views, query execution, feature usage)
  • Performance data (response times, system health)
  • Support interactions and correspondence

Technical Data

  • Server logs (IP addresses, timestamps, error messages)
  • Browser type and version
  • Device information

Your Analytics Data

The data you store and process in Shaper (your dashboards, queries, and connected data sources) remains yours. We do not access this data except as necessary to provide technical support that you request.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance: Processing necessary to provide the Service you signed up for
  • Legitimate Interest: Service improvement, security monitoring, and fraud prevention
  • Legal Obligation: Compliance with tax, accounting, and other legal requirements
  • Consent: For optional features like marketing communications (you can withdraw consent at any time)

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provisioning: Creating and managing your account, deploying your Shaper instance
  • Billing: Processing payments and maintaining billing records
  • Support: Responding to support requests and troubleshooting issues
  • Service Improvement: Analyzing usage patterns to improve features and performance
  • Security: Detecting and preventing fraud, abuse, and security incidents
  • Communication: Sending service updates, security alerts, and billing notifications
  • Legal Compliance: Meeting regulatory and legal obligations

5. Third-Party Data Processors

We work with trusted third-party service providers who process data on our behalf. All processors are GDPR-compliant and bound by data processing agreements.

Payment Processors

Stripe and Wise process payment transactions. They handle credit card information according to PCI-DSS standards. We do not store full credit card numbers.

Hosting Provider

Hetzner hosts our infrastructure in data centers within the European Union. Your data remains in the EU region you select.

Email Service Provider

We use email service providers to send transactional emails (account notifications, password resets, billing receipts).

We do not sell your data to third parties or use it for advertising purposes.

6. Data Retention

We retain your personal data as follows:

  • Active Accounts: Data is retained as long as your account remains active
  • After Cancellation: You have 7 days to export your data. After 7 days, all account data and backups are permanently deleted
  • Billing Records: Retained for 7 years as required by Estonian accounting and tax law
  • Server Logs: Retained for up to 90 days for security and troubleshooting purposes

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can request that we correct inaccurate personal data. You can update most information directly in your account settings.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data. This is automatically done 7 days after account cancellation.

Right to Data Portability

You can export your data from Shaper at any time in machine-readable formats.

Right to Object

You can object to processing based on legitimate interest. You can opt out of marketing communications at any time.

Right to Withdraw Consent

For processing based on consent, you can withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.

To exercise any of these rights, contact us at contact@taleshape.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit (TLS/SSL) and at rest
  • Access controls and authentication
  • Regular security audits and updates
  • Secure data centers with physical security measures
  • Employee training on data protection

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

For Taleshape Cloud customers, your data is hosted within the European Union (via Hetzner) and remains in the EU region you select.

For Pro and Enterprise customers with self-hosted deployments, data remains in your own infrastructure under your control.

Some third-party processors (such as payment processors) may be located outside the EU but are certified under appropriate data transfer mechanisms (such as EU Standard Contractual Clauses).

10. Cookies and Tracking

This website does not use cookies or client-side tracking technologies. We collect analytics data solely through server-side logs (IP addresses, timestamps, pages visited), which are covered in the Technical Data section above.

The Taleshape Cloud service uses session cookies only for essential functionality (authentication and session management). These are strictly necessary for the Service to function and are exempt from consent requirements under GDPR.

11. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before changes take effect.

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact for Data Privacy Matters

For questions about this Privacy Policy or to exercise your rights:

Taleshape OÜ
Sepapaja tn 6, 15551 Tallinn, Estonia
Email: contact@taleshape.com

To lodge a complaint with a supervisory authority:

Estonian Data Protection Inspectorate
Website: www.aki.ee/en