LEGAL

Privacy Policy

Last updated: March 2026

1. Introduction

Welthause ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services.

Our platform is designed to comply with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Welthause
Frankfurt am Main, Germany
Represented by: Timur Aynaci

3. Data We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, role, and organization details when you create an account.
  • Usage Data: Information about how you interact with our platform, including audit submissions, timestamps, and device information.
  • Financial Data: Cash reports, revenue figures, and financial entries submitted through the platform. This data belongs to your organization.
  • Media Files: Photos, voice notes, and documents uploaded as part of audit inspections.
  • Contact Information: Information you provide when contacting us through our website forms.

4. How We Use Your Data

  • To provide and maintain our platform services
  • To authenticate users and enforce role-based access control
  • To generate analytics, reports, and audit scores for your organization
  • To send notifications related to your account and platform activity
  • To improve our platform and develop new features
  • To comply with legal obligations

5. Legal Basis for Processing (GDPR Art. 6)

  • Contract Performance: Processing necessary to fulfill our service agreement with your organization.
  • Legitimate Interest: Platform improvement, security monitoring, and fraud prevention.
  • Legal Obligation: Compliance with applicable laws and regulations.
  • Consent: For optional communications and marketing, which you may withdraw at any time.

6. Data Sharing

We do not sell your personal data. We may share data with:

  • Your Organization: Data is accessible to authorized users within your tenant according to role-based permissions.
  • Infrastructure Providers: Cloud hosting and database services located within the EU.
  • Legal Authorities: When required by law or to protect our rights.

7. Data Retention

We retain your data for as long as your organization maintains an active account. Upon account termination, we will delete or anonymize your data within 90 days, unless retention is required by law.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, please contact us through our contact form.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, role-based access controls, and regular security audits.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.