Privacy Policy

TOGET. / Tessa Hövel · As of: February 2026 · in accordance with Art. 13, 14 and 21 GDPR and § 25 TTDSG

Data Controller

TOGET. / Tessa Hövel
Königsallee 14
40212 Düsseldorf
Germany

Phone: +49 178 671 4463
Email: info@toget.de
Website: www.toget.de
VAT ID: DE157225603

1. Introduction and Scope

We, TOGET. / Tessa Hövel (hereinafter "TOGET." or "we"), take the protection of your personal data very seriously. This privacy policy informs you in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about the nature, scope and purpose of the processing of your personal data when using our platform.

TOGET. is a digital placement platform that connects freelancers with companies (clients). The platform enables the creation of profiles, the posting and awarding of projects, and complete processing including time tracking and payment processing.

This privacy policy applies to all users of the platform – freelancers, clients and visitors of the website www.toget.de.

2. Data Collection during Registration and Use

During registration and login on our platform, we process the following data via the Supabase Auth service:

Email address
Password (stored exclusively in hashed form – never in plain text)
User ID (system-generated UUID)
Session token (temporarily stored in the browser's localStorage)

Freelancers create a personal profile with personal data (name, date of birth, phone), address data, body measurements, activities & regions, media content (photos, videos) and tax data.

Companies create a company profile with company data, contact data, address data and VAT ID. The legal basis is Art. 6 para. 1 lit. b GDPR (contract performance).

3. Technical Data and Cookies

In your browser's localStorage, we exclusively store: Supabase session token (for automatic recognition during login) and the language setting (i18n). This data remains locally on your device and is automatically deleted when you log out.

We use a technically necessary cookie to store the page navigation state (sidebar_state). Duration: approximately one year; exclusively to improve user experience.

To display fonts, we load resources from Google Fonts. Your IP address is transmitted to Google LLC in this process. Insofar as data is transferred to the USA, this is done on the basis of EU Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR).

Only with your consent (Art. 6(1)(a) GDPR, § 25 TTDSG) do we use Vercel Analytics and Vercel Speed Insights. These services of Vercel Inc. (USA) are used for usage statistics and performance measurement. You give your consent via our cookie banner and can withdraw it at any time via the "Cookies" link in the footer.

We obtain consent for non-essential cookies and similar technologies via a cookie banner on first visit and store your choice (e.g. 12 months). Legal basis: Art. 6(1)(a) GDPR, § 25(1) TTDSG.

Storage periods (excerpt)

Session token: until logout
sidebar_state: approx. 1 year
Consent setting: 12 months
Analytics data (Vercel): up to 24 months

4. Payment Processing and Third Parties

We use the Stripe service for payment processing. No complete payment data is stored on our servers. Stripe is certified under the EU-US Data Privacy Framework.

For the creation and management of invoices, we use the accounting software sevDesk. Files and media content are stored via Supabase Storage within the European Union.

Recipient	Location	Purpose
Supabase Inc.	EU (Frankfurt)	Hosting, database, auth, storage
Stripe Inc.	EU / USA	Payment processing, payouts, subscriptions
sevDesk GmbH	Germany	Accounting, invoice generation
Google LLC	USA	Font rendering
Vercel Inc.	USA	Analytics, Speed Insights (with consent only)

5. Your Rights as a Data Subject

To exercise your rights, please contact: info@toget.de

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw consent (Art. 7 para. 3 GDPR)
Right to lodge a complaint (Art. 77 GDPR)

Competent Supervisory Authority

State Commissioner for Data Protection and Freedom of Information NRW (LDI NRW)
P.O. Box 20 04 44 · 40102 Düsseldorf
Website: www.ldi.nrw.de · Email: poststelle@ldi.nrw.de

6. Contact and Data Protection Inquiries

For questions, information requests or other data protection concerns:

TOGET. / Tessa Hövel
Königsallee 14 · 40212 Düsseldorf
Phone: +49 178 671 4463
Email: info@toget.de

We endeavor to respond to your inquiry as quickly as possible, but no later than within one month (Art. 12 para. 3 GDPR).

As of: February 2026 · TOGET. / Tessa Hövel · Königsallee 14, 40212 Düsseldorf · info@toget.de · www.toget.de