Traivis

Privacy Policy

Last updated: March 24, 2026

1. Controller and Contact

The data controller responsible for processing your personal data is:

Traivis.app by Berlin Notebook
℅ Dr. Peter Koval
Brunnenstr. 164
10119 Berlin, Germany
Email: privacy@traivis.app

Traivis.app ("Traivis", "we", "us", or "our") operates the website traivis.app and the application at app.traivis.app. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or use our AI visibility monitoring service.

2. What Personal Data We Collect

2.1 Account Data

When you create an account, we collect the email address you provide during registration. Authentication is handled via magic link (one-time email code) or email and password. We do not collect your real name, phone number, or physical address during registration.

2.2 Billing Data

If you subscribe to a paid plan, payment information (credit card details, billing address) is collected and processed directly by our payment provider Stripe. We do not store your full credit card number on our servers. We receive and store only your Stripe customer ID and subscription status to manage your plan.

2.3 Service Data

When using Traivis, you provide brand names, website URLs, competitor names, and website URLs for tracking purposes. This data relates to companies and is generally not personal data. However, if a sole trader's personal name is also their brand name, it may constitute personal data under GDPR, in which case we process it on the legal basis described in Section 3.

2.4 Usage Data

We collect anonymized usage data through Vercel Analytics and Vercel Speed Insights. These tools do not use cookies, do not track users across websites, and do not collect personally identifiable information. Data collected includes page views, referrer URLs, browser type, device type, country-level geolocation, and page load performance metrics.

2.5 Error Tracking Data

We use Sentry for application error monitoring. Sentry is configured with sendDefaultPii: false, meaning no personally identifiable information (such as IP addresses or user names) is included in error reports. Only technical error details (stack traces, browser metadata, error messages) are transmitted.

2.6 Authentication Cookies

When you log in to app.traivis.app, our authentication provider Supabase sets session cookies that are strictly necessary to keep you signed in and to secure your session. These cookies are not used for tracking or advertising. No consent is required for these cookies under GDPR and the TTDSG, as they are essential for the service you have requested.

2.7 Local Storage

We use your browser's local storage to save your light/dark theme preference. This is a functional preference that does not contain personal data and does not leave your device.

3. Legal Basis for Processing (Art. 6 GDPR)

We process your personal data on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing your email address and service data is necessary to provide you with the Traivis service, including account creation, authentication, project setup, and delivery of weekly reports.
  • Performance of a contract (Art. 6(1)(b) GDPR): Processing billing data via Stripe is necessary to fulfil your subscription and handle payments.
  • Legitimate interest (Art. 6(1)(f) GDPR): Collecting anonymized usage analytics via Vercel Analytics and Speed Insights to understand how our service is used, improve performance, and fix issues. Our legitimate interest is to maintain and improve our service. You can object to this processing at any time (see Section 8).
  • Legitimate interest (Art. 6(1)(f) GDPR): Error tracking via Sentry to ensure service reliability and resolve technical issues. No personal data is included in error reports.
  • Legal obligation (Art. 6(1)(c) GDPR): Retaining invoicing and transaction records as required by German tax and commercial law.

4. Third-Party Processors and Data Sharing

We do not sell your personal data. We share data only with the following processors who act on our behalf under data processing agreements:

4.1 Supabase (Database & Authentication)

Our database and authentication system is hosted on Supabase's EU infrastructure. Supabase stores your email address, hashed password (if applicable), and session data. Supabase processes data within the European Union.

4.2 Vercel (Hosting, Analytics & Speed Insights)

Our website and application are hosted on Vercel. Vercel Analytics collects anonymized, cookieless page view data. Vercel Speed Insights collects anonymized page performance metrics. Vercel Inc. is based in the United States. Data transfers are covered by Vercel's Data Processing Addendum and the EU–US Data Privacy Framework (DPF). For details, see Vercel's Privacy Policy.

4.3 Stripe (Payment Processing)

Stripe processes all payment transactions. When you subscribe to a paid plan, your payment details are collected and processed by Stripe directly. Stripe Inc. is based in the United States and is certified under the EU–US Data Privacy Framework. For details, see Stripe's Privacy Policy.

4.4 Amazon Web Services — SES (Email Delivery)

We use Amazon Simple Email Service (SES) in the EU region (eu-west-1) to send transactional emails, including magic link authentication emails, weekly reports, and team invitation emails. AWS processes the recipient's email address for delivery purposes only. For details, see AWS's Privacy Notice.

4.5 Sentry (Error Monitoring)

Sentry receives technical error reports from our application. As described in Section 2.5, these reports do not contain personally identifiable information. Sentry is operated by Functional Software Inc. in the United States. Data transfers are covered by Standard Contractual Clauses (SCCs). For details, see Sentry's Privacy Policy.

4.6 Folk (Customer Relationship Management)

We use Folk as our CRM to manage business relationships. If you contact us or become a customer, your email address and company name may be stored in Folk for communication and support purposes. Folk SAS is based in France and processes data within the European Union. For details, see Folk's Privacy Policy.

5. International Data Transfers

Some of our processors are based in the United States (Vercel, Stripe, Sentry). For these transfers, we rely on:

  • The EU–US Data Privacy Framework (DPF) adequacy decision by the European Commission (for certified providers including Vercel and Stripe).
  • Standard Contractual Clauses (SCCs) approved by the European Commission as an additional safeguard where applicable.

Your core data (account data, service data) is stored in the EU via Supabase. Transactional emails are processed within the EU via AWS SES (eu-west-1).

6. Cookies and Similar Technologies

We use a minimal set of cookies and storage technologies:

  • Authentication session cookies (strictly necessary): Set by Supabase when you log in to app.traivis.app. These are required for the service to function and do not require consent.
  • Theme preference (functional): Stored in your browser's local storage to remember your light/dark mode choice. This does not contain personal data.

We do not use advertising cookies, tracking pixels, social media embeds, or any third-party cookies. Our analytics (Vercel Analytics) is entirely cookieless.

7. Social Media Presence

We maintain company profiles on YouTube and LinkedIn. These platforms are not embedded on our website — no social media scripts, tracking pixels, or widgets are loaded when you visit traivis.app or app.traivis.app. If you visit our social media profiles, the respective platform's privacy policy applies. We are not responsible for data processing carried out by these platforms.

8. Your Rights Under GDPR

As a data subject, you have the following rights. To exercise any of these rights, contact us at privacy@traivis.app.

  • Right of access (Art. 15 GDPR): You can request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You can request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your personal data. You can also delete your account directly in the application under Account Settings. Account deletion is a soft delete with a 30-day grace period, after which all personal data and associated workspace data is permanently removed.
  • Right to restriction of processing (Art. 18 GDPR): You can request that we restrict the processing of your personal data under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You can request to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR): You can object to processing based on legitimate interest at any time. This includes the right to object to our use of Vercel Analytics.
  • Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for our business is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, www.datenschutz-berlin.de.

9. Data Retention

  • Account data: Retained for as long as your account is active. After you initiate account deletion, data is retained for 30 days (grace period) before permanent deletion.
  • Billing records: Invoicing and transaction data is retained for 10 years as required by German tax law (§ 147 AO, § 257 HGB).
  • Usage analytics: Vercel Analytics data is anonymized and aggregated. We do not retain individual-level analytics data.
  • Error logs: Sentry retains error reports for 90 days by default.
  • Email delivery logs: AWS SES delivery logs are retained for operational purposes and are automatically purged in accordance with our AWS configuration.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS/HTTPS) for all data communication.
  • Row-level security (RLS) policies in our database to ensure strict workspace isolation.
  • Authentication via secure, httpOnly session cookies.
  • Server-side authorization checks on all API routes and data access.
  • Rate limiting on API endpoints to prevent abuse.
  • No storage of plaintext passwords — all passwords are hashed by Supabase Auth.

11. Children

Traivis is a business-to-business service and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: privacy@traivis.app
Postal: Dr. Peter Koval, Brunnenstr. 164, 10119 Berlin, Germany