Legal Documents

Privacy Policy

Effective as of April 7, 2026

1. DATA CONTROLLER

Tesseum, domiciled in Prague, Czech Republic, is the controller of personal data collected through the tesseum.com platform. Contact: hola@tesseum.com

2. DATA WE COLLECT

When registering via Google OAuth, we collect:

• Full name
• Email address
• Public Google profile photo
• Country and professional profile (if provided by the user)

During use of the platform, we record:

• Legal queries made (without personally identifiable data)
• Country and legal area consulted
• Date and time of access

3. DATA WE DO NOT STORE

Tesseum does not store:

• The original content of contracts uploaded for analysis
• Personal data contained in analyzed documents
• Banking or payment information (handled exclusively by Stripe)
• Access credentials (managed by Google and Supabase Auth)

Uploaded contracts are automatically anonymized by the Apolo engine before any processing or storage. Identifying data is replaced with generic tokens ([PERSON_1], [ADDRESS_1], etc.) before being saved.

4. PURPOSE OF PROCESSING

Collected data is used to:

• Manage access to the platform
• Personalize the user experience
• Send service communications (only if the user consents)
• Improve the quality of the Apolo engine
• Comply with applicable legal obligations

5. LEGAL BASIS (GDPR)

For users in the European Union, processing is based on:

• Contract performance: data necessary to provide the service
• Legitimate interest: service improvement and security
• Consent: marketing communications (revocable at any time)

6. USER RIGHTS

Users have the right to:

• Access their stored personal data
• Rectify incorrect or outdated data
• Request deletion of their account and data
• Object to processing for marketing purposes
• Port their data to another service

To exercise these rights, contact us at hola@tesseum.com

7. INTERNATIONAL TRANSFERS

Data is processed on Supabase (United States) and Google Cloud infrastructure. Both providers hold GDPR compliance certifications and offer adequate safeguards for international transfers under Regulation (EU) 2016/679.

8. DATA RETENTION

Account data is retained while the user maintains an active account. Upon account deletion, data is removed within a maximum of 30 days. Anonymized corpus data may be retained indefinitely as it contains no identifiable information.

9. COOKIES

Tesseum uses strictly necessary technical cookies for session management. We do not use advertising tracking cookies or share data with advertising networks.

10. MINORS

Tesseum is not directed at users under 18 years of age. If you become aware that a minor has provided personal data, contact us for immediate deletion.

11. CONTACT AND COMPLAINTS

For any privacy inquiries: hola@tesseum.com

If you believe the processing of your data violates applicable regulations, you may file a complaint with the Czech Office for Personal Data Protection (ÚOOÚ) or with the INAI in Mexico.