Privacy Policy

Last updated: July 10, 2026

1. Controller

TNT Ventures GmbH
Venloer Str. 240
50823 Köln
Deutschland

Email: hello@tntventures.de

2. Data We Collect

2.1 Account Data

When you create an account, we collect your email address, full name, and a hashed password. This data is processed to provide you with access to sharey.

2.2 Server Log Files & Technical Usage Data

When you visit our website, the server hosting the service automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your IP address, browser type and version, operating system used, referrer URL, host name of the accessing computer, and the time of the server request. This data is processed to ensure the technical stability, security, and smooth operation of our services. The legal basis for this processing is our legitimate interest (Art. 6(1)(f) GDPR).

2.3 Usage Data

We automatically collect information about how you use sharey, including pages visited, features used, and timestamps. This helps us improve the service.

2.4 Content Data

Content you create, upload, or schedule through sharey (e.g., social media posts, images, project settings) is stored to provide the service. Contributors may also upload photos, videos, optional context notes, and voice memos.

2.5 AI Processing of Your Content

To provide sharey's core features, uploaded content is processed by AI sub-processors: images and videos are sent to OpenAI and Google Gemini for quality analysis, project-fit scoring, and caption/hashtag generation, and voice memos are sent to OpenAI for transcription. Only the content necessary for these features is transmitted. See Section 4 for the sub-processors involved and transfer safeguards.

2.6 Notifications & Waitlist

If you enable notifications, we store web-push subscription details (endpoint and keys) for your browser. If you join our waitlist, we store the email address you provide until the waitlist is closed or you ask us to remove it.

3. Legal Basis

We process your data based on: (a) performance of our contract with you (Art. 6(1)(b) GDPR), (b) our legitimate interests in improving our services (Art. 6(1)(f) GDPR), and (c) your consent where applicable (Art. 6(1)(a) GDPR).

4. Third-Party Services

We use the following third-party services to provide and improve sharey:

  • Supabase (EU region) – authentication and database hosting
  • Vercel (US/EU) – application hosting and serverless compute
  • Amazon Web Services (S3) / Cloudflare (R2) (US/EU/global) – media file storage and content delivery
  • OpenAI (US) – AI content generation, captions, strategy, and voice-memo transcription
  • Google Gemini (US) – AI media analysis and quality assessment of uploaded photos and videos
  • Meta / Instagram (US) – social media publishing and analytics via Graph API
  • Resend (US) – transactional email delivery (invitations, notifications)
  • Sentry (US) – error monitoring and performance tracking
  • Upstash (EU) – rate limiting infrastructure
  • Google Analytics (US) – website usage analytics (see Section 5)

Where third-party services are located outside the EU/EEA, data transfers are safeguarded by Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and/or the EU-US Data Privacy Framework (DPF), provided the recipient is certified under this framework.

Where we process personal data on behalf of a business customer as a data processor, our Data Processing Agreement (DPA) applies and forms an integral part of the Terms of Service.

5. Cookies & Analytics

sharey uses essential cookies required for authentication and session management. These are strictly necessary and do not require consent. The legal basis for setting these essential cookies and storing information on your terminal device is Section 25 Paragraph 2 Number 2 TDDDG.

Additionally, we use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to analyze website usage. Google Analytics uses cookies that are only set after you give consent via our cookie banner. We have enabled IP anonymization so your IP address is truncated before transmission. The legal basis is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time with effect for the future via the cookie settings on our website (accessible through our cookie banner) or by clearing your browser cookies.

Google Analytics Measurement ID: G-GD69LD4F6C. For more information, see Google's Privacy Policy.

6. Data Security (SSL/TLS Encryption)

For security reasons and to protect the transmission of confidential content (such as account details or content uploads you send to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the address line of the browser from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Data Retention

We retain your data for as long as your account is active. You can delete your account at any time from your profile settings (“Delete account”), which removes your account and the data you own. Upon account deletion, your personal data will be removed within 30 days, except where retention is required by law.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Object to processing

To exercise these rights, contact us at hello@tntventures.de.

You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), for example the data protection authority of your habitual residence or the authority responsible for our registered office (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen).

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the service.