Privacy Policy
Last updated: 9 April 2026
Introduction
This privacy policy explains how Tahani ("we", "us", "our") collects, uses, and protects your personal data when you use our application and website (www.tahani.io).
We are committed to processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). This policy also outlines your rights and how you can exercise them.
Data we collect
Website visitors
When you visit our website, we do not directly collect personally identifiable information.
We may collect limited technical data through third-party services for:
- Analytics
- Error monitoring
Where possible, this data is anonymized before transmission. This may include:
- Device type
- Browser type
- General location (non-precise)
- Usage data
This information is used solely to maintain and improve our services.
App users
When you use our app, we collect only the personal data you voluntarily provide, including:
- Email address
- Date of birth
If you are (or have been) a subscriber, we may also store:
- Billing address
- Limited payment-related identifiers (e.g. last digits of a payment method)
We do not store full payment details.
How we collect data
We collect data through:
- Direct input (e.g. account registration forms)
- Subscription and billing processes (via third-party providers)
- Third-party tools for analytics and error reporting
Purpose of processing
We process personal data only when necessary to:
- Provide and operate our services
- Manage user accounts and subscriptions
- Improve performance and reliability
- Ensure security and prevent misuse
We do not sell personal data.
Legal basis for processing
We process personal data to provide our services under the following GDPR legal bases:
- Contractual necessity
- Legitimate interests
- Consent
Access to data, correction and deletion
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
You can:
- Use in-app controls where available
- Contact us at [email protected]
We respond to requests within 30 days, unless legally required otherwise.
Please note that certain data may be retained where required by law.
Data storage location
All personal data is stored within the European Union and processed in accordance with GDPR.
We do not transfer personal data outside the EU.
Data retention
We retain personal data only for as long as necessary to:
- Provide our services
- Fulfill legal and contractual obligations
When data is no longer required, it is securely deleted or anonymized.
Data may be deleted if you stop using the app for an extended period and a subscription is not active. You will be notified of deletion in advance and given a chance to stop the deletion.
Data security
We implement appropriate technical and organizational measures to protect personal data against:
- Unauthorized access
- Loss or misuse
Access to personal data is restricted to authorized personnel only when necessary.
Cookies
We do not use cookies for website visitors.
We use essential cookies to:
- Maintain secure sessions
- Enable core functionality
Cookies are:
- Stored in your browser
- Transmitted only over secure connections
- Deleted upon logout or after a period of inactivity
We do not use tracking cookies for advertising purposes.
Sharing of data
We do not sell personal data. We may share personal data with trusted service providers acting as data processors where necessary to operate our services, or where required by law:
- Service operation (e.g. infrastructure providers)
- Legal obligations
- Audits or compliance
- Business transfers (e.g. merger or acquisition)
In such cases, data is shared only to the extent required and in compliance with applicable laws.
Supervisory authority
For disputes or complaints about data privacy, you may send your request to [email protected]. If the complaint is not resolved then you may file a request to the Dutch supervisory authority (Autoriteit Persoonsgegevens).
Breach of data
When a breach of data is confirmed, we will notify you if you are affected by the breach, and the relevant authorities within 72 hours of confirmation of the breach. We will outline the details of the breach and your options to keep your data safe.
Third party services
We use the following third-party providers:
- Hetzner (EU-based infrastructure)
- Cloudflare (EU-based services)
- Umami (analytics)
- Sentry (error monitoring)
These providers process data on our behalf and are bound by appropriate data protection agreements.
Children's privacy
Our services are not intended for minors without the consent of a parent or legal guardian.
Changes to this policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our services
- Legal or regulatory updates
Where changes are significant, we will notify users in advance. The latest version will always be available on this page with the updated date.
Contact
If you have questions or requests regarding this Privacy Policy, you can contact us at [email protected].