Privacy Policy

1. Data Controller

The data controller responsible for the processing of your personal data is Tessera ("we", "us", or "our"). You can contact us regarding any privacy-related matters at hello@tessera.click.

Tessera is a multi-tenant platform for case and workflow management. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our platform, or interact with us.

2. Legal Basis for Processing

In accordance with Article 6 of the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to our newsletter or accepting cookies.
• Performance of a contract (Art. 6(1)(b)): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as providing you access to the Tessera platform.
• Legitimate interest (Art. 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. This includes improving our services, ensuring security, and preventing fraud.

3. Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

• Contact information: Name, email address, company name, and job title when you fill out our contact form, sign up for early access, or create an account.
• Communications: Any messages, feedback, or inquiries you send to us through our website or email.

3.2 Automatically Collected Data

• Usage data: Pages visited, time spent on pages, click patterns, referral sources, and navigation paths through our website.
• Device and technical data: IP address, browser type and version, operating system, device type, and screen resolution.
• Cookies and similar technologies: See Section 8 below for details on our use of cookies.

4. Retention Periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the duration of your account and for 30 days after account deletion (soft-delete period), after which data is anonymized.
• Contact form submissions: Retained for up to 12 months after your last interaction.
• Usage and analytics data: Retained in aggregated, anonymized form for up to 24 months.
• Legal and compliance records: Retained as required by applicable law, typically up to 10 years for financial and contractual records.

Tessera implements a three-phase data erasure process: soft delete, anonymization, and hard delete with a certificate of destruction issued upon request.

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17): You may request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to data portability (Art. 20): You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21): You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to restrict processing (Art. 18): You may request restriction of processing under certain circumstances.
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at hello@tessera.click. We will respond to your request within 30 days. You also have the right to lodge a complaint with a supervisory authority.

6. Sub-Processors

We use the following third-party sub-processors to deliver our services:

• Resend (Resend, Inc.) — Transactional email delivery. Resend processes email addresses and message content on our behalf to send communications you have requested or that are necessary for service operation.
• Railway (Railway Corporation) — Cloud infrastructure and hosting. Railway hosts our application infrastructure and processes data as needed to provide computing, storage, and network services.

Each sub-processor is bound by a Data Processing Agreement (DPA) that requires them to process personal data only as instructed by us and to implement appropriate security measures.

7. International Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). Where such transfers occur, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission for the recipient country, where applicable.
• Binding Corporate Rules or other legally recognized transfer mechanisms.

You may request a copy of the applicable safeguards by contacting us at hello@tessera.click.

8. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us provide and improve our services.

• Strictly necessary cookies: Essential for the website to function. These cannot be disabled.
• Functional cookies: Remember your preferences such as cookie consent choices and display settings.
• Analytics cookies: Help us understand how visitors interact with our website by collecting information anonymously.

You can manage your cookie preferences through the cookie consent banner displayed on your first visit, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by providing a prominent notice on our website or by email.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

• Email: hello@tessera.click
• Privacy inquiries: privacy@tessera.click

We aim to respond to all privacy-related inquiries within 30 days of receipt.