Privacy Statement for TensorPM

Version 1.7 – Last updated: February 1, 2026

In accordance with Article 13 of the General Data Protection Regulation (GDPR)

1. Controller

The controller responsible for data processing is:

Simon Schwer
Wolfringstraße 14
90765 Fürth, Germany
Email: info@tensorpm.com

2. Overview of Data Processing

We are committed to protecting your personal data. This privacy statement explains how we process your data when you use our TensorPM software and website.

TensorPM is designed with data minimization principles in mind. However, to deliver our core service of AI-enhanced project management, we need to process certain project data.

2.1 Data Processing Principles

We adhere to the following principles when processing your data:

  • Data minimization – we collect and process only what is necessary
  • Purpose limitation – we use data only for the purposes specified in this statement
  • Storage limitation – we retain data only as long as necessary
  • Integrity and confidentiality – we implement appropriate technical and organizational measures

2.2 Operating Modes

TensorPM offers five modes of operation with different data processing implications:

a) No AI Mode: All project data remains on your local device. Only anonymous installation IDs and version information are sent to our servers for update purposes and installation statistics.

b) API Key Mode: When you choose to use your own API key from third-party AI providers (Google, OpenAI, Anthropic, Mistral or other supported providers), your project data is sent directly to these providers. The API keys are stored only on your local device. Where the operating system makes secure encryption (e.g. macOS Keychain / Windows DPAPI / Linux keyrings) available and you have enabled the in‑app encryption setting, keys are stored encrypted. If OS‑level encryption is unavailable or disabled, keys are stored locally in cleartext within the app's local database; in this fallback we never transmit them off device. We never store, transmit, or have server‑side access to your third-party API keys.

c) TensorPM Subscription Service: When using our subscription service (including the free trial), your project data is processed through our proxy server using Google Cloud (Vertex AI) with Gemini models and Mistral AI to facilitate AI requests. We do not store your project data but temporarily process it to fulfill your AI requests. All registered users receive a free trial with 50 AI requests using Gemini 2.5 Flash Lite that never expires. Users who upgrade to Pro receive 500 AI requests per month with access to advanced AI models via Google Cloud Vertex AI and Mistral AI.

d) Local AI Mode: When using locally hosted AI models through frameworks such as LM Studio, vLLM, or Ollama:

  • All AI processing occurs entirely on your local device
  • No project data or AI requests are transmitted to TensorPM servers or any external servers
  • No personal data is collected or processed by TensorPM in this mode
  • Your data remains completely under your control on your device
  • We have no access to, visibility of, or control over the data processed by your local AI models
  • The privacy of your data depends entirely on your local setup and the AI frameworks you choose to use

e) Cloud Sync (Cloud & Pro): If you enable Cloud Sync, selected project data is transmitted to and stored on our servers to synchronize your projects across devices. Cloud Sync is available for Cloud and Pro accounts (including trials). If you use shared workspaces, other users you invite to the same workspace can access the shared workspace data. Data is hosted in Germany (Hetzner, Nürnberg). Data transfers are protected via HTTPS/TLS.

In addition, Cloud Sync uses end-to-end encryption (E2E): encryption and decryption of workspace content happens on your devices. Workspace content is stored on our servers only in encrypted form. We cannot decrypt this content.

For technical reasons, certain metadata must remain in cleartext for synchronization and access control (e.g., workspace and project IDs, timestamps, deletion markers, and technical sync metadata). Such metadata may be processed and stored on our servers.

The encryption keys required for decryption are stored locally on your devices (using your operating system’s secure storage where available). We do not provide server-side key escrow. If all devices/keys are lost, encrypted Cloud Sync content cannot be recovered.

2.3 Age Restriction

TensorPM is intended for users who are at least 16 years of age. We rely on user self‑certification during account creation and do not perform active age verification. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected personal data from an individual under 16 years of age, we will take steps to delete such information from our systems.

3. Personal Data We Process

3.1 When visiting our website:

We use Cloudflare Web Analytics, a web analytics service that does not use cookies. It helps us understand aggregated usage of our website (e.g., which pages are visited) so we can improve content and performance. Cloudflare processes technical request data (such as IP address and user agent) to deliver the website and provide analytics; we do not use these data to identify you.

Cloudflare Web Analytics provides the following aggregated data to us:

  • Page views and visitor counts (without personal identification)
  • Referrer sources (search engines, social media, direct traffic)
  • Country of origin (approximate, derived from IP address; we do not store individual IP addresses as part of our analytics reporting)
  • Device type (desktop, mobile, tablet)
  • Browser type (Chrome, Firefox, Safari, etc.)
  • Operating system (Windows, macOS, Linux, etc.)

This data is:

  • Collected without cookies or persistent identifiers
  • Aggregated and cannot be used to identify individuals
  • Not linked to any personal information
  • Retained for analytics purposes only

We do not use fingerprinting techniques or track users across sites or devices.

3.2 When using the contact form:

If you use the contact form, we collect:

  • Your name (if provided)
  • Your email address
  • The content of your message
  • IP address (for security purposes, anonymized after 7 days)

These data are used solely to process your inquiry. Contact form data is retained until your inquiry is resolved, after which it is deleted unless legal requirements necessitate longer retention.

3.3 When using the TensorPM software:

In all modes: An anonymous installation ID (UUID) for installation statistics and version information for update purposes. This data is retained indefinitely but contains no personal information.

In subscription mode: Your email address and password (stored using PBKDF2 with 100,000 iterations, SHA-512 hash function, and a 32-byte random salt) for account management and authentication with our proxy service. JWT tokens are also used for secure authentication. Access tokens are valid for 60 minutes. Refresh tokens are encrypted and stored locally on your device for up to 30 days using your operating system's encryption. Refresh tokens are never stored on our servers in unencrypted form. For Windows users, passkey credentials may be stored securely on your device if you opt to use passkey authentication. Project data is processed through our proxy server to facilitate AI requests but is not stored permanently on our servers beyond the duration needed to process your request (typically seconds).

In cloud sync mode (Cloud & Pro): If you enable Cloud Sync, selected project data is transmitted to and stored on our servers to synchronize your projects across devices. If you use shared workspaces, workspace members you invite can access the shared workspace data.

Workspace content is end-to-end encrypted in Cloud Sync. Content is stored on our servers only in encrypted form. We cannot decrypt it; however, we do process metadata necessary for synchronization (e.g., workspace ID, project ID, timestamps).

In API key mode: No personal data is processed by us; your project data is sent directly to third-party AI providers (Google / Vertex AI, OpenAI, Anthropic, Mistral or others you configure). We never store or have access to your third-party API keys beyond local on-device storage. For your security, these API keys can be stored with encryption using your operating system's security features where available. If OS-level encryption is unavailable or disabled, the keys are stored locally unencrypted (never transmitted to us). You can remove them at any time within the application.

Authentication services: For authentication purposes (login, password reset, and email verification), we use SendGrid as our email service provider. When you use these features, your email address is processed by SendGrid solely to deliver the authentication email. SendGrid retains this data for up to 5 days. SendGrid may set cookies and collect usage data as described in their privacy policy (https://www.twilio.com/legal/privacy).

Project data processing: When using AI features (in both API Key and Subscription modes), your project information is processed in real-time and sent to AI providers. This includes not only your direct input but also project context information such as project status, imported documents, task descriptions, and other project-related content that provides context for AI processing.

For TensorPM subscription services (both Free Trial and Pro), we use the following AI providers:

  • Google Cloud Vertex AI with Gemini models in the Europe-West1 region (Belgium)
  • Mistral AI (headquartered in Paris, France) for Mistral models

This means your AI requests are processed within the European Union. Mistral AI processes data in accordance with their Data Processing Addendum and has opted out of using customer data for AI model training.

In API Key Mode (BYOK - Bring Your Own Key), you may use any supported AI provider including: Google (Gemini), OpenAI, Anthropic (Claude), Mistral AI, or other providers you configure. In BYOK scenarios we do not proxy or access the prompts or keys. When you use your own API key, your prompts are sent directly to that chosen provider under their own terms and are not processed by our proxy.

We have data processing agreements with Google Cloud and Mistral AI ensuring that your data will not be used for training their AI models.

Application and error logs: For security, troubleshooting, and monitoring purposes, we maintain various logs that include:

  • Error timestamps and types
  • API request metadata (endpoint, status codes, response times)
  • Authentication events (login attempts, token refreshes)
  • User email addresses for authenticated requests
  • Request counts for rate limiting

Importantly, we do not log the actual content of your AI prompts or responses. Only technical metadata about requests is logged. These logs are retained for up to 30 days.

3.5 When using TensorPM Subscription Services:

Free Trial:

  • Email address (retained for the duration of your account)
  • Usage statistics (number of AI requests made, stored indefinitely)

Pro Subscription (when upgrading from free trial):

  • Email address (retained for the duration of the subscription plus 90 days after cancellation)
  • Payment information (processed by Stripe, not stored on our servers)
  • Subscription start and end dates
  • Usage statistics (number of AI requests made, stored indefinitely)

3.6 Authentication and Security Data

Our proxy server API does not use cookies for authentication. Instead, we use:

  • JWT Bearer tokens: Sent in Authorization headers for API authentication
  • Database storage: Authentication data including:
    • Password hashes and salts (using PBKDF2)
    • Passkey credentials for WebAuthn authentication
    • Magic link tokens
    • Authentication logs
    • Token blacklist for revoked tokens

Our authentication database is stored on our servers without additional application-level encryption (relying on server disk encryption at rest). Cloud Sync workspace content is additionally stored end-to-end encrypted at the application level, meaning we cannot decrypt it. We implement industry-standard security practices including salted password hashing and secure token generation.

Third-party Services:

  • Stripe: Processes payments and may set cookies on their payment pages
  • SendGrid: Sends authentication emails and may track email interactions

Security Services:

  • Cloudflare: We use Cloudflare for website security and performance. Cloudflare may process:

    • IP addresses for security and routing (automatically anonymized)
    • Technical data (browser type, request headers) for threat detection
    • Limited cookies for bot protection (__cf_bm: 30 minutes, cf_clearance: session only)

    Purpose: DDoS protection, content delivery, and security filtering. Legal basis: Legitimate interest (website security and performance). See Cloudflare's Privacy Policy.

  • Cloudflare Turnstile: We use Cloudflare Turnstile for bot protection during registration. Turnstile may collect:

    • IP address
    • Browser and device information
    • Interaction data to verify you're human
    • No cookies are set by Turnstile

    The data is used solely for security verification and is not used for tracking or advertising purposes.

Note: Cloudflare Web Analytics does not use cookies or any tracking technology. All analytics data is collected in a privacy-compliant manner without storing any information on your device.

You can manage or delete cookies through your browser settings. Blocking essential cookies may impact the functionality of our website, particularly authentication and payment processing.

4. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Article 6(1)(b) GDPR: To fulfill our contractual obligations (e.g., subscription service, providing AI functionality)
  • Article 6(1)(c) GDPR: To comply with legal obligations
  • Article 6(1)(f) GDPR: To pursue our legitimate interests (e.g., ensuring software functionality, improving services, preventing fraud and abuse)

4.1 Data Processing Roles

Depending on how you use TensorPM, different GDPR roles may apply:

  • If you use TensorPM in a business context to process Personal Data of third parties (e.g., employees, customers), you typically act as the controller for that project data, and we act as your processor for the processing necessary to provide the enabled services (see our DPA).
  • If you use TensorPM for personal purposes (processing your own data), we generally act as the controller for the data we process to provide the service.

No AI Mode: We only process anonymous installation statistics and update information. In this mode, we act as the data controller for the limited data collected.

API Key Mode: When you use your own API key, we do not process your project data. We act solely as a software provider, and you establish a direct relationship with the third-party AI provider. You are the data controller for your project data, and the third-party AI provider is your data processor. We are not involved in this processing relationship.

Pro Subscription Mode: When using our subscription service, we process project data that passes through our proxy server to fulfill AI requests. In a business context, this is typically processing on your behalf as processor. Additionally, we act as a controller for account information (email address, password, subscription details).

Cloud Sync Mode (Pro): If you enable Cloud Sync, selected project data is transmitted to and stored on our servers to synchronize your projects across devices. In a business context, this is typically processing on your behalf as processor. Cloud Sync is implemented using PowerSync synchronization technology; the PowerSync service is operated by us on our infrastructure. Workspace members you invite can access shared workspace data.

Note on E2E: Workspace content is transmitted and stored end-to-end encrypted. In this context we primarily process and store encrypted content as well as the metadata required for synchronization and access control.

Authentication Services: For authentication-related processes, SendGrid acts as our data processor when sending authentication emails. We remain the data controller for your authentication data.

We maintain records of processing activities in accordance with GDPR Article 30 for all personal data processed under our responsibility.

We do not require explicit consent on every software startup, as the processing is necessary for the performance of our contract with you or falls under legitimate interests (for anonymous usage statistics).

5. Data Recipients

Your personal data may be shared with the following recipients:

  • Cloudflare: For website security, CDN, and cookie-less website analytics. Cloudflare may process technical request data (including IP address) for delivery and security; the analytics reporting we receive is aggregated.
  • Stripe: For payment processing in subscription mode. Data shared includes your email address and payment information.
  • SendGrid: For authentication email delivery. Data shared includes your email address and temporary authentication codes.
  • Third-party AI providers: When using AI features. Data shared includes your project data submitted for AI processing.
    • Google Cloud (Vertex AI): For Gemini models in subscription mode (Free Trial and Pro)
    • Mistral AI: For Mistral models in subscription mode (Pro). Mistral AI is headquartered in Paris, France and processes data within the EU. We have a Data Processing Agreement with Mistral AI ensuring your data will not be used for AI model training.
    • Various providers (BYOK only): In API key mode, depending on your chosen provider (Google, OpenAI, Anthropic, Mistral AI, or others); direct transmission outside our proxy
  • Hetzner Online GmbH: Our server hosting provider. All website data is hosted on their servers located in Nuremberg, Germany.
  • INWX GmbH & Co. KG: Our domain registrar in Berlin, Germany.

We have ensured that all service providers comply with data protection regulations through appropriate data processing agreements that include Standard Contractual Clauses where necessary for international transfers. Providers only engaged through BYOK and not routed via our proxy (e.g. Mistral AI in BYOK mode) are not our processors; you establish a direct relationship with them.

6. Data Retention

  • Server logs: Automatically collected server log data are deleted after a maximum of 7 days.
  • Contact inquiries: Data from contact inquiries are deleted once the inquiry has been processed (typically within 30 days), unless legal retention requirements apply.
  • Error logs: Error logs in subscription mode are retained for 30 days, after which they are automatically deleted.
  • Authentication data: SendGrid retains email addresses and authentication codes for up to 5 days.
  • Access tokens: JWT access tokens expire after 60 minutes.
  • Refresh tokens: JWT refresh tokens are encrypted and stored locally on your device for up to 30 days.
  • Subscription data: Email addresses and account information are retained for the duration of the subscription plus 90 days after cancellation.
  • Anonymous installation IDs: Retained for analytical purposes but contain no personal information.
  • Payment data: Stripe retains payment data according to their privacy policy and legal requirements. We do not store payment data on our servers.

7. Data Processing Outside the EU/EEA

When using AI features (either via API key mode or subscription mode), your data may be transferred to servers outside the European Union or European Economic Area, depending on the AI provider's infrastructure. These transfers are protected by:

For subscription mode: Appropriate safeguards such as EU Standard Contractual Clauses (2021 version) with Google Cloud. We have conducted transfer impact assessments and implemented additional technical measures where necessary.

For API key mode: Your direct relationship with the AI provider (we do not control or participate in these transfers). Depending on your chosen provider (OpenAI, Anthropic, Mistral AI, Google, or others), data may be transferred to various jurisdictions.

Authentication emails are processed by SendGrid, which is based in the United States. This transfer is protected by EU Standard Contractual Clauses (2021 version) and additional technical measures as detailed in our data processing agreement with SendGrid.

The specific locations where your data may be processed include:

  • United States (Google Cloud, SendGrid)
  • EU countries (Google Cloud maintains EU infrastructure)
  • Other locations depending on your BYOK provider choice

We regularly reassess the adequacy of protection for these international transfers and will notify you of any significant changes.

8. Website Analytics

8.1 Self-Hosted Analytics

We operate our own analytics system on our infrastructure (Hetzner, Nuremberg, Germany). This system requires your explicit consent before any data is collected. The analytics data we collect includes:

  • Page views and visitor counts
  • Referrer sources
  • Country of origin (determined using a local geolocation database on our server; your IP address is never sent to external services for this purpose)
  • Device type and screen resolution
  • Browser type

Privacy measures:

  • Consent required: No tracking occurs until you provide explicit consent via our cookie banner
  • No cookies or persistent identifiers: We do not store cookies or use local storage for analytics
  • No cross-day tracking: Session identifiers are derived from a hash that changes daily and cannot be used to track you across days
  • IP addresses are never stored: IP addresses are used only for country detection via a local database and for generating a daily session hash, then discarded
  • Local geolocation only: Country detection uses a locally hosted MaxMind GeoLite2 database. No IP addresses are sent to external geolocation services
  • Bot detection: We use behavioral signals (presence or absence of mouse movement, scroll, keyboard, and touch interactions) solely to distinguish real visitors from automated bots. No interaction content is captured.

8.2 Cloudflare Web Analytics

We additionally use Cloudflare Web Analytics, a privacy-friendly analytics tool that:

  • Does not use cookies
  • Is designed to provide aggregated reporting rather than user-level tracking
  • Does not track visitors across devices or websites

Depending on your jurisdiction and the specific processing in your browser (e.g., security cookies set by Cloudflare for bot protection), a consent banner may still be required. Where consent is required for non-essential cookies or similar technologies, we will request it.

The analytics data we collect is fully anonymized and aggregated. We cannot identify individual visitors, and we do not attempt to do so. This approach allows us to improve our website while fully respecting your privacy.

9. Your Rights

Under GDPR, you have the following rights:

  • Right to access (Article 15 GDPR): To know what data we process about you.
  • Right to rectification (Article 16 GDPR): To correct inaccurate or incomplete data.
  • Right to erasure (Article 17 GDPR): To delete your data, subject to legal retention requirements.
  • Right to restriction of processing (Article 18 GDPR): To limit how we process your data.
  • Right to data portability (Article 20 GDPR): To receive your data in a machine-readable format.
  • Right to object (Article 21 GDPR): To object to the processing of your data.
  • Right to withdraw consent (Article 7(3) GDPR): To withdraw previously given consent at any time.

9.1 How to Exercise Your Rights

To exercise these rights, please contact us at info@tensorpm.com with a clear description of your request. We will respond to your request within 30 days. For verification purposes, we may ask for additional information to confirm your identity, such as:

  • Confirmation of email address
  • Basic account information
  • Other identifying information necessary to verify your identity

For complex requests or in case of a high volume of requests, we may extend this period by an additional 60 days, in which case we will inform you within the first 30 days.

9.2 Account Deletion Process

For account deletion requests, please contact us via the contact form or email. We will delete your account and associated personal data within 30 days of your verified request, except for information we are legally required to retain. The account deletion process includes:

  • Verification of your identity
  • Deletion of your user account and associated data
  • Removal from our mailing lists
  • Confirmation email once deletion is complete

10. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. In Germany, this is usually the data protection authority of your federal state.

The supervisory authority responsible for the controller is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: https://www.lda.bayern.de
Email: poststelle@lda.bayern.de

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption: HTTPS/TLS 1.3 for all data transfers, password hashing (PBKDF2), conditional OS-level encryption (safeStorage / Keychain / DPAPI) for API keys & refresh tokens when available
  • Access controls: Role-based access controls, least privilege principle, multi-factor authentication for administrative access
  • Regular security updates: Monthly security patches for all systems and dependencies
  • Vulnerability management: Regular vulnerability scanning and timely patching
  • Firewalls and network security: Web application firewall, network segmentation, intrusion detection
  • Monitoring: Real-time monitoring for suspicious activities and automated alerts
  • Backup procedures: Regular encrypted backups with integrity verification
  • Data minimization: Collection and retention of only necessary data
  • Encryption fallback transparency: If OS-level encryption is not available or disabled, credentials remain only on your local device in unencrypted form; we never transmit them to our servers.
  • Employee training: Regular security awareness training for all staff with access to systems
  • Incident response plan: Documented procedures for handling potential data breaches
  • Third-party audits: Periodic security assessments by external specialists

We regularly test, assess, and evaluate the effectiveness of these measures to ensure the ongoing security of processing.

12. No Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that would produce legal effects or similarly significantly affect you.

13. Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment (DPIA) for the processing of project data through our AI proxy service, as this processing involves transmitting potentially sensitive data to third-party providers. Measures identified in this assessment have been implemented to minimize risks, including data minimization, strict encryption, and contractual safeguards with our AI providers.

14. Changes to this Privacy Statement

We may update this privacy statement from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes through the Software or via email if you are a subscription user. The current version will always be available on our website.

Material changes will be communicated at least 30 days before they take effect. Each updated version will include a revision date and version number at the top of the document.

15. Contact for Data Protection Inquiries

For questions regarding data protection, please contact:

Simon Schwer
Wolfringstraße 14
90765 Fürth, Germany
Email: info@tensorpm.com

11.1 Encryption Availability and Fallback

OS-level encryption relies on platform capabilities. If encryption is unavailable (e.g. headless environments, restricted Linux configurations) or the user disables the in‑app encryption setting, credentials (API keys, refresh tokens) are stored locally in unencrypted form. This does not alter that we never transmit these credentials to our servers. You can delete or rotate keys at any time from within the application.

Version: 1.7 Last updated: February 1, 2026