Last Updated: February 14, 2025
At Tylvendo, we're serious about protecting your personal information. This policy explains what data we collect, how we use it, and your rights under German and European data protection laws. We've written this in plain language because legal jargon helps nobody.
Tylvendo provides React Native development education through our online platform at tylvendo.com. We're based in Munich and operate under German data protection regulations, specifically the GDPR (General Data Protection Regulation) and BDSG (Federal Data Protection Act).
For all privacy matters, you can reach us at:
We only gather information that actually helps us run our educational platform. Here's what that looks like in practice.
When you sign up for our learning program or contact us, you provide basic details like your name, email address, and sometimes your phone number. If you enroll in paid courses, we'll need billing information too—though payment processors handle the sensitive financial data, not us.
Like most websites, we automatically collect certain technical data when you visit. This includes your IP address, browser type, device information, and which pages you viewed. We use this to understand how people use our platform and where we need to make improvements.
As you work through our React Native courses, we track your progress—which lessons you've completed, quiz scores, project submissions, and time spent on different modules. This helps us personalize your learning experience and shows you where you're making progress.
We don't collect: Social media activity, browsing history from other websites, or any information not directly related to our educational services.
Your data serves specific purposes. We're not interested in using it for anything beyond providing quality education and improving our platform.
Obviously, we need your information to actually deliver the courses you signed up for. This means creating your account, tracking your progress, sending course materials, and responding to your questions. Without this data, we simply couldn't run an online learning platform.
We'll email you about course updates, schedule changes, and important announcements related to programs you've enrolled in. Sometimes we send newsletters about new courses or features—but you can opt out of those anytime while still receiving essential course-related emails.
We analyze how students interact with our platform to figure out what's working and what needs fixing. For example, if many students drop off at a particular lesson, that tells us we might need to redesign that content. This analysis uses aggregated data whenever possible.
Sometimes German or EU law requires us to retain certain records or provide information to authorities. We only do this when legally obligated.
Under GDPR, we need a lawful basis to process your personal data. Here's what applies to different types of processing:
| Purpose | Legal Basis |
|---|---|
| Providing educational services you signed up for | Contract fulfillment (GDPR Art. 6(1)(b)) |
| Sending marketing emails about new courses | Your consent (GDPR Art. 6(1)(a)) |
| Analyzing platform usage to improve services | Legitimate interest (GDPR Art. 6(1)(f)) |
| Retaining financial records | Legal obligation (GDPR Art. 6(1)(c)) |
We don't sell your information to anyone. But running an online platform means working with some trusted service providers.
We use hosting services to keep our platform running, email services to send you course materials, and payment processors to handle transactions. These companies only access the data they need to perform their specific functions, and they're contractually obligated to protect your information.
We use analytics services to understand how people use our platform. These tools collect data in aggregate form whenever possible. We've configured them to respect privacy as much as feasible while still giving us useful insights.
If a court order or German law enforcement requires it, we may need to disclose certain information. This happens rarely, and we'll notify you unless legally prohibited from doing so.
Data processors we work with are located within the EU or have appropriate safeguards in place for international data transfers, as required by GDPR Chapter V.
We don't keep information longer than necessary. Different types of data have different retention periods based on their purpose and legal requirements.
While your account is active, we maintain your profile information and learning progress. This continues until you complete your courses or decide to close your account.
When you close your account, we delete most personal information within 30 days. However, German tax law requires us to keep financial records for ten years. We also retain anonymized learning data for research and platform improvement.
If you create an account but never enroll in courses and don't log in for two years, we'll send you an email asking if you want to keep your account. No response means we'll delete it after another 90 days.
European data protection law gives you significant control over your personal information. Here's what you can do.
You can request a copy of all personal information we hold about you. We'll provide this in a structured, commonly used format (usually JSON or CSV) within 30 days. There's no charge for your first request in a 12-month period.
If any of your personal data is wrong or outdated, you can update it directly in your account settings or ask us to correct it. We'll make the changes promptly.
You can request deletion of your personal information at any time. We'll comply unless we have a legal obligation to retain certain records (like financial data for tax purposes). After deletion, you won't be able to access your course progress or materials.
In some situations, you can ask us to limit how we use your data while keeping it stored. For example, if you're disputing the accuracy of your information, we can pause processing until we verify it.
You can request your data in a portable format and transfer it to another service provider. This applies to information you provided to us based on consent or contract.
When we process data based on legitimate interest (like platform analytics), you can object. We'll stop unless we have compelling legitimate grounds that override your interests.
For processing based on your consent (like marketing emails), you can withdraw that consent anytime. This doesn't affect the lawfulness of processing before withdrawal.
To exercise any of these rights, email us at info@leasetecg.com with "Data Rights Request" in the subject line. We'll respond within 30 days.
Our website uses cookies—small text files stored on your device. Here's what they do and how you can control them.
These cookies are necessary for our platform to function. They handle things like keeping you logged in and remembering your course progress. You can't disable these without breaking core functionality.
We use these to understand how people navigate our platform. They help us identify confusing interfaces or technical issues. You can opt out of analytics cookies through our cookie settings.
Most browsers let you control cookies through their settings. You can block all cookies, accept only certain types, or delete existing cookies. Keep in mind that blocking essential cookies will prevent you from using our platform properly.
We take technical and organizational measures to protect your information from unauthorized access, loss, or misuse.
Our platform uses industry-standard encryption (TLS/SSL) for data transmission. We encrypt sensitive data at rest, implement access controls, and conduct regular security audits. Our servers are located in secure German data centers with physical access restrictions.
Only authorized personnel can access personal data, and only to the extent necessary for their job functions. We maintain logs of who accesses what data and when.
Our team receives regular training on data protection requirements and security best practices. Everyone who handles personal data signs confidentiality agreements.
Use a strong, unique password for your account. Don't share your login credentials. Log out when using shared computers. Contact us immediately if you suspect unauthorized access to your account.
We primarily store and process data within the European Union. When we use service providers outside the EU (which we minimize), we ensure they provide adequate protection through mechanisms approved by the European Commission.
This might include Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms under GDPR Chapter V. You can request details about specific transfers by contacting us.
Our services are designed for adults and teenagers aged 16 and older. We don't knowingly collect information from anyone under 16 without parental consent. If you're under 16 and want to use our platform, please have a parent or guardian contact us first.
If we discover we've inadvertently collected data from someone under 16 without proper consent, we'll delete it promptly.
We update this privacy policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify you by email and post a notice on our platform. The "Last Updated" date at the top shows when we last modified this policy.
Continuing to use our services after changes take effect means you accept the updated policy. If you don't agree with changes, you can close your account.
You have the right to lodge a complaint with the German data protection supervisory authority if you believe we've violated your data protection rights.
For Bavaria (where we're located), that's:
You can also contact the supervisory authority in your EU member state if that's more convenient.
If anything in this policy is unclear or you have questions about how we handle your data, we're here to help.