Logo

Services

Features

Tiers

Benefits

Contact Us

Privacy Policy

Last updated on 06 Oct 2025

This Privacy Policy describes how Thevenin OÜ (“Thevenin”, “we”, “our”, “us”) collects, processes, and protects your personal data when you use our website and beta services at https://thevenin.io (the “Platform”).

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Estonian data protection laws.

1. Data We Collect

We may collect the following categories of data:

1.1 Account Data

  • Email address

  • Encrypted password (managed by our self-hosted Ory Kratos instance)

  • Two-factor authentication (2FA) setup details (e.g., secret keys or verification tokens)

  • Account status and session information

1.2 Usage Data

  • IP address, browser type, device information

  • Login timestamps, dashboard activity, and feature interactions

  • Error logs for debugging and performance improvement

1.3 Communication Data

  • Support inquiries and feedback messages

  • Transactional emails and service updates sent via Brevo (Sendinblue)

We do not collect payment data, as no paid features are available during Beta.

2. How We Use Your Data

We process your data to:

  • Create and manage your user account via Ory Kratos.

  • Authenticate users and 2FA for secure access.

  • Provide, maintain, and improve the Platform.

  • Send service-related notifications and status updates (via Brevo).

  • Diagnose technical issues and enhance reliability.

  • Comply with legal obligations and ensure system integrity.

We do not use your data for advertising or profiling.

3. Data Storage & Security

  • All data is securely stored on AWS servers located in the European Union.

  • Ory - identity, so no user credentials or personal data are shared with Ory GmbH.

  • We implement encryption, 2FA, and strict access control policies.

  • Access to production data is limited to authorized personnel.

While we maintain strong safeguards, no online service is entirely immune from security risks.

4. Data Sharing

We do not sell or rent personal data.

Limited data may be shared with:

  • AWS – for hosting and storage.

  • Brevo (Sendinblue) – for sending account and system emails.

  • Open-source components – used internally under applicable licenses.

All third parties are required to comply with GDPR and data protection agreements.

5. Data Retention

We retain your data only as long as necessary to operate the Beta Services, improve functionality, or comply with legal requirements.
When Beta testing ends or your account is deleted, we will anonymize or erase your data within a reasonable timeframe.

6. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your data and receive a copy.

  • Correct inaccurate or incomplete information.

  • Request deletion of your data (“right to be forgotten”).

  • Restrict or object to processing.

  • Data portability (export your data).

  • Lodge a complaint with the Estonian Data Protection Inspectorate.

You can exercise your rights by contacting: support@thevenin.io

7. Cookies

We use essential cookies for:


  • Authentication and session management.

  • Security and CSRF protection.

We do not use marketing or tracking cookies during the Beta phase.

8. International Data Transfers

All data is primarily processed and stored in the EU (AWS EU regions).
If any data transfer outside the EU becomes necessary, we ensure adequate safeguards in compliance with GDPR Articles 45–46 (e.g., Standard Contractual Clauses).

9. Updates to This Policy

We may revise this Privacy Policy from time to time.
Any updates will be posted on this page with a new “Last updated” date.

10. Contact Us

Thevenin OÜ
Tallinn, Estonia
support@thevenin.io

Terms of Service

Privacy Policy

Thevenin OÜ, a company registered in Estonia under Registration Number: EE102770885 and with

Registered Address at Harju maakond, Tallinn, Põhja-Tallinna linnaosa, Tööstuse tn 75-71, 10416, Estonia.

© 2025 Thevenin. All rights reserved.