S
LoginRegister
Back to home

Privacy Policy

Last updated: March 2026

Data Controller

Adtzaijan Kumaresamoorthy (Steuvo)
Trier, Germany
Email: info@steuvo.tax

Data We Collect

Account Data

Name, email address, phone number, password (stored as encrypted hash)

Tax Data

Income, deductions, tax class, federal state, employer information, tax return details

Usage Data

IP address, browser type, access times, pages visited

Authentication Data

Login timestamps, OTP verification codes (temporary, deleted after 10 minutes)

Legal Basis for Processing

  • Consent (Art. 6(1)(a) GDPR) — Registration, OTP verification
  • Contract performance (Art. 6(1)(b) GDPR) — Tax calculation, account management
  • Legitimate interest (Art. 6(1)(f) GDPR) — Security, service improvement

Purpose of Processing

  • Account management and authentication
  • Tax calculation and ELSTER submission
  • Customer support
  • Service improvement

Storage Duration

  • Account data: Until account deletion
  • Tax return data: 10 years (§ 147 AO — statutory retention obligation)
  • Log data: 90 days
  • OTP codes: 10 minutes

Recipients

  • Hosting: AWS Frankfurt (eu-central-1), planned migration to Hetzner Online GmbH (Germany)
  • Email delivery: Proton Mail AG (Switzerland)
  • ELSTER/ERiC: Federal Central Tax Office (when submission is enabled)

We do not sell your data to third parties. We have no advertising partners.

Third Country Transfers

Data is processed in the EU (Frankfurt, Germany). Email delivery via Proton Mail (Switzerland) is covered by the EU adequacy decision. We plan to migrate to a fully German-owned hosting provider (Hetzner).

Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Supervisory Authority

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Cookies

We use only technically necessary cookies (session, authentication, language preference, theme setting). We do not use tracking cookies, Google Analytics, or any advertising trackers. No cookie consent banner is needed for technically necessary cookies (§ 25 Abs. 2 TDDDG).

SSL/TLS Encryption

All data is transmitted via HTTPS/TLS encryption. Passwords are stored using bcrypt hashing and are never stored in plain text.

Hosting

Our servers are located in Frankfurt am Main, Germany (eu-central-1). Provider: Amazon Web Services EMEA SARL, with planned migration to Hetzner Online GmbH (Gunzenhausen, Germany).

Changes to This Policy

We may update this privacy policy from time to time. The latest version is always available on this page.