Privacy Policy - Thepia App

Last updated: January 29, 2025

Who We Are

The Thepia App is operated by Thepia GmbH, a Swiss company that provides workflow automation and evidence collection platforms for organizations and the individuals they have business/work relationships with.

Contact Information:

Core Privacy Principles

The Thepia App is built on four foundational principles that protect your privacy:

🔒 Privacy by Design

Personal information never stored with workflow data. We use anonymous User IDs (UIDs) within the workflow database. Your name and email is only stored for authentication purposes in a dedicated service and is never linked to your workflow data.

📱 Local-First Collection

Evidence is collected on your device before submission. Photos, videos, and recordings are captured and filtered locally to submit only the required data to the requesting organization. Anonymized metadata (like “step 3 completed at 2:30 PM”) is synchronized during the workflow.

🗑️ Automatic Deletion

Maximum 90-day retention. All workflow data and metadata is automatically deleted within 90 days of workflow completion or last activity. We’re not a storage service - we help you complete workflows and then delete the data.

🌍 EU-Only Processing

All data processing happens in EU data centers (Germany, Netherlands, Sweden). We rely on Switzerland’s adequate protection status under GDPR. Your account data never leaves the EU unless you explicitly share evidence with organizations outside the EU.

What the Thepia App Does

The Thepia App helps individuals capture and send evidence (photos, videos, voice recordings, documents) according to journeys defined by organizations they have business/work relationships with:

  • Employers and employees
  • Companies and contractors/consultants
  • Insurance companies and policyholders
  • Property managers and tenants
  • Parents and nannies/caregivers
  • Educational institutions and students
  • Researchers and study participants

How It Works

Invitation-Based Access:

You must be explicitly invited by an organization to use the app for specific workflows. The inviting organization:

  1. Should have an existing business/work relationship with you
  2. Provides your email address to send an invitation
  3. Defines the workflow, tasks, and purpose
  4. Sends you an email invitation

When you accept the invitation, you confirm the business/work relationship exists.

Important: The Thepia App is not a job marketplace or gig platform. It’s a workflow tool for existing business relationships.

What organizations cannot do:

  • ❌ Search people using the service
  • ❌ Use the service as a job market
  • ❌ Access your profile or availability

Information We Collect

Personal Information for Your Account

  • Email address - For authentication and important service notifications only
  • Authentication credentials - We use one time passwords and passkeys for passwordless sign-in
  • Anonymous User ID (UID) - A random identifier that cannot be traced back to you (see Privacy by Design)
  • Your Name - To address you in the app and notification emails

Evidence You Capture During Workflows

  • Photos and videos - For documenting objects, environments, and processes (not people). Collected locally per Local-First Collection, then submitted to the requesting organization as part of the workflow
  • Voice recordings - For workflow narration and documentation (not voice pattern analysis)
  • Document scans - For workflow documentation
  • Workflow metadata - Timestamps, completion status, step progress (no personal information, automatically deleted per Automatic Deletion)

Biometric Data Protection

The Thepia App is designed to collect evidence of objects, environments, and processes - not biometric data about you. We implement protective measures:

  • Biometric detection - The app attempts to detect if your face, hands, or voice patterns appear in evidence
  • Sharing warnings - If biometric data is detected, you’ll receive a disclaimer before sharing
  • Anonymization attempts - Where possible, the app will filter or anonymize biometric data
  • No biometric analysis - We do not analyze or store voice patterns, facial features, or other biometric identifiers

Information We Don’t Collect

  • ❌ Your address or phone number
  • ❌ Biometric data (facial features, voice patterns, fingerprints, hand geometry)
  • ❌ Location data beyond what’s in photos you choose to share
  • ❌ Contacts or other phone data
  • ❌ Health, financial, or other sensitive personal data
  • ❌ Browsing history or behavior tracking
  • ❌ Device identifiers or advertising IDs

How We Use Your Information

Account Management

  • Authenticate you securely using passwordless methods: One-Time Password (OTP) or Passkey (WebAuthn)
  • Process organization invitations for specific workflows
  • Send workflow invitations and critical service notifications
  • Connect you to workflows after you accept invitations

Workflow Execution Service

  • Synchronize workflow progress and completion status (anonymized per Privacy by Design)
  • Temporarily store metadata for workflow coordination
  • Facilitate evidence submission from you to the requesting organization as part of completing workflows
  • Maintain audit logs for transparency and compliance
  • Enforce invitation-based access

Service Improvement

  • Anonymous usage analytics (no personal data)
  • Technical performance monitoring and error reporting
  • Security monitoring and fraud prevention

What We Don’t Do

  • ❌ Use your evidence for advertising or marketing
  • ❌ Sell or rent your personal information
  • ❌ Share your data with third parties except as you direct
  • ❌ Store evidence centrally long term (per Local-First Collection)
  • ❌ Track your behavior across websites or apps
  • ❌ Keep data longer than necessary (per Automatic Deletion)

Who Sees Your Information

The Organization That Invited You

After you accept an invitation, the organization can:

  • ✅ Configure workflows and instructions for you, including for purposes like quality assurance, training, documentation, or machine learning training data collection
  • ✅ See anonymized completion statistics (e.g., “15 of 20 workflows completed”)
  • ✅ Receive evidence you submit as part of completing workflow steps
  • ✅ Specify in workflow descriptions how collected evidence will be used (e.g., “Video of toys to train ML classifier”)

The organization cannot:

  • ❌ Access your personal information (name, email, etc.) through the app (protected by Privacy by Design)
  • ❌ See evidence before you submit it (protected by Local-First Collection)
  • ❌ Track your location or activity
  • ❌ Connect your anonymous UID to your identity
  • ❌ Collect your biometric data as workflow evidence

Machine Learning Training Workflows

Some workflows may be explicitly designed to collect training data for machine learning models.

Important protections:

  • Clear disclosure - The workflow description clearly states the ML training purpose and intended use
  • No biometric data - ML workflows capture objects, environments, and processes, not your biometric features
  • Biometric warnings - If the app detects your biometric data, you’ll receive a warning before sharing
  • Your choice - You can decline any workflow
  • Anonymized contribution - Your anonymous UID ensures your identity is not connected to ML training data (per Privacy by Design)

Service Providers

We work with trusted partners who process data only on our behalf:

  • Supabase - Secure authentication and metadata storage (EU data centers)
  • Bunny CDN - Workflow configuration delivery and optional evidence storage (EU-only)

All service providers:

  • ✅ Signed data protection agreements
  • ✅ Process data only in the EU (per EU-Only Processing)
  • ✅ Meet strict security standards (SOC 2, ISO 27001)
  • ✅ Cannot access or use your data for their own purposes

We may disclose information only when:

  • Required by law or legal process (court orders, subpoenas)
  • Protecting our rights, safety, or the safety of others
  • Preventing fraud, security threats, or illegal activity

Your Rights & Control

Your Control Over Workflows

  • Complete visibility - See all workflow steps and required evidence on your device
  • Submit when ready - Every evidence submission requires your explicit action to complete workflow steps
  • Decline journeys - Choose not to participate in any journey invitation
  • Delete anytime - Remove collected evidence or your entire account
  • Offline mode - Collect evidence without internet connection (sync when online)

GDPR Rights (EU Users)

Under GDPR, you have the right to:

🔍 Access

Your account data with us: Download your authentication details and audit logs from your account dashboard.

Submitted evidence: Once evidence is submitted to the requesting organization, they become the data controller. Contact them directly to access that data. We can provide you with:

  • Records of what was submitted and when
  • Which organization received your submissions
  • Your anonymized workflow completion history

✏️ Correct

Update your account information (email, authentication methods) directly in the app settings. For corrections to submitted evidence, contact the requesting organization as they control that data.

🗑️ Delete

Request account deletion:

  • Immediate deletion of your account if no active workflows
  • 30-day notice to organization if workflows are pending
  • Complete removal of your account from our systems
  • Evidence on your device is deleted when you uninstall the app
  • Note: Submitted evidence is controlled by the requesting organization; deletion requests must be directed to them

📦 Portability

Export your workflow metadata and submission records in standard formats (JSON, CSV) from your account dashboard. For submitted evidence, contact the requesting organization.

⏸️ Restrict Processing

Limit our processing by:

  • Not accepting new workflow invitations
  • Not synchronizing workflow progress
  • Closing your account

Note: Once evidence is submitted, restrictions must be requested from the receiving organization.

❌ Object

Object to processing by declining workflow invitations or deleting your account. We cannot process data without your active participation. For objections to use of submitted evidence, contact the requesting organization.

To exercise your rights with us: Use your account dashboard or email people+privacy@thepia.com

To exercise rights over submitted evidence: Contact the organization that invited you to the workflow

Data Retention

Clear, Short Timelines

Data TypeRetention PeriodReason
Account authenticationWhile account is activeEnable secure login
Workflow metadataMaximum 90 daysWorkflow coordination (per Automatic Deletion)
Evidence on deviceUntil you delete or uninstallYour local storage (per Local-First Storage)
Audit logs2 yearsLegal compliance and security
Support tickets1 yearCustomer service quality

Who Controls Deletion?

  • Your account data: You control completely
  • Evidence on your device: You control completely (per Local-First Storage)
  • Workflow metadata: Automatically deleted within 90 days (per Automatic Deletion)
  • Evidence already shared: Recipients control per their privacy policies

International Data Transfers

Default: All data stays in EU data centers per EU-Only Processing.

When you share evidence with organizations outside the EU:

  • We inform you of their location before you share
  • You make the conscious choice to share
  • Recipients become responsible for their jurisdiction’s laws
  • Your account data remains in the EU regardless

Cookies & Tracking

No Tracking

The Thepia App does not use:

  • ❌ Tracking cookies
  • ❌ Analytics cookies
  • ❌ Advertising cookies or pixels
  • ❌ Third-party cookies
  • ❌ Marketing or behavioral tracking
  • ❌ Cross-site tracking

Essential Session Storage Only

We only use local browser storage after you log in to:

  • Keep you securely logged in
  • Store your workflow progress locally (per Local-First Storage)
  • Cache workflow configurations for offline use

This storage:

  • Only exists after you choose to log in
  • Contains no personal information, only anonymous UIDs (per Privacy by Design)
  • Cannot track you across sites
  • Is deleted when you log out or uninstall

Security & Incident Response

Our Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest
  • Access controls: Strict limitations on who can access data
  • Regular audits: Security testing and compliance reviews
  • Incident monitoring: 24/7 automated threat detection
  • Privacy by design: Architecturally impossible to leak PII (per Privacy by Design)

If Something Goes Wrong

In the unlikely event of a data breach:

  • Quick notification: Within 72 hours to authorities (GDPR requirement)
  • Direct communication: We’ll contact you if your data might be affected
  • Transparency: Clear explanation of what happened and our response
  • Remediation: Immediate steps to contain breach and prevent recurrence

Children’s Privacy

The Thepia App is intended for individuals 16 years or older. We do not knowingly collect information from children under 16. If you’re a parent and believe we have your child’s information, please contact us immediately at people+privacy@thepia.com.

Changes to This Policy

How We Handle Updates

  • Significant changes: 30 days advance notice by email
  • Minor updates: Notice in app and on website
  • Version history: Available at thepia.com/privacy-history
  • Your choice: Continue using or delete your account

Contact Us

Questions About Your Privacy

Complaints

If you’re not satisfied with our response:

  • Swiss users: Contact Swiss FDPIC (Federal Data Protection Commissioner)
  • EU users: Contact your local data protection authority
  • Danish users: Contact Datatilsynet

Quick Reference Card

🔑 Key Principles

Our Core Privacy Principles:

  1. Privacy by Design - Personal information never stored centrally
  2. Local-First Storage - Evidence stays on your device unless you share it
  3. Automatic Deletion - 90-day maximum for all workflow metadata
  4. EU-Only Processing - All data processing in EU data centers

📱 How to Exercise Your Rights

  1. Access your data: Account dashboard → Export Data
  2. Correct information: Account settings → Edit Profile
  3. Delete account: Account settings → Delete Account
  4. Get help: people+privacy@thepia.com

⏰ Important Timelines

  • Metadata deletion: 30-90 days automatic (per Automatic Deletion)
  • Account deletion: Immediate or 30-day notice
  • Support response: Within 48 hours
  • Policy changes: 30 days advance notice

This privacy policy is designed specifically for the Thepia App’s evidence collection and workflow execution model. It prioritizes transparency and privacy-by-design architecture while meeting all GDPR and Swiss data protection requirements.