DATA PRIVACY
Privacy Policy
1. Introduction
Tldx Solutions GmbH is committed to ensuring that personal data processing carried out as part of its activities complies with European Regulation No. 2016/679, known as the General Data Protection Regulation (GDPR) for personal data and the revised French Data Protection Act.
The term personal data (“Personal Data”) refers to any information relating to an identified or identifiable natural person. A person is “identifiable” when they can be identified, directly or indirectly, particularly by reference to an identification number or to one or more elements specific to them.
This personal data protection policy applies to the Tldx Solutions GmbH website: https://tldv.io/ and its application: https://tldv.io/app
This policy describes the information we collect when you use Tldx’s site, services, products, and content (“Services”). It also provides information on how we store, transfer, use, and delete this information, as well as the rights available to you regarding this information.
This policy applies to Tldx’s online meeting recording and transcription tool, including the website and web applications, and other Tldx websites (collectively “the websites“), as well as other interactions (for example, conversations with customer support, surveys and user interviews, etc.
This policy applies when we act as a Data Controller with respect to the personal data of users of our services; in other words, when we determine the purposes and means of processing this personal data.
Regarding the content and data that you upload or make available through the service (“user content”), it is your responsibility to ensure that this content complies with our terms of use and does not infringe on the privacy of other users.
2. Who collects personal data?
The Data Controller is Tldx Solutions GmbH, headquartered at Tldx Solutions GmbH, Kaiser-Friedrich-Allee 51, 52074 – AACHEN, GERMANY registered under number HRB 23730 of the commercial register of the following jurisdiction: Amtsgericht Aachen, represented by its President Mr. Raphaël ALLSTADT.
3. Who is this policy addressed to?
This “Personal Data Protection Policy” aims to inform all natural persons concerned (“You, Your“) about how Tldx Solutions GmbH collects and uses Your Personal Data and the means at Your disposal to control this use. This policy does not apply to third-party websites that may be mentioned on the Tldx Solutions GmbH website or on Tldx Solutions GmbH applications.
This Policy is addressed to:
- Clients with a personal account (personal space for clients).
- People wishing to subscribe to the Newsletter.
- People wishing to contact TL;DV through the dedicated contact form.
- All Users of the web application (https://tldv.io/app) who connect to and navigate on the said website.
4. What collection methods are involved?
Tldx Solutions GmbH collects Personal Data online (including by email), on paper, or verbally (during an interview or by telephone), and this Policy applies regardless of the method of collection or processing.
5. Security
We take reasonable security measures to combat the loss, misuse, unauthorized access, and disclosure or alteration of Personal Information under our control.
Encryption:
All connections to Tldx Solutions GmbH are encrypted using the SSL protocol, and any attempt to connect via HTTP is redirected to HTTPS.
Hosting:
Tldx Solutions GmbH hosts its software in Google Cloud Platform and Amazon Web Services (AWS) facilities. Google and AWS data centers are certified ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 1 and 2. Our database is located in a Virtual Private Cloud (VPC) with Google and protected by restricted security groups. Only the minimum communication required to and between servers is allowed.
Need-to-know principle and duty of confidentiality:
Furthermore, we apply the need-to-know principle regarding access given to employees, agents, subcontractors, and other third parties who may process your data. These parties will only process your personal data on our instructions and are subject to a duty of confidentiality.
For more information on data security measures taken or to report a vulnerability or security incident, you can visit our page: https://trust.tldv.io, contact us via the chatbot accessible on https://tldv.io/app, or contact us via email at the following address: [email protected]
6. What personal data is collected?
At Tldx Solutions GmbH, we are committed to protecting the privacy of our users. Our business model consists of providing a paid service to users who need to record, index, and store meeting recordings, and is not based on the widespread collection of general data on users. We will only collect and process the information we need to provide you with the service and to continue to maintain and develop it.
Tldx Solutions GmbH does not access your recordings and transcriptions at any time, unless you personally share access with individual employees for technical assistance. Even in this case, only the recordings and transcriptions for which access rights have been granted to the support team member will be accessible.
Tldx Solutions GmbH may collect, store, and process different types of data, on the basis of different legal grounds, as indicated below. The Personal Data collected is, however, limited to the data strictly necessary for the purposes of the processing concerned. They are kept for the time necessary to accomplish the purposes mentioned above.
We will not sell the collected data to other companies.
The service offered by Tldx Solutions GmbH is reserved for people over sixteen years of age. As such, if we learn that we have collected personal data from a minor under sixteen years of age, their account will be revoked and all their personal data will be immediately deleted.
| Data concerned | Collection method | Purposes | Retention period | Recipients | Legal basis |
|---|---|---|---|---|---|
| Email address, name and profile image URL | Automatic | Create your profile when you register for our service. | Until account deletion. | Support team, administrators, engineers (development), commercial team | Contractual obligation |
| Metadata: IP address, your geographic location. | Only saved at the time of transaction | Security and fraud prevention, adapted pricing, security monitoring. | Until account deletion. | Support team, engineers (development) | Legal and contractual obligation |
| IP address, geographic location, browser type and version, your operating system, your referral source, the duration of your visit, pages viewed and navigation paths on the website, the frequency and pattern of your service use. | Automatic | Product analysis and improvement, marketing and attribution, incident management and in some of our logs | 10 days (this data is not nominative) | Devops team, engineers (development) | Legal and contractual obligation |
| Logs | Automatic | Fraud detection and prevention, legal compliance, internal audit, performance analysis, product optimization, customer support, infrastructure monitoring | 10 days | Support team, engineers (development) | Legal and contractual obligation |
| Video and audio recording, written transcriptions | Site and application | Provision of the main service, sharing and collaboration | Free user: 3 months Paying user: until account deletion | Support team, engineers (development) | Contractual obligation and legitimate interest |
| Address of the web page visited as part of the services, browser type and settings, date and time of service use, information about browser configuration, and plugins, language preferences and cookies, devices used to access the Services, including device type, operating system used, device settings, application identifiers, unique device identifiers and crash data. | Site and application | Analysis of products and navigation on the site and application | Until account deletion | Product team, Developer, support and Marketing | Legal and contractual obligation |
| Your transactions or usage information to respond to the request | Request to support via a ticket | Provide an assistance service | This data is not deleted. A request may be made. | Support team | Contractual obligation |
| Email address | The user gives us their email | Newsletter | Until consent withdrawal | Marketing team | Consent |
| Information relating to credit card, billing email, banking info, transaction location and/or billing address | Automatic | Billing | Until account deletion | Support team, sales team | Contractual and legal obligation |
| Information that you may communicate to us on communication spaces (discussion group, research interview, contest, activity or event, job application or on social networks) | Information shared by the user, prospect, client | Potentially shared then internally (demo , bug, customer service, etc.) | For 5 years or upon deletion request | Support team, marketing, developer, sales | Support team, Sales team, Marketing team. Consent requested and retrievable for internal sharing |
| Email address of people not subscribed but are participants in a meeting where the solution would be used | Automatic | Collect consent from non-client meeting participants before the meeting. But also associate meetings participated in to user once they create an account. | For 5 years or upon deletion request | Support team, development team, marketing team, sales team | Legitimate Interest |
| Name, first name, email address, subject and content of your message | Pre-sales contact form | Respond to your request and send you info relating to your interest | For 3 years or possibility of opt-out upon user request. Or after account deletion. | Sales Team | Legitimate interest of Tldx Solutions GmbH to be contacted |
7. To whom is your data transmitted?
7.1. Authorized TLDX SOLUTIONS GMBH personnel
Your Personal Data may be addressed, depending on their purpose, to Tldx Solutions GmbH employees where they may be stored.
7.2. Third-parties and subcontractors
The website may offer you hyperlinks to other websites that can provide you with additional qualified information.
Tldx Solutions GmbH cannot be held responsible for content it does not publish, with the User acknowledging that this site and third-party or partner services are totally independent.
The proposed redirection to a third-party site does not constitute a recommendation, and Tldx Solutions GmbH is in no way responsible for the editorial content proposed on the sites concerned.
All Personal Data being confidential, their access is limited to Tldx Solutions GmbH employees in the execution of their mission and to any authorized third party in compliance with applicable regulations.
Indeed, we may also share information with third parties in certain circumstances, particularly:
- with your consent;
- to a service provider or partner who respects our data protection standards (information can only be communicated to service providers necessary for the execution of our service contract with you. We will not sell data to third parties);
Our categories of service providers and partners are as follows:
| Category of subcontractor | Name of the subcontractor(s) |
|---|---|
| Hosting/infrastructure/storage providers | Google Cloud, Hetzner, Wasabi |
| Payment processors | Stripe |
| Analysis tool providers | Mixpanel, Cloudflare, Sentry |
| Customer support tool providers | Intercom, Sentry |
| Marketing and email tool providers | CustomerIO, Gmail |
| Internal communication tool providers | Slack, Gmail |
| Artificial Intelligence Provider | Anthropic, Mistral |
| Human Resources tool provider | Deel |
| Sales tool provider, customer tracking (CRM) | Hubspot |
8. Is your data sent outside the European Union?
All personal data collected through our platform is primarily processed and stored in facilities located in the European Economic Area (EEA), in accordance with the standards established by the European Union’s General Data Protection Regulation (GDPR).
All our services are hosted in Europe (within the European Economic Area) with the exception of the part of our service involving artificial intelligence, which currently depends on two providers from which the client will be free to choose:
- Anthropic, hosted in the United States To generate the summary report of exchanges that took place during meetings, we securely transmit limited parts of user transcriptions to Anthropic’s facilities, which may be located in countries outside the EEA. We have ensured that appropriate guarantees are in place for these transfers, namely the use of standard data protection clauses adopted or approved by the European Commission.
- Mistral, hosted in France, in the EEA.
By using our website and services, you acknowledge that personal data submitted for publication may be accessible, via the internet, to users around the world. Although we take strict measures to protect this data, we cannot prevent its potential use (or abuse) by third parties. For more details on content responsibilities, please consult our Terms of Use.
9. What are your rights?
In application of articles 14 to 22 of Regulation 2016/679 of April 27, 2016, any natural person using the service has the faculty to exercise the following rights:
- Right of access: you can request a copy of the data that personally concerns you;
- Right of rectification: you can modify data that would be inaccurate concerning you;
- Right of opposition: you can oppose our processing of your data; within the limits of the conditions of article 21 of the GDPR;
- Right to erasure: you can ask us to erase the data concerning you; within the limits of the conditions of article 17 of the GDPR;
- Right of opposition to profiling;
- Right to limitation of processing.
- Right to portability.
As part of our activities, we do not carry out profiling.
Furthermore, when you give your consent to the processing of your personal data, you have the possibility to withdraw it at any time.
Finally, when a personal data breach likely to create a high risk for your rights and freedoms is detected, you will be informed of this breach as soon as possible.
10. How to exercise your rights?
For any information or exercise of your Information Technology and Civil Liberties rights on personal data processing, you can contact our data protection officer (DPO):
- Either by email at: [email protected] and/or [email protected]
- Or by signed mail accompanied by a copy of an ID to the following address: tldx Solutions GmbH, Kaiser-Friedrichs-Allee 51, 52074 Aachen, Germany
In case of no response or unsatisfactory response from us, you have the possibility to seize the competent data protection authority in Germany, namely the BfDI (Federal Commissioner for Data Protection and Freedom of Information): https://www.bfdi.bund.de/EN/Service/Kontakt/kontakt_node.html.
Indeed, as a German company, Tldx Solutions GmbH depends on the BfDI in its capacity as a supervisory authority. You can contact the supervisory authority of your country or your state, but Tldx Solutions GmbH will retain the Federal Commissioner for Data Protection and Freedom of Information as the main supervisory authority.
11. Revision of the Personal Data Protection Policy
This Personal Data Protection Policy is applicable and is regularly updated according to the needs of the company and legal requirements.
