Privacy Policy

1. Controller

Tomorrowfy UG (haftungsbeschränkt)
Email: fabian.bosler@tomorrowfy.com
Website: https://www.tomorrowfy.com

2. What Data We Collect

When you use OfficeShare, we collect and process the following personal data:

• Account information: Name, email address, and company affiliation (provided during registration or via OAuth sign-in with Google or Microsoft).
• Booking data: Seat and room reservations you create, including dates and times.
• Calendar data: When your company administrator connects a room calendar, we read and write calendar events to keep bookings in sync. We only access the specific room calendars that have been explicitly shared with our service.
• Usage data: Server logs (IP address, browser type, timestamps) for security and debugging purposes.

3. Why We Process Your Data

• To provide the seat booking and room calendar sync service.
• To authenticate you securely.
• To prevent abuse and ensure system integrity.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(f) GDPR (legitimate interests in security and service operation).

4. Third-Party Services

• Vercel: Hosting and serverless functions (EU region).
• Neon: PostgreSQL database hosting (eu-central-1).
• Google APIs: OAuth sign-in and Calendar sync (when configured by your company).
• Microsoft Graph API: OAuth sign-in and Calendar sync (when configured by your company).

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion or company offboarding, personal data is deleted within 30 days.

6. Your Rights

Under GDPR, you have the right to access, rectify, delete, and port your data, as well as the right to object to or restrict processing. Contact us at fabian.bosler@tomorrowfy.com to exercise these rights.

7. Contact

For privacy-related inquiries, please email fabian.bosler@tomorrowfy.com.