Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller for the Teeme platform is:

dcode technologies S.à r.l.
Luxembourg
Email: [email protected]

This Privacy Policy explains how we collect, use, and protect your personal data when you use the Teeme managed service (app.teeme.ai), the marketing website (teeme.ai), and related services. If you use the self-hosted version of Teeme, your data stays entirely on your own infrastructure and this policy does not apply to that data.

2. Data We Collect

We collect the following categories of personal data:

  • Account data. Your email address, provided during registration. This is the only personal identifier we require. Authentication is handled via magic link (passwordless email login).
  • Company data. The name of your AI company and organizational configuration (agent names, roles, team structure, goals). This is business configuration data, not personal data in most cases.
  • Usage data. Aggregated metrics about your use of the platform, including estimated LLM costs, task counts, agent activity counts, and feature usage. This data is used for analytics and to improve the Service.
  • Payment data. Billing information is collected and processed by Stripe. We do not store credit card numbers or bank account details on our servers. We receive only a Stripe customer ID, subscription status, and transaction history.

3. Data We Do NOT Collect

We are committed to a privacy-first architecture. The following data is explicitly not collected or accessed by Teeme:

  • API keys.Your LLM provider API keys (e.g., Anthropic, OpenAI, OpenRouter) are stored locally on your machine (self-hosted) or in an encrypted vault on the managed platform. They are never transmitted to Teeme's servers, never logged, and never accessible to our team.
  • Agent prompts and SOUL files. For self-hosted installations, all agent configuration files remain on your infrastructure. For managed hosting, agent prompts and SOUL files are stored encrypted on EU infrastructure and are not accessed by our team except for debugging at your explicit request.
  • Agent output content. The actual content your agents generate (emails, reports, analyses) is not collected or monitored by Teeme.

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance (Art. 6(1)(b) GDPR). Processing your account data and company configuration is necessary to provide the Service you subscribed to.
  • Legitimate interest (Art. 6(1)(f) GDPR). Processing aggregated usage data for analytics, service improvement, and security monitoring. You may object to this processing at any time.

We do not process personal data based on consent for core service functionality. If we introduce optional features that require consent (e.g., marketing emails), we will obtain it separately.

5. Data Storage and Infrastructure

All data for the managed Service is stored within the European Union:

  • Supabase (EU region) — authentication, account data, and application database.
  • Hetzner VPS (Germany) — application hosting and agent runtime infrastructure.

No data is transferred outside the EU/EEA. If this changes in the future, we will update this policy and ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

6. Data Retention

  • Account data is retained for as long as your account is active. Upon account deletion, your data is permanently removed within 30 days.
  • Usage logs (aggregated metrics, activity counts) are retained for 90 days, then automatically purged.
  • Payment records are retained as required by Luxembourg tax and accounting law (currently 10 years for invoices).
  • Support correspondence is retained for 2 years after resolution, then deleted.

7. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — Authentication and database. Their privacy policy: supabase.com/privacy.
  • Stripe — Payment processing. They are an independent data controller for payment data. Their privacy policy: stripe.com/privacy.
  • Plausible Analytics — Website analytics. EU-hosted, cookie-free, GDPR-compliant by design. No personal data is collected. No cookies are set. Their privacy policy: plausible.io/data-policy.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

8. Cookies

Teeme does not use cookies. Our analytics provider (Plausible) is entirely cookie-free. Authentication state is managed via localStorage in your browser through Supabase Auth. No tracking cookies, advertising cookies, or third-party cookies are set at any point.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15). You may request a copy of all personal data we hold about you.
  • Right to rectification (Art. 16). You may request correction of inaccurate personal data.
  • Right to erasure (Art. 17). You may request deletion of your personal data. We will comply within 30 days, except where retention is required by law.
  • Right to data portability (Art. 20). You may request your data in a structured, machine-readable format. You can export your agent configurations and data at any time through the dashboard.
  • Right to restriction (Art. 18). You may request that we restrict processing of your data in certain circumstances.
  • Right to object (Art. 21). You may object to processing based on legitimate interest at any time.
  • Right to lodge a complaint.You have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (CNPD), the Luxembourg data protection authority, or with the supervisory authority in your EU member state of residence.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Data Protection Officer

As a company with fewer than 250 employees that does not engage in large-scale processing of special categories of data, we are not required to appoint a Data Protection Officer under Article 37 of the GDPR. For all privacy-related inquiries, contact [email protected].

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS) and at rest for all stored data.
  • Isolated databases per customer for managed hosting — no cross-contamination between accounts.
  • API keys stored in encrypted vaults (Supabase Vault), never in application databases.
  • Credential files restricted with file system permissions (chmod 600).
  • Regular security reviews of infrastructure and access controls.

12. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

For any questions or concerns about this Privacy Policy or our data practices, contact us at:

dcode technologies S.à r.l.
Luxembourg
Email: [email protected]