Privacy policy

tuanis is operated by 7spoke. Incorporation in Switzerland is in progress; the registered office and commercial-register number will be added here on completion. Until then, see our imprint for the operator details we can publish today. If you have questions about this policy or how your data is handled, email info@7spoke.com.

Managers (signed-in users). We collect the email address you sign in with, plus the sessions, questions, and runs you create. We use a one-time 6-digit code sent to your email for sign-in — we do not store passwords.

Participants. When someone joins a run, we record the answers they submit. If the session uses nicknames, the nickname they pick is associated with their answers. Anonymous sessions store answers without any participant identifier. We do not collect emails from participants. Open-ended questions allow free-text answers; we ask participants not to include sensitive personal information (health, financial, government-ID) in those answers, and managers are contractually prohibited from asking for such information.

Technical data. Standard request metadata (IP, user agent, request timing) is handled by our hosting and infrastructure providers for security and reliability.

We process personal data only for the purposes below, on the legal bases shown:

• Running your sessions and delivering responses to managers — performance of our agreement with the manager (GDPR Art 6(1)(b); Swiss FADP Art 31(2)(a)).
• Sending sign-in codes and occasional service-related email — performance of the agreement with the manager. We do not send marketing without consent.
• Security, abuse prevention, and reliability — our legitimate interest in keeping the service safe and available (GDPR Art 6(1)(f); Swiss FADP Art 31(1)), balanced against your interests.
• Compliance with legal obligations — where required by applicable law (GDPR Art 6(1)(c)).

tuanis uses a small set of providers to operate. Each handles data only on our behalf:

• Supabase — authentication and database (sessions, questions, runs, responses).
• Resend — transactional email (sign-in codes, invitations).
• Vercel — application hosting and edge delivery.

tuanis is operated from Switzerland. The processors listed above are based in or operate primarily from the United States.

tuanis is currently invitation-only and pre-commercialization. Once 7spoke is incorporated, we will execute the appropriate transfer mechanisms before the service moves beyond invitation-only — the Swiss-US Data Privacy Framework (where a processor is certified), the European Commission's Standard Contractual Clauses with the Swiss FDPIC addendum for transfers from Switzerland and the EU, and the UK International Data Transfer Agreement where relevant. Until then, access remains closed and the only personal data transferred is what is necessary to operate the invitation-only service.

tuanis uses only strictly-necessary cookies. We do not use advertising, analytics, or cross-site tracking cookies.

• Supabase auth cookies (names beginning sb-) — keep signed-in managers authenticated. First-party, HttpOnly. Lifetime up to one year, refreshed on activity.
• participant-cookie — maintains a participant's progress through a run on a single device. First-party. Lifetime tied to the run; up to 30 days.

Sessions, runs, and responses are kept while a manager keeps their account active. Managers can delete their sessions and run history at any time from the manager dashboard. Manager accounts that remain inactive for 24 months are flagged for review and may be deleted after at least 30 days' advance notice to the address on file.

If you close your account, email info@7spoke.com and we will remove your account data from active systems within 30 days. Encrypted backups are rotated on a 35-day cycle, after which deleted records no longer exist in any system.

Depending on where you live, you have the right to access, correct, delete, restrict, or object to the processing of personal information we hold about you, the right to data portability, and the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, email info@7spoke.com from the address on file. We may request additional information to verify your identity if we have reasonable doubts. We will respond within 30 days.

You also have the right to lodge a complaint with a data protection authority — the Swiss Federal Data Protection and Information Commissioner (FDPIC) for Swiss residents, or the data protection authority of your EU member state of residence, place of work, or place of the alleged infringement.

tuanis does not make automated decisions producing legal or similarly significant effects about you (GDPR Art 22). Quiz scoring is mechanical answer-correctness checking, not profiling.

We'll update this page and the date at the top when the policy changes. Material changes — to the processors we use, international transfers, retention, or your rights — are communicated to signed-in managers by email. Non-material changes (clarifications, wording, typo fixes) are reflected on this page with the updated date but not separately notified.

Questions, requests, or anything else: email info@7spoke.com.