Thaura Privacy Policy
1. Preamble
Thaura GbR ("we", "us" or "Thaura") commits to protecting your privacy in accordance with:
- General Data Protection Regulation (GDPR) 2016/679
- German Federal Data Protection Act (BDSG)
- Principles of the Thaura Manifesto (Sovereignty by Design, Radical Transparency)
2. Core Product Data Processing
2.1 Fundamental Principles
- Zero-Knowledge Architecture: Conversations protected with AES-256-GCM encryption
- Strict No-Log Policy: We do not log or retain chat content beyond your active session
- No Training with User Data: Your interactions are never used for model improvement
- No Surveillance Cooperation: We do not cooperate with government surveillance programs or mass data requests
- Locality: All servers located in the EU (eco-friendly data centers)
2.2 Collected Data
| Data Category | Purpose | Retention Period |
|---|---|---|
| Account Data (Email) | Authentication | Until account deletion |
| Project Data (User uploads) | Context for your queries | According to your settings |
| Metadata (IP, Device type) | Security & Compliance | 30 days |
3. Special Features
3.1 Artifacts
- Generated content is provided exclusively to you
- No reuse by Thaura without explicit consent
4. Your Rights (GDPR Compliance)
- Access: Full disclosure of all stored data
- Rectification: Correction of inaccurate data within 72h
- Erasure: Data destruction on demand (including backup purge)
- Portability: Export in machine-readable formats (JSON, Markdown)
5. Third Parties & Subprocessors
We only work with partners who:
- Comply with EU data protection standards
- Do not transfer data to third countries
- Are contractually obligated to deletion
Current list (2026):
- Hetzner (Backend hosting - EU Nuremberg)
- Together AI (AI inference server - EU Sweden)
- Stripe (Payments)
6. Contact
Data Protection Officer:
Said Chihabi
saidchihabi@thaura.ai
Fortunastr. 23 A, 30451 Hannover
Policy changes are communicated 30 days before taking effect.