Terminaro

Privacy Policy

Terminaro – offered by Sebastian Software GmbH

As of: March 9, 2026

1. Responsible Party

Sebastian Software GmbH

Dalheimer Straße 12

55128 Mainz

Germany

Phone: +49 6131 9729-830

Email: privacy@terminaro.eu

Legally represented by: Sebastian Fastner and Sebastian Werner (Managing Directors)

Data Protection Officer: The appointment of a data protection officer is not required pursuant to Art. 37 GDPR in conjunction with Section 38 BDSG. For data protection inquiries, please contact us directly at the email address stated above.

2. General Information

Terminaro is a web-based service for appointment booking and management. We take the protection of your personal data seriously and process it exclusively in accordance with legal regulations, in particular the General Data Protection Regulation (GDPR) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

No cookies are set on the public website. In the logged-in area, the browser's local storage (localStorage) is used for session management (see Section 4.3). For website analysis, we use Plausible Analytics in a cookieless, privacy-friendly configuration (see Section 3.3).

3. Technical Infrastructure

3.1 Website Delivery and Infrastructure (Bunny.net)

For the delivery of our website and the underlying infrastructure, we use services from BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. Specifically, we use:

  • CDN (Content Delivery Network): Delivery of static website files (HTML, JavaScript, CSS) via a globally distributed server network
  • Edge Scripting: Server-side logic executed at Bunny.net nodes
  • Storage: Storage of static files and assets

With each page request, Bunny.net processes technical connection data, in particular IP address, timestamp, requested URL, and browser and device information. This data is technically required for website delivery. Under the data processing agreement, Bunny.net is contractually obligated to hold all raw log data including personal information exclusively in working memory (RAM) and to automatically delete it after 20–30 seconds. No permanent storage of IP addresses or connection data takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable operation of the website).

Third country transfer: For the delivery of the website via Bunny.net's global CDN network, technical connection data (in particular IP addresses) may also be temporarily processed on servers outside the European Economic Area (EEA). This data is held exclusively in the working memory (RAM) of the respective CDN nodes and is automatically deleted after 20–30 seconds; no permanent storage takes place. The transfer is safeguarded by a data processing agreement pursuant to Art. 28 GDPR. Bunny.net contractually guarantees that all sub-processors employed implement appropriate technical and organizational safeguards in accordance with GDPR requirements. A Transfer Impact Assessment (TIA) has been conducted in accordance with the requirements of the CJEU's Schrems II ruling and the EDPB recommendations, confirming the adequacy of the protective measures in place.

Further information: bunny.net/privacy and bunny.net/gdpr

3.2 Application Data (Hetzner)

All user data – in particular account data, appointments, and booking information – is processed and stored exclusively on servers of Hetzner Online GmbH in Germany. No transfer of this data to third countries takes place.

Legal basis: Art. 6(1)(b) GDPR (performance of contract) for the processing of user data such as account data, appointments, and booking information; Art. 6(1)(f) GDPR (legitimate interest) for the technical operation and ensuring the security and integrity of the application infrastructure.

3.3 Web Analytics (Plausible Analytics)

For the statistical analysis of website usage, we use the open-source software Plausible Analytics. The Plausible instance is operated by Sebastian Software GmbH on its own server hosted by Hetzner Online GmbH in Germany. No data is transferred to third parties or to countries outside the European Economic Area (EEA).

Plausible Analytics operates without cookies, without local storage, and without browser fingerprinting. No personal data is stored. In particular, IP addresses are used solely for the purpose of geolocation (country-level) and are discarded immediately thereafter; they are not logged or stored at any point.

The following data is collected in anonymized and aggregated form:

  • Page URL and referrer
  • Browser and operating system
  • Device type (desktop, mobile, tablet)
  • Country (derived from IP address, which is immediately discarded)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest). We have a legitimate interest in understanding how our website is used in order to continuously improve it. Given the privacy-friendly design of Plausible Analytics (no cookies, no personal data storage, no tracking across websites, self-hosted in Germany), we consider the minimal impact on users' privacy to be proportionate to this interest.

4. Processing Areas

4.1 Public Website (Landing Page)

When visiting our public website, only the technical connection data described in Section 3.1 is processed by Bunny.net. No personal data is collected beyond this.

4.2 Registration and User Account

To use Terminaro, registration is required. We process the following data:

  • Name
  • Email address
  • Password (stored encrypted)
  • Account-related settings and configurations

Legal basis: Art. 6(1)(b) GDPR (performance of contract). The information is required to use the service.

Retention period: Data is stored for the duration of account usage. After termination, data is deleted within 30 days, unless statutory retention obligations apply (in particular Sections 257 HGB and 147 AO, which may require retention of commercial and tax-relevant records for up to 10 years).

4.3 Session Management

After login, a session token is stored in the browser's local storage (localStorage). This token is used exclusively for authentication and allows users to remain logged in without having to enter a password on each page visit.

The token is stored exclusively locally in the browser and is not used for tracking or advertising purposes. It is deleted upon logout.

Legal basis: Section 25(2) No. 2 TDDDG (technically necessary for the provision of the service). Consent is not required.

4.4 Booking Form

Persons who book an appointment through a publicly shared booking form submit the following data:

  • Name (required)
  • Email address (required)
  • Company (optional)
  • Phone number (optional)
  • Reason for booking (optional)

This data is stored to manage the appointment and process the booking. The account holder who provides the booking form is the sole data controller for the personal data of the persons booking through it. Terminaro processes this data exclusively as a data processor on behalf of the account holder pursuant to Art. 28 GDPR and acts solely in accordance with the account holder's instructions. Persons who book an appointment may exercise their data subject rights (e.g., access, rectification, erasure) with the respective account holder.

A data processing agreement pursuant to Art. 28 GDPR is concluded with account holders who use Terminaro for the processing of booking data. This agreement can be viewed at terminaro.eu/en/dpa.

Legal basis: Art. 6(1)(b) GDPR (implementation of pre-contractual measures at the request of the data subject).

Retention period: Booking data is stored until 90 days after the appointment date and then automatically deleted, unless statutory retention obligations require longer storage.

A reference to this privacy policy is displayed on the booking form.

4.5 Waitlist

Our website offers the option to sign up for early access to Terminaro via a waitlist. We collect only the email address of the person signing up.

Purpose: Notification about the launch of Terminaro.

Legal basis: Art. 6(1)(a) GDPR (consent). Registration is voluntary.

Retention period: The email address is stored until the launch of Terminaro, but no later than January 1, 2027, or until consent is withdrawn — whichever occurs first. Withdrawal is possible at any time by contacting: privacy@terminaro.eu

4.6 Calendar Integration

Customers can connect their own calendar with Terminaro in their account settings (e.g., Google Calendar, Apple Calendar, or any CalDAV-compatible service). This connection is used exclusively to check the customer's availability and prevent double bookings.

Terminaro accesses the connected calendar in read-only mode. No data is written back to the customer's calendar.

Booking data from visitors is never transmitted to the customer's calendar provider. It remains exclusively on our servers in Germany (Hetzner).

Additionally, Terminaro provides each customer with a CalDAV subscription link. Through this link, customers can integrate their appointment bookings into a calendar app of their choice. The use of this link is the customer's responsibility.

Important notice regarding the CalDAV link: When using the CalDAV subscription link with third-party calendar applications, booking data (including names and contact details of persons who booked) may be transmitted to the servers of the respective calendar provider. Depending on the provider, these servers may be located outside the European Economic Area (EEA). In such cases, an adequate level of data protection cannot be guaranteed by Terminaro. The use of the subscription link is therefore at the customer's own risk and responsibility.

Security recommendation: The CalDAV subscription link contains a unique access token and should be treated as confidential. Do not share this link with unauthorized third parties, as anyone in possession of the link can access the booking data it contains.

Legal basis: Art. 6(1)(b) GDPR (performance of contract). The connection can be disconnected at any time in the settings.

Note: The data processing by the respective calendar provider (e.g., Google, Apple) is governed by the provider's own privacy policy. Terminaro has no influence on this processing. Account holders who use the CalDAV subscription link are obligated to inform persons who book appointments about any such calendar integration in their own privacy policy.

5. Email Communication

Terminaro sends automated emails, such as booking confirmations and appointment reminders. These emails are sent via our own infrastructure operated in Germany. No third-party providers are used for sending emails.

Legal basis: Art. 6(1)(b) GDPR (performance of contract and execution of the booked appointment).

6. Data Processors

We use the following service providers as data processors within the meaning of Art. 28 GDPR:

BunnyWay d.o.o.CDN, Edge Scripting, Storage (Slovenia, EU)

Hetzner Online GmbHServer hosting (Germany)

Written contracts pursuant to Art. 28 GDPR exist with all data processors.

7. Your Rights

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR) – see Section 8 below for detailed information

To exercise your rights, please contact: privacy@terminaro.eu

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Sebastian Software GmbH is:

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate (LfDI RLP)
Postfach 30 40
55020 Mainz
Germany
Phone: +49 6131 8920-0
Website: datenschutz.rlp.de

8. Right to Object (Art. 21 GDPR)

If we process your personal data on the basis of a legitimate interest (Art. 6(1)(f) GDPR), you have the right to object to this processing at any time for reasons arising from your particular situation.

This applies in particular to the processing described in Sections 3.1 (website delivery via Bunny.net), 3.2 (technical operation of the application infrastructure), and 3.3 (web analytics via Plausible Analytics).

If you object, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

To exercise your right to object, please contact: privacy@terminaro.eu

9. Automated Decision-Making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.

10. Currency of this Privacy Policy

We reserve the right to amend this privacy policy in the event of changes to the service or the legal framework. The current version is always available on our website.

Registered users will be notified of material changes to this privacy policy in advance by email to the address stored in their account. This ensures that users in an existing contractual relationship are informed of any relevant changes in a timely manner.