Thaura Privacy Policy

1. Preamble

Thaura GbR ("we", "us" or "Thaura") commits to protecting your privacy in accordance with:

• General Data Protection Regulation (GDPR) 2016/679
• German Federal Data Protection Act (BDSG)
• Principles of the Thaura Manifesto (Sovereignty by Design, Radical Transparency)

2. Core Product Data Processing

2.1 Fundamental Principles

• Strong Encryption Architecture: Conversations encrypted at rest with AES-256-GCM; TLS 1.2+ in transit.
• No Sharing: Chat content is never shared with advertisers, analytics services, or external training providers.
• No Training with User Data: Your interactions are never used for model improvement
• No Surveillance Cooperation: We do not cooperate with government surveillance programs or mass data requests
• Locality: All servers located in the EU (eco-friendly data centers)

2.2 Collected Data

3. Special Features

3.1 Artifacts

• Generated content is provided exclusively to you
• No reuse by Thaura without explicit consent

4. Your Rights (GDPR Compliance)

• Access: Full disclosure of all stored data
• Rectification: Correction of inaccurate data within 72h
• Erasure: Data destruction on demand (including backup purge)
• Portability: Request a machine-readable export (JSON, Markdown) of your personal data by emailing info@thaura.ai

5. Third Parties & Subprocessors

We only work with partners who:

• Comply with EU data protection standards
• Do not transfer data to third countries
• Are contractually obligated to deletion

Current list (2026):

• Hetzner (Backend hosting - EU Nuremberg)
• Scaleway (AI inference — EU France)
• Verda Cloud Oy (self-hosted AI inference — EU Finland)
• Stripe (Payments)
• Resend (Transactional email — EU, Ireland)

6. Contact

Data Protection Contact:
Thaura GbR
info@thaura.ai
Fortunastr. 23 A, 30451 Hannover, Germany

Policy changes are communicated 30 days before taking effect.