Privacy Policy

Last updated: November 4, 2025

1. Introduction

At canapés, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using canapés, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you use our service, we may collect:

  • Phone number (WhatsApp contact information)
  • Email address (for account registration and communication)
  • Full name or display name
  • Payment information (processed securely by Stripe)
  • Billing address
  • Voice messages (when sent via WhatsApp, transcribed for course interaction)
  • Written messages and course responses
  • Contact form submissions (name, email, subject, message)
  • Feedback submissions

2.2 Usage Data

We automatically collect information about your interaction with our service:

  • Course enrollment and progress (day index, interaction index, status)
  • Quiz and test results
  • Message interactions and engagement metrics
  • Time stamps of activities (enrollment date, last interaction, completion date)
  • Subscription plan and status (free, pro, business)
  • Usage metrics (courses created, courses shared, total enrollments)
  • Device and browser information (user agent, screen resolution, language)
  • IP address (for security and fraud prevention)
  • Page views and navigation patterns
  • Language preferences and timezone settings

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information:

  • Authentication Cookies: Supabase auth cookies to maintain your logged-in session
  • Preference Cookies: Local storage for cookie consent preferences
  • Analytics Cookies: Google Analytics cookies to understand how visitors use our site (_ga, _gid, _gat)

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

3. How We Use Your Information

We use the collected information for various purposes, based on the following legal grounds:

3.1 Performance of Contract

  • To provide and maintain our service
  • To deliver learning content via WhatsApp
  • To track your learning progress and provide personalized feedback
  • To send you course-related messages and reminders
  • To process payments and manage subscriptions
  • To provide customer support

3.2 Legitimate Interests

  • To improve our service and develop new features
  • To analyze usage patterns and optimize the learning experience
  • To prevent fraud and ensure platform security
  • To enforce our terms and conditions
  • To conduct internal analytics and business intelligence

3.3 Consent

  • To send you marketing communications about updates and offers (you may withdraw consent at any time)
  • To use cookies for analytics and advertising (managed via cookie banner)

3.4 Legal Obligations

  • To comply with legal and regulatory requirements
  • To respond to legal requests and prevent illegal activity
  • To maintain records for tax and accounting purposes

4. Data Sharing and Third-Party Services

We share your information with third-party service providers to operate our service. These providers process data on our behalf under strict confidentiality agreements:

4.1 Essential Service Providers

  • Supabase (US): Database and authentication - stores all user data, course progress, and account information
  • Twilio (US): WhatsApp messaging - processes phone numbers, message content, and delivery status
  • OpenAI (US): AI processing - analyzes course content, user messages, quiz answers, voice transcriptions, and generates responses and course materials
  • Stripe (US): Payment processing - handles payment information, billing addresses, and subscription management

4.2 Analytics and Communication

  • Google Analytics (US): Website analytics - collects usage data, page views, and user behavior patterns
  • Resend (US): Email delivery - processes contact form submissions and feedback emails

4.3 Content Resources

  • Unsplash (US): Stock photography - we may retrieve images based on course topics (no personal data shared)

4.4 Other Disclosures

  • Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business
  • Legal Requirements: When required by law, court order, or governmental request, or to protect our rights, property, or safety
  • With Your Consent: When you explicitly consent to share your information

We do not sell your personal information to third parties.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers are located. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data from the European Economic Area (EEA) to other countries, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
  • Providers certified under relevant data protection frameworks
  • Technical and organizational security measures

By using our service, you acknowledge and consent to the transfer of your information to the United States and other countries for processing as described in this Privacy Policy.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Encryption in transit (HTTPS/TLS) and at rest for sensitive data
  • Secure authentication using Supabase Auth with password hashing
  • Rate limiting to prevent abuse and denial-of-service attacks
  • Input validation and sanitization to prevent injection attacks
  • Row-level security policies in our database
  • Regular security audits and updates
  • Restricted access to personal data on a need-to-know basis

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

7. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), the UK, or Switzerland, you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You can request copies of your personal data and information about how we process it
  • Right to Rectification: You can request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability: You can request a copy of your data in a structured, machine-readable format
  • Right to Object: You can object to our processing of your data for certain purposes, including direct marketing
  • Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority

To exercise these rights, please contact us at hello@tntventures.de. We will respond to your request within 30 days as required by GDPR.

For subscription management, you can also use your account settings or the Stripe Customer Portal to update payment information and cancel subscriptions.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Account Data: Retained while your account is active and for 90 days after account deletion or closure
  • Course Progress and Enrollment Data: Retained while you are actively enrolled in courses and for 2 years after course completion or abandonment
  • WhatsApp Messages: Retained for the duration of active course enrollment and up to 30 days after course completion
  • Transaction Records: Retained for 7 years for tax and legal compliance purposes
  • Subscription History: Retained for the duration of the subscription and 7 years thereafter for financial records
  • Contact Form and Feedback Submissions: Retained for 2 years or until the inquiry is resolved
  • Analytics Data: Anonymized and retained indefinitely for service improvement

When data is no longer needed, we securely delete or anonymize it. You may request earlier deletion by contacting us, subject to legal retention requirements.

9. Automated Decision-Making and AI Processing

We use artificial intelligence (OpenAI) to enhance your learning experience. This includes automated processing for:

  • Quiz Answer Interpretation: AI analyzes your quiz responses to determine which answer option you selected, even if you use natural language instead of option numbers
  • Response Classification: AI determines whether your input is a question, comment, or answer attempt to provide appropriate responses
  • Learning Feedback: AI evaluates your open-ended answers and provides personalized feedback
  • Question Answering: AI generates responses to your course-related questions based on course content
  • Voice Transcription: Voice messages are transcribed using OpenAI Whisper to enable text-based interaction
  • Course Generation: AI helps create course content from uploaded materials

These automated processes do not produce legal effects or similarly significantly affect you. They are designed to enhance your learning experience. You always have the option to contact us to discuss any AI-generated responses or request human review.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately at hello@tntventures.de, and we will take steps to remove such information from our systems.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this policy
  • For significant changes, sending you an email notification (if we have your email address)

You are advised to review this Privacy Policy periodically. Changes to this Privacy Policy are effective when posted on this page. Your continued use of our service after any changes constitutes your acceptance of the new Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all legitimate requests within 30 days. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

← Back to Home
Privacy Policy | canapés