Privacy Policy

Last Updated: September 26, 2024

1. General

The Deta Services provided by the company Deta GmbH (hereinafter “Deta”, “us”, ”we” “our”) provides this Privacy Policy to inform users of our policies and procedures regarding the collection, use and disclosure of information received from users of the Surf software, and any other application, feature, content, website (“Site”), software, or service offered by Deta in connection to the Surf software (collectively, together with the Site, our “Service(s)”, “Deta Services”.)

By using our Services you are consenting to our Processing of your information as set forth in this Privacy Policy, and our Terms and Conditions which are available at: https://deta.surf/terms, now and as amended by us.

“Processing” means using cookies on a computer or using or accessing information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

TL;DR - We will not sell your data to anyone.

• We will send you some emails with respect to product updates and general communications.
• We use services like Amplitude, Plausible, and Sentry to measure interactions with and improve Deta. Neither Plausible nor Sentry does collect any personal information.
• We use services like Hunter, Loops, and Google Workspace to communicate and provide information and offer support once you have signed up for Deta.
• We use Amazon Web Services to process and store data, and Azure and Open AI to provide you with enhanced functionality and interaction in our Services.
• Deta considers the information of users to be confidential. Deta GmbH will protect private information from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care.

2. Information Collection and Use

Our primary goals in collecting information from you are to provide you with and improve the products and services made available through the Service, to communicate with you, and to manage your registered user account, if you have one.

We may also use your information to operate, maintain, and enhance the Service and its features, and to provide customer support to users.

3. Information Collected Upon Registration

You provide us with information when you use the Services, register for an account, make a transaction on the Service, or send us customer service-related requests. If you desire to have access to certain restricted sections of the Site, you will be required to become a registered user, in certain cases pay a fee, and to submit certain personally identifiable information to Deta. This happens in a number of instances, such as when you sign up for Deta, or if you desire to receive marketing materials and information. Information that we may collect in such instances may include your IP address, full user name, password, email address, city, time zone, credit card and other billing information, preferences, telephone number, and other information that you decide to provide us with. We may link such information with other information you provide about yourself.

4. Use of Contact Information

In addition, we may use your contact information to market to you, provide you with information about our products and services, or otherwise communicate with you, including but not limited to our Service. If you decide at any time that you no longer wish to receive such information or communications from us, please unfollow us, send your request to us by email at [email protected], delete your account, or follow the unsubscribe instructions provided in any of the communications.

5. Log Data

When you use our Services, including visiting the Site, our servers (AWS and Cloudflare) automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your IP address, browser type or the domain from which you are visiting, the web-pages you visit, the search terms you use, and any advertisements on which you click. For most users accessing the Internet from an Internet service provider the IP address will be different every time you log on. We use Log Data to monitor the use of the Site and of our Service, and for the Site’s technical administration. We do not associate your IP address with any other personally identifiable information to identify you personally.

6. Cookies and Automatically Collected Information

While we are keeping it to a minimal degree, like many websites, we might also use “cookie” technology to collect additional website usage data and to improve the Site and our Service. A cookie is a small data file that we transfer to your computer’s hard disk. Deta may use both session cookies and persistent cookies to better understand how you interact with the Site and our Service, to monitor aggregate usage by our users and web traffic routing on the Site, and to improve our Service. A session cookie enables certain features of our Service and is deleted from your computer when you disconnect from or leave the Site. A persistent cookie remains after you disconnect from or leave the Site and may be used by your browser on subsequent visits to the Site. Persistent cookies can be removed by following your web browser help file directions. Most Internet browsers automatically accept cookies. You can instruct your browser, by editing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Please note that if you delete, or choose not to accept cookies from Deta, you may not be able to utilize the features of the Deta Services to their fullest potential. Deta does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who use Deta.

We may also use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users, and may be connected with other information about you.

7. Third Parties

Some of your personal data is collected from and/or shared with third party service providers:

Amplitude

We use Amplitude to give us insights into how customers use our Service and where we could improve it. Your username and email address might be stored in Amplitude.

Amazon (AWS)

We use Amazon Web Services for storage, processing of data, and as an identity provider. AWS stores any password you may provide when opting to use email login (we do not have access to this password), as well as other data you may provide when signing up such as username and email address, or which you otherwise decide to provide and store in our Services.

Azure

We use Azure to get further access to OpenAI’s services, to enhance the functionality of our products and Services, and tagging of images. Data that you choose to provide in some of our AI features might be processed and stored by Azure and/or OpenAI. This might include technical logs. Please be mindful about the data that you decide to share with Azure and OpenAI, and avoid sending personally identifiable information.

Cloudflare

We use Cloudflare to host our Site and APIs and ensure stability of the Service. User IP addresses and country/region of access might be processed and stored with Cloudflare.

Google

In communicating with our users, and emails sent to us, pass through Google and Google Workspace. Additionally, we use Google Drive, Google Docs, Google Spreadsheets, and Google Meets to communicate, analyze and store data that might contain your email address or other personal data.

Hunter

We use Hunter for customer interaction and to offer support. Your email address may be stored in Hunter.

Loops

We use Loops, the email platform, for customer interaction and to offer support. Your email address may be stored in Loops.

OpenAI

We use OpenAI’s services to enhance the functionality of our products and Services, including code generation, prompt returns, and interface interaction. All data that you choose to provide in any of our AI features might be processed and stored by OpenAI. This might include technical logs. Please be mindful about the data that you decide to share with OpenAI, and avoid sending personally identifiable information.

Sentry

While collecting no personally identifiable data, we use Sentry to collect error reports from our backend servers, and frontend applications. When an error occurs, certain technical information, including device information, may be shared with Sentry to help us diagnose and resolve the issue.

Typeform

We use Typeform to perform user surveys – any data that you submit through Typeform and our user surveys will be processed and stored with Typeform.

8. Security

Deta is very concerned about safeguarding the confidentiality of your personally identifiable information, as well as other data you decide to provide or store in our Service. Private data access is only allowed to selected authorized employees, and we only access it after explicit permission from the user or when we deem it necessary to protect the integrity of our Service. No sensitive data (secret tokens, keys, etc.) is stored in plain text. They are either encrypted at rest or only their hashed values are stored. However, please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that information about you will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our administrative, physical, and electronic safeguards. We will make any legally-required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored personal data to you via email or conspicuous posting on this Site in the most expedient time possible and without unreasonable delay, consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Your personal data may be transferred, stored and processed in the European Economic Area (“EEA”), United States (“US”) or any other country in which our service providers maintain facilities. By using our domains, you consent to any transfer, storing or processing of personal data outside of your country of residence and outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

To ensure the continuous operation of our Service, we will store your personal data until you decide to delete it in the Service, or request us to delete it. To request the deletion of your personal data, please follow the instructions on how to delete your account, in your account settings, or send us an email at [email protected].

9. Your Rights

Please know your rights by learning about the EU General Data Protection Regulation, also more commonly known as GDPR, or your local privacy laws and reach out to us if you’d have any questions or concerns. Summarizing some of your key rights:

• This policy is part of your right to be informed before you create an account or use our Service. You have access to your personal data that we process and a right to know for what purposes we use it;
• Where you have given us consent to collect and process personal data, you may withdraw your choice for us to stop doing so at any time. Please be aware that this has an impact on the use and functionality of our Service, and we will delete your user account;
• You may rectify any personal data that may be inaccurate or incomplete and request us to erase your account, including personal data that we or any of our partners have collected;
• Under particular circumstances you may restrict processing, such as direct marketing and/or on the basis of legitimate interests following GDPR Article 6 sub 1 (f);
• The personal data collected by us and requested by you, should be delivered to you in a common, portable and machine-readable format;
• Objections can be made for example by filing a complaint with your local privacy authority. For Germany this is Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit. For other countries in the EEA, please refer to: https://edpb.europa.eu/about-edpb/board/members_en.

10. Age

Our Services are intended for people who would like to browse and enjoy the Surf software. By agreeing to our Privacy Policy and Terms and Conditions, you represent that you are allowed to use our Service according to your jurisdiction’s applicable age limits. Please note we have no ready access or instant knowledge of anyone’s age.

If you are considered a minor in your country, you must have your parent or legal guardian’s help to understand this agreement, permission to use the Services, and their acceptance of these Terms on your behalf. If you are under the age of 13, you may not have an account with Deta Services unless you have your parent or legal guardians permission. If we learn or have reason to suspect that you are a user who is under your jurisdiction’s applicable age limit, we will unfortunately have to close your account.

11. Contact Us

Deta GmbH in its role as data controller is a for profit company with its operational headquarters at Sophienstr. 8, 10178 Berlin, Germany. To exercise any of the rights described above or in case of concerns, questions or inquiries, please email us at [email protected].

We promise to respond as soon as possible. For account deletion or data dumps, please mention “privacy” anywhere in the subject header.