Privacy Policy (Datenschutzerklärung)

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

This privacy policy explains what information we collect when you visit our website and how we use this information. It also describes your rights under the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller and Data Protection Officer

2. General Information on Data Processing

2.1 Scope of Processing

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Personal data is only processed with the user's consent, unless prior consent cannot be obtained for factual reasons and processing is permitted by law.

2.2 Legal Basis

We process your personal data on the following legal bases:

• Art. 6 (1) a GDPR - Consent for specific processing purposes
• Art. 6 (1) b GDPR - Processing necessary for contract performance or pre-contractual measures
• Art. 6 (1) c GDPR - Processing necessary for compliance with legal obligations
• Art. 6 (1) f GDPR - Legitimate interests (e.g., IT security, direct marketing)

2.3 Data Deletion and Storage Duration

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may continue if provided for by European or national legislation. Data will also be blocked or deleted when a storage period prescribed by the regulations expires, unless there is a need for further storage to conclude or fulfill a contract.

3. Provision of the Website and Creation of Log Files

3.1 Description and Scope

Each time our website is accessed, our system automatically collects data and information from the accessing computer's system. The following data is collected:

• IP address of the accessing computer
• Date and time of access
• Name and URL of the accessed file
• Website from which access was made (referrer URL)
• Browser and operating system used
• Internet service provider of the accessing system

This data is stored in our system's log files. This data is not stored together with other personal data of the user.

3.2 Legal Basis

The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR (legitimate interest in ensuring the website's technical functionality and security).

3.3 Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. The IP address must remain stored for the duration of the session. Storage in log files ensures the website's functionality. The data also helps us optimize the website and ensure our IT systems' security.

3.4 Storage Duration

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. Log files are typically stored for a maximum of 7 days and then deleted. Storage beyond this period is possible if the IP addresses are deleted or anonymized.

4. Hosting Services

4.1 Vercel Inc.

Our website is hosted by Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA.

Vercel processes on our behalf the following data that may be collected when you visit our website:

• IP address
• Request data (URL, HTTP method, headers)
• Response data (status code, response time)
• Browser and device information

Legal basis: Art. 6 (1) f GDPR (legitimate interest in reliable and secure website hosting)

Data processing agreement: We have concluded a data processing agreement with Vercel. Data is processed on servers in the EU and USA. Vercel is certified under the EU-US Data Privacy Framework.

Privacy policy: https://vercel.com/legal/privacy-policy

4.2 IONOS by 1&1

We use IONOS by 1&1 for email services and domain registration:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur, Germany

Legal basis: Art. 6 (1) f GDPR (legitimate interest in professional email communication)

Privacy policy: https://www.ionos.com/terms-gtc/terms-privacy

4.3 Supabase Inc.

We use Supabase for database services to store contact form submissions securely:

Supabase Inc.
970 Toa Payoh North #07-04
Singapore 318992

Data stored includes contact form submissions (name, email, company, message) that you voluntarily provide when using our contact forms.

Legal basis: Art. 6 (1) a GDPR (your consent) and Art. 6 (1) b GDPR (contract performance for inquiries)

Data processing agreement: We have concluded a data processing agreement with Supabase. Data is processed on servers in the EU (Frankfurt).

Privacy policy: https://supabase.com/privacy

4.4 Resend Inc.

We use Resend for transactional email delivery (confirmation emails, notifications):

Resend Inc.
2261 Market Street #4059
San Francisco, CA 94114, USA

When you submit a contact form, Resend processes your email address to send you a confirmation email and to notify our team of your inquiry.

Legal basis: Art. 6 (1) a GDPR (your consent) and Art. 6 (1) b GDPR (contract performance)

Data transfer: Resend is certified under the EU-US Data Privacy Framework.

Privacy policy: https://resend.com/legal/privacy-policy

5. Analytics and Tracking (Consent Required)

5.1 Google Tag Manager

We use Google Tag Manager to manage website tags and analytics. Google Tag Manager is only loaded after you have given your explicit consent via our cookie banner.

Important: Without your consent, no tracking scripts are loaded and no data is transmitted to Google.

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

If you consent to analytics cookies, the following data may be processed:

• IP address (anonymized)
• Browser type and version
• Operating system
• Referrer URL
• Pages visited and time spent
• Device information

Legal basis: Art. 6 (1) a GDPR (your explicit consent)

Data transfer: Google is certified under the EU-US Data Privacy Framework.

Opt-out: You can withdraw your consent at any time by clicking the cookie settings button in the bottom left corner of our website.

Privacy policy: https://policies.google.com/privacy

6. Cookies

6.1 What are Cookies?

Our website uses cookies. Cookies are small text files stored on your device by your web browser. Cookies help make our website more user-friendly, effective, and secure.

6.2 Types of Cookies We Use

6.3 Managing Cookies

You can configure your browser to refuse cookies or to be notified when cookies are being sent. However, if you refuse cookies, some features of our website may not function properly. You can also delete cookies already stored on your device at any time.

For more information, please see our Cookie Policy.

7. Contact Form and Email Communication

7.1 Description and Scope

Our website contains a contact form that can be used to contact us electronically. If you use the contact form, the data you enter will be transmitted to us and stored.

The following data is collected:

• Full name
• Email address
• Company name (optional)
• Message content
• Date and time of submission

7.2 Legal Basis

The legal basis for processing data transmitted in the course of sending an email or using the contact form is Art. 6 (1) f GDPR (legitimate interest in responding to inquiries) or Art. 6 (1) b GDPR if the inquiry relates to a potential contract.

7.3 Purpose of Data Processing

We process the personal data from the contact form solely for processing the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

7.4 Storage Duration

Data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the contact form and sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. Personal data collected during the sending process is deleted after a maximum of seven days.

7.5 Right to Object

You have the right to object to the processing of your personal data at any time. Please contact us at team@tula.legal to exercise this right.

8. Social Media Integration

8.1 LinkedIn

Our website contains a link to our LinkedIn company page. When you click this link, you will be redirected to LinkedIn. No data is automatically transferred to LinkedIn when you visit our website - only when you actively click the link.

LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA is responsible for data processing on LinkedIn. LinkedIn is certified under the EU-US Data Privacy Framework.

Privacy policy: https://www.linkedin.com/legal/privacy-policy

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise your rights, please contact us at:
Email: team@tula.legal
Or use the contact details in the Legal Notice.

10. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

All data transmission on our website is encrypted using SSL/TLS technology. You can recognize an encrypted connection by the "https://" in the address bar of your browser and the lock symbol in the browser line.

11. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal situations or changes in the service or data processing. However, this only applies with regard to declarations on data processing. If user consent is required or if elements of the privacy policy contain provisions of the contractual relationship with users, changes will only be made with users' consent.

Please review this privacy policy regularly to stay informed about how we protect your data.

Last updated: January 2026