Privacy Policy

Updated: April 2026

TeamPulse ("we", "us", "our") is a team wellbeing and mental health monitoring platform operated by Oleh Kaminskyi as a self-employed professional activity (Selbständige Tätigkeit) pursuant to §18 EStG. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the German Federal Data Protection Act (BDSG).

1. Data Controller

The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR is:

Oleh Kaminskyi
Bienroder Weg 53
38108 Braunschweig, Germany
VAT ID: DE458987763
Email: work.olegkaminskyi@gmail.com

2. Legal Basis for Processing (Art. 6 GDPR)

We process personal data only when there is a lawful basis to do so. Depending on the specific processing activity, the legal basis may be one or more of the following:

• Consent (Art. 6(1)(a) GDPR): Where you have given explicit consent to the processing of your personal data for one or more specific purposes. For health and wellbeing data, which constitutes special category data under Art. 9 GDPR, we rely on your explicit consent pursuant to Art. 9(2)(a) GDPR. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Contract Performance (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. This applies to providing the TeamPulse platform services, managing your account, and processing payments.
• Legitimate Interest (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. This applies to ensuring platform security, preventing fraud, improving our services, and conducting anonymized statistical analysis.

3. What Data We Collect

3.1. Personal Data

• First name, last name, email address, job title
• Company or organization name, team size, and role within the organization
• Account credentials (passwords are stored only in hashed form)
• Billing and payment information (processed by third-party payment providers)

3.2. Health and Wellbeing Data

• Responses to daily mood and wellbeing check-ins
• Stress indicators, energy levels, and sleep quality metrics (when wearable devices are connected)
• Anonymized sociometric data reflecting team interaction patterns
• Voluntary comments, feedback, and self-reported wellbeing notes

Health and wellbeing data constitutes special category data under Art. 9 GDPR. We process this data solely on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you can withdraw at any time.

3.3. Integration Data

• Data from wearable devices (such as Oura Ring, Apple Watch, Fitbit, Garmin, Whoop) -- collected only with your explicit consent and revocable at any time
• Metadata from communication platform integrations (Slack, Microsoft Teams, Telegram) -- limited to activity metadata only; we never access or store the content of your messages

3.4. Technical Data

• IP address (anonymized after session end)
• Browser type and version, operating system
• Device type (desktop, mobile, tablet)
• Pages visited and time spent on the platform
• Referral source

Technical data is collected to ensure the security and proper functioning of the platform and is processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR).

4. Purposes of Processing

• Service Delivery: Providing access to the TeamPulse platform, displaying individual dashboards and aggregated team analytics
• AI-Powered Analytics: Detecting trends, identifying burnout risks, and generating personalized wellbeing recommendations
• Alerts and Notifications: Notifying HR managers or team leads about critical changes in aggregated (never individual) wellbeing metrics
• Account Management: Managing your subscription, processing payments, and providing customer support
• Platform Improvement: Analyzing anonymized usage patterns to improve features, usability, and performance
• Security: Protecting against unauthorized access, fraud, and abuse of the platform
• Communication: Sending essential service notifications, security alerts, and -- only with your consent -- marketing communications

5. Data Protection Principles

5.1. Employee Privacy

• Each employee sees only their own individual data; no other employee, manager, or administrator can access personal-level wellbeing data
• Managers and HR personnel receive exclusively aggregated analytics that cannot be used to identify individual employees
• Team-level reports are only generated when the team has a minimum number of participants to prevent de-identification
• Personal health and wellbeing data is never disclosed to employers, insurers, or any third party without explicit consent

5.2. Technical Measures

• All data in transit is encrypted using TLS 1.3
• All data at rest is encrypted using AES-256
• Regular security audits and vulnerability assessments
• Multi-factor authentication (MFA) available for all accounts
• Access logging and monitoring for all sensitive data operations
• Principle of least privilege applied to all internal access controls

6. Data Processing Agreements (Art. 28 GDPR)

Where we engage sub-processors to process personal data on our behalf, we have entered into Data Processing Agreements (Auftragsverarbeitungsverträge) in accordance with Art. 28 GDPR. Our primary sub-processor is:

• DigitalOcean, LLC -- Cloud hosting and infrastructure services. All TeamPulse data is hosted on DigitalOcean servers located in the European Union (Frankfurt, Germany). DigitalOcean acts as a data processor under our instructions and is bound by a Data Processing Agreement that ensures GDPR-compliant handling of all personal data.

We carefully vet all sub-processors to ensure they provide sufficient guarantees to implement appropriate technical and organizational measures in compliance with the GDPR.

7. Data Protection Officer

Pursuant to §38 BDSG, the appointment of a Data Protection Officer (Datenschutzbeauftragter) is required only when an organization regularly employs at least 20 persons who are constantly engaged in automated processing of personal data. As a self-employed professional with fewer than 20 employees engaged in data processing, TeamPulse is not legally required to appoint a DPO.

Nevertheless, for any questions or concerns regarding the processing of your personal data, you may contact us directly at: work.olegkaminskyi@gmail.com

8. Cookies and Tracking

TeamPulse uses a minimal and privacy-friendly approach to cookies:

• Session Cookies: Strictly necessary cookies used to maintain your authenticated session while using the platform. These expire when you close your browser or after a defined session timeout.
• Language Preference Cookie: A functional cookie that stores your selected language (English, German, or Ukrainian) to provide a consistent experience across visits.

We do not use any third-party tracking cookies, advertising cookies, or analytics services such as Google Analytics. No data is shared with advertising networks or social media platforms through cookies or similar technologies.

Because we use only strictly necessary and functional cookies, a cookie consent banner is not required under the ePrivacy Directive. However, you may configure your browser to block or delete cookies at any time.

9. Hosting and Servers

All TeamPulse data is hosted exclusively on servers operated by DigitalOcean, LLC, located in the European Union (Frankfurt, Germany). This ensures that your personal data remains within the EU and is subject to the full protection of the GDPR at all times.

The servers are housed in certified data centers that implement industry-standard physical and technical security measures, including redundant power supplies, climate control, fire protection, and 24/7 monitoring.

10. Data Retention and Deletion

• Active Subscription: Your personal data is retained for the duration of your active use of the platform and the existence of the contractual relationship.
• After Account Deletion or Cancellation: Personal data is deleted within 30 days of account closure or cancellation, unless retention is required by law (e.g., tax retention obligations under German law of up to 10 years for billing data).
• Backup Copies: Data in backup systems is permanently deleted within 90 days following account deletion.
• Anonymized Data: Fully anonymized and aggregated data that cannot be linked back to any individual may be retained indefinitely for statistical and research purposes, as it no longer constitutes personal data under the GDPR.

11. Your Rights under GDPR

As a data subject, you have the following rights under the GDPR. You may exercise any of these rights free of charge by contacting us at work.olegkaminskyi@gmail.com. We will respond to your request within one month.

• Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to receive a copy of that data along with information about the processing.
• Right to Rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data and the completion of incomplete data.
• Right to Erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data ("right to be forgotten") where the data is no longer necessary, you withdraw consent, or the data has been unlawfully processed.
• Right to Restriction of Processing (Art. 18 GDPR): You have the right to request the temporary restriction of processing in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV) and to transmit that data to another controller.
• Right to Object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The competent authority for our business is the Landesbeauftragte für den Datenschutz Niedersachsen (LfD Niedersachsen), Prinzenstraße 5, 30159 Hannover, Germany.

12. International Data Transfers

All personal data is stored and processed on servers located within the European Union (Frankfurt, Germany). We do not routinely transfer personal data outside the EU/EEA.

In the event that a data transfer to a country outside the EU/EEA becomes necessary (for example, through the use of a sub-processor), we will ensure that appropriate safeguards are in place, such as:

• An adequacy decision by the European Commission (Art. 45 GDPR)
• Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR)
• Binding Corporate Rules (Art. 47 GDPR)

We will inform you of any such transfer and the specific safeguards applied.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. In the event of material changes, we will notify you by email at least 30 days before the changes take effect. The updated version will be published on this page with a revised "Updated" date.

Your continued use of the TeamPulse platform after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you may close your account and request deletion of your data.

14. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Oleh Kaminskyi
Bienroder Weg 53
38108 Braunschweig, Germany
Email: work.olegkaminskyi@gmail.com

We aim to respond to all inquiries within 30 days.

← Back to Home