1. Data Controller

The data controller responsible for your personal data is:

Tech4Solutions
ΓΕΜΗ (GEMI) Registration Number: 193538216000
Location: Greece
Email: contact@tech4solutions.com

2. Information We Collect

We may collect the following categories of personal data:

• Identity & Contact Data: Name, email address, phone number, and other details you provide when using our services, submitting a form, or contacting us.
• Technical Data: IP address, browser type, device information, and anonymous usage data collected through Vercel Web Analytics (cookieless, privacy-friendly — see Section 8).
• Service Integration Data: Data processed through third-party services such as Google Sheets, Gmail, Supabase, and Brevo as part of automation workflows we build or manage on your behalf.
• Communication Data: Email correspondence, including emails sent and received via Brevo transactional and marketing email services.

3. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data based on one or more of the following legal grounds:

• Contractual Necessity (Art. 6(1)(b)): Processing necessary for the performance of a contract with you, such as building or managing your website, SaaS platform, or automation workflows.
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as subscribing to a newsletter or authorising access to third-party services (e.g., Google APIs).
• Legitimate Interest (Art. 6(1)(f)): For purposes such as improving our services, website analytics, fraud prevention, and business communications — provided these interests are not overridden by your fundamental rights.
• Legal Obligation (Art. 6(1)(c)): Where processing is required to comply with Greek or EU law, such as tax and accounting obligations.

4. How We Use Your Information

We use your information for the following purposes:

• To provide, maintain, and improve our web development and SaaS services.
• To authenticate your accounts with third-party services such as Google and Supabase.
• To enable and manage automation workflows (e.g., via n8n, Brevo, or custom integrations).
• To process data from Google Sheets, Gmail, Supabase, Brevo, and other integrated tools as part of services we deliver.
• To send transactional and, where you have consented, marketing communications via Brevo.
• To respond to your inquiries and provide customer support.
• To analyse anonymous website usage through Vercel Web Analytics for the purpose of improving our website.

5. Email Communications & Brevo

We use Brevo (formerly Sendinblue) as our email service provider for transactional emails, marketing campaigns, and outreach communications. Brevo acts as a data processor on our behalf under a Data Processing Agreement (DPA).

For outreach and marketing emails, we rely on either your explicit consent or our legitimate interest in business-to-business communication, in accordance with GDPR Article 6(1)(f) and Greek Law 3471/2006 on electronic communications. Every marketing email contains an unsubscribe link, and we honour all opt-out requests promptly.

Brevo stores data within the European Union. For more information, see Brevo's Privacy Policy.

6. API Scopes & Third-Party Integrations

As part of our automation and development services, we may request access to the following API scopes:

• Google Sheets: spreadsheets.readonly and spreadsheets for viewing and modifying data in your sheets.
• Gmail API: gmail.readonly to read email metadata and content, and gmail.send to send automated emails on your behalf.
• Supabase: Database credentials to connect to your project for queries and updates as configured in workflows.
• Other APIs: Depending on the services you integrate, additional scopes may be requested (e.g., CRMs, payment platforms). We will always inform you before requesting new permissions.

We access only the minimum scopes necessary to deliver the agreed services. You may revoke API access at any time through the respective platform settings (e.g., Google Account > Security > Third-party access).

7. Data Processors & Sub-Processors

We use the following third-party services that may process personal data on our behalf. Each acts as a data processor and is bound by appropriate agreements:

• Vercel — Website hosting and deployment (USA, with EU data processing options).
• Supabase — Database and authentication services.
• Brevo — Email delivery and marketing automation (EU).
• Google (Google APIs) — Sheets, Gmail, and other workspace integrations.
• n8n — Workflow automation platform.
• Stripe — Payment processing.

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Cookies & Analytics

Our website uses Vercel Web Analytics, a privacy-friendly, cookieless analytics service. Vercel Web Analytics does not use cookies, does not track users across websites, and does not collect personally identifiable information. It collects only aggregated, anonymous data such as page views, referrers, and device types.

We do not currently use any cookie-based tracking, advertising cookies, or third-party analytics services that require cookie consent. If this changes in the future, we will update this policy and implement an appropriate cookie consent mechanism before deploying such technologies.

Our website may use essential cookies strictly necessary for the functioning of the site (e.g., session management, authentication). These do not require consent under GDPR and the ePrivacy Directive.

9. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data only in the following circumstances:

• With trusted data processors listed in Section 7, strictly for the purpose of providing our services.
• When required by law, regulation, or legal process (e.g., a court order or request from a Greek or EU authority).
• To protect our rights, property, or safety, or the rights, property, or safety of others.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Client project data: For the duration of our business relationship, plus up to 5 years afterwards for legal and accounting purposes as required by Greek tax law.
• Marketing & outreach data: Until you unsubscribe or withdraw consent, after which your data is deleted or anonymised within 30 days.
• Analytics data: Aggregated and anonymous — no personal data is retained.
• Email communication logs: Retained for up to 12 months for service continuity and compliance, unless a longer period is required by law.

11. Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encrypted communications (TLS/SSL) across all services.
• Secure storage and handling of OAuth tokens and API credentials.
• Access controls limiting data access to authorised personnel only.
• Regular security reviews of our infrastructure and integrations.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): Request that we limit the processing of your data.
• Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@tech4solutions.com. We will respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα):
Website: www.dpa.gr
Phone: +30 210 6475600
Email: contact@dpa.gr

13. International Data Transfers

Some of the third-party services we use (such as Vercel and Google) may process data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, including:

• European Commission adequacy decisions (e.g., the EU-U.S. Data Privacy Framework).
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules where applicable by the data processor.

14. Third-Party Links

Our website and services may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or data handling of these external sites. We encourage you to review their privacy policies before providing any personal data.

15. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Material changes will be communicated via email or a prominent notice on our website.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tech4Solutions
Email: contact@tech4solutions.com
ΓΕΜΗ (GEMI): 193538216000

This privacy policy is governed by the laws of the Hellenic Republic (Greece) and the General Data Protection Regulation (EU) 2016/679.