Privacy Policy

Last updated: March 23, 2026

This Privacy Policy explains the type, scope, and purpose of processing personal data when using our TRP8 website and platform.

Summary

This summary provides a quick overview. Full details are listed in the sections below.

We primarily process personal data to provide the website, user accounts, tour features, and support.
Tour usage and statistics may use anonymous baseline tracking or optional-consent tracking, depending on active rules.
Contact, feedback, and email data are processed strictly for their intended purpose (for example inquiry handling, sending tour links, and opt-out management).
We use Paddle for payments.
We use Postmark for email processes.
We use OpenRouter for AI-based translations.
We use Google Text-to-Speech for voice generation.
We use ElevenLabs for voice generation.
Leads are anonymized or deleted according to implemented retention logic (3 years active, 10 years opted out).
You have statutory rights to access, rectification, erasure, restriction, portability, and objection.

1. Controller

The controller within the meaning of the GDPR is:

TRP8, Christian Bode & Christiane Eckern GbR, c/o IP-Management #9707, Ludwig-Erhard-Str. 18, 20459 Hamburg, Germany.

Represented by: Christian Bode and Christiane Eckern.

Phone: +49 421 167 60 680. Email: imprint@trp8.com.

Privacy inquiries may also be sent to privacy@trp8.com.

2. Legal Bases for Processing

We process personal data based on Art. 6(1)(a) GDPR (consent), (b) (contract/pre-contractual measures), (c) (legal obligation), and (f) (legitimate interests).

The applicable legal basis depends on the specific processing activity (for example account management, support, security, billing).

3. Hosting, Operations, and Logs

When visiting the website, technically required data is processed to ensure delivery, stability, and security.

Application logs may additionally be generated, for example for errors, webhook handling, or security-relevant events.

Typical data: IP address, timestamp, requested URL, referrer (if sent), user agent, and session context.
Frontend error logs may contain message, context, URL, user agent, timestamp, and potentially user/session ID.
Purposes: operations, troubleshooting, abuse prevention, and technical traceability.

4. User Accounts, Authentication, and Sessions

For registered users (admin/customer area), we process account and access data to provide the platform.

Account data: name, email address, password hash, optional language/locale, role and permission context.
Authentication data: login and session information, including technically required IP/user-agent data in session context.
Purposes: login, access control, account management, secure delivery of subscribed services.

5. Contact Form and Communication

When you contact us via the contact form, we process the information you submit and technical anti-abuse data.

Form data: name, email, subject, message.
Abuse protection: honeypot field, time-based plausibility check, IP-based rate limiting.
Purpose: handling your inquiry and protecting our systems.

6. Cookies, Consent, Local Storage, and Session Storage

We use required storage mechanisms for operation and security, plus optional comfort features based on active consent rules.

A consent cookie stores your cookie and tracking preferences.
In tour contexts, a recurring visitor identifier (tourist_id) may be used to keep functions such as feedback or link delivery consistent.
In the guide, playback speed can be stored in a cookie when that rule is active.
Local storage may be used to keep an offline queue for tour event synchronization.

7. Tour Features, Tracking, and Feedback

When using reader and guide features, events are processed for service operation and quality assurance. The tracking scope depends on active rules.

Feedback can include additional voluntary information.

Anonymous baseline measurement may be active to evaluate usage trends without personal attribution.
Feedback data: rating, comment, optional name.
Purposes: providing tours, quality assurance, product improvement, and support.

8. Tour Link by Email and Opt-out (Tourist Context)

Users can request tour links by email. This involves processing email address, language preference, and related tour context.

For unsubscribe actions, signed opt-out/opt-in links with integrity checks are used.

Delivery data: recipient address, tour link, feedback link, opt-out link.
Opt-out management: blacklist status, reason, and opt-out timestamp.
Security measures: signed URLs and email-hash verification for opt-out flow.

9. Lead Communication, Email Activities, and Postmark

For lead and campaign processes, we process contact data, categories, communication history, and consent/opt-out status.

We use Postmark for email delivery and webhook feedback.

Lead data: name, company/contact person, email, country, language, status, consent, opt-out timestamp, optional magic token with expiration.
Email activity data: sent, opened, clicked, bounced, spam complaint, opt-out/opt-in, visit/demo view.
Webhook data may include technical metadata (for example message ID, user agent, geo/platform data by event type).

10. Payments and Subscriptions

For subscriptions and billing, we use the payment provider currently configured in our platform.

Active payment provider: Paddle.

Subscription/payment data: customer ID, subscription ID, product/price references, status, invoice/transaction records, amounts, and currency.
Webhook processing: event data for subscription status synchronization.
Purposes: contract execution, billing, record keeping, and payment troubleshooting.

11. AI Translation and Text-to-Speech (TTS)

For automated translation and audio generation, we use external AI/TTS services. Depending on input content, this may involve personal data.

LLM provider: OpenRouter.
TTS provider: Google.
TTS provider: ElevenLabs.
Usage logs: character usage, provider, tour/content reference, locale, technical metadata for limits/monitoring.

13. Recipients, Processing, and Third-Country Transfers

Recipients include hosting/infrastructure partners and the service providers listed in this policy for email, payment, AI/TTS, and media delivery.

If data is transferred to third countries, this is done under an appropriate legal mechanism, for example EU Standard Contractual Clauses where required.

14. Retention, Deletion, and Anonymization

We store personal data only as long as necessary for the relevant purpose or legal obligations.

For leads, technical deletion/anonymization logic is implemented and scheduled to run monthly (command: leads:anonymize --force).

Active leads: anonymization after 3 years.
Opted-out leads: full deletion after 10 years.
Sessions, logs, and other operational data follow technical/organizational retention rules based on purpose limitation and security needs.

15. Your Rights

Subject to legal requirements, you have rights of access, rectification, erasure, restriction, portability, and objection.

You may withdraw granted consent with effect for the future.

You also have the right to lodge a complaint with a supervisory authority.

16. Data Security

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, and manipulation.

Measures include authentication controls, signed URLs, access restrictions, rate limiting, and security-related logging.

17. Changes to this Privacy Policy

We update this Privacy Policy when legal requirements, technical processes, or service providers change.

The current version published on this page is authoritative.

Privacy questions: privacy@trp8.com

Contact Imprint Terms of Service Refund Policy

Cookies

We use essential cookies to keep this website stable and secure. Anonymous usage statistics are already active. By choosing “Accept all cookies”, you additionally enable comfort features such as remembering your settings.

For more information about the different types of cookies and their use on our website, please read our Privacy Policy.