Privacy Policy
Last updated: January 4, 2026
At BCP Technology ("we", "us", "our"), we take your privacy seriously. This policy describes how we collect, use, and protect your personal information when you use tapioca.
Table of Contents
1. Data We Collect
We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.
Account Information
- Email address
- Name (optional)
- Profile picture (optional)
- Organization name
- Password (stored securely hashed)
Usage Data
- Projects, tasks, and time entries you create
- Comments and attachments
- Financial data you choose to enter
- Integration configurations
Automatically Collected Data
- IP address
- Browser type and version
- Device information
- Usage patterns and feature interactions
- Error logs for debugging
2. How We Use Your Data
We use the information we collect to:
- Provide our services: Operate and maintain the tapioca platform
- Improve our services: Analyze usage patterns to enhance features
- Communicate with you: Send service updates, security alerts, and support responses
- Ensure security: Detect and prevent fraud, abuse, and security incidents
- Comply with law: Meet legal obligations and respond to legal requests
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
3. Data Storage & Security
Where We Store Your Data
For our hosted SaaS service, data is stored in European Union data centers (Germany). For self-hosted deployments, you control where data is stored.
How We Protect Your Data
- Encryption at rest using AES-256
- Encryption in transit using TLS 1.3
- Regular security audits and penetration testing
- Access controls and audit logging
- Regular backups with tested recovery procedures
Data Retention
We retain your data for as long as your account is active. Upon account deletion, we remove your data within 30 days, except where retention is required by law.
4. Third-Party Services
We use the following third-party services to operate tapioca:
| Service | Purpose | Data Shared |
|---|---|---|
| Hetzner | Cloud hosting (EU) | All service data |
| Cloudflare | CDN, DDoS protection | IP addresses, traffic data |
| Stripe | Payment processing | Billing info (not stored by us) |
| Postmark | Transactional email | Email addresses, message content |
All third-party providers are GDPR-compliant and process data under appropriate agreements.
5. Your Rights (GDPR)
Under GDPR and similar regulations, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Export your data in a machine-readable format
- Right to Restrict Processing: Limit how we use your data
- Right to Object: Object to processing of your personal data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
6. Self-Hosted Deployments
If you self-host tapioca, you are the data controller for all data stored in your deployment. This privacy policy applies only to:
- Your interactions with our website (bcp-technology.com)
- Any support requests you submit to us
- Optional telemetry data (if enabled)
- License verification requests (Enterprise)
You are responsible for implementing appropriate privacy policies for your users.
7. Contact Information
For privacy-related inquiries, contact our Data Protection Officer:
BCP Technology
Attn: Ben Cöppicus
Vürfels 102
51427 Bergisch Gladbach
Germany
Email: [email protected]
If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection authority.
This privacy policy is effective as of January 4, 2026. We may update this policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.