Privacy Policy

This Privacy Policy describes how T-Systemm ("we," "us," or "our") collects, uses, stores, and protects information when you use our bonus distribution and compensation management platform (the "Service"). We are committed to safeguarding the privacy of our users and their employees' data.

1. Information We Collect

1.1 Account Information

When you register or request a demo, we collect:

• Full name and job title
• Work email address
• Company name and size
• Phone number (if provided)
• Billing and payment information (processed by our payment provider)

1.2 Organizational Data

To provide the Service, you may upload or enter:

• Organizational structure (departments, teams, reporting lines)
• Employee names, positions, and employment tenure
• Base salary and compensation data
• Performance metrics, KPIs, and OKRs
• Bonus pool amounts and distribution history

1.3 Usage Data

We automatically collect standard technical data including IP address, browser type, device information, pages visited, and feature usage patterns. This data helps us improve the Service and diagnose technical issues.

1.4 Cookies

We use essential and analytics cookies. See our Cookie Policy for details.

2. How We Use Your Information

We use collected information to:

• Provide the Service — process compensation calculations, generate distribution reports, and maintain your account
• Communicate with you — respond to inquiries, send service updates, and provide support
• Improve the Service — analyze usage patterns, fix bugs, and develop new features
• Ensure security — detect fraud, prevent abuse, and maintain platform integrity
• Meet legal obligations — comply with applicable laws, regulations, and legal processes

We do not sell, rent, or trade your personal or organizational data to third parties. We do not use your compensation data for advertising, profiling, or any purpose unrelated to providing the Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data based on:

• Contractual necessity — to fulfill our obligations under the service agreement
• Legitimate interests — to improve the Service, ensure security, and communicate relevant updates
• Consent — where explicitly provided, such as for marketing communications
• Legal obligations — to comply with applicable law

4. Data Sharing

We share data only in the following limited circumstances:

• Service providers — trusted third parties that help us operate the Service (hosting, payment processing, analytics), bound by data processing agreements. See our Subprocessors page.
• Legal requirements — when required by law, court order, or governmental request
• Business transfers — in connection with a merger, acquisition, or sale of assets, with prior notice to affected users

5. Data Security

We implement industry-standard security measures to protect your data:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Logical tenant isolation — each client's data is strictly separated
• Regular security audits and penetration testing
• Role-based access controls with audit logging
• Automated backups with encrypted storage

For full details, see our Security Overview.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination:

• Organizational data is deleted within 30 days of your written request
• Account information may be retained for up to 12 months to comply with legal and tax obligations
• Usage logs are anonymized or deleted within 90 days

You may request immediate data export or deletion at any time by contacting privacy@t-systemm.net.

7. Your Rights

Depending on your jurisdiction, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Restriction — limit processing in certain circumstances
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent

To exercise these rights, contact us at privacy@t-systemm.net. We respond to all requests within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your jurisdiction. When transferring data outside the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized mechanisms. EU data residency is available for Enterprise clients upon request.

9. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: privacy@t-systemm.net
• General: hello@t-systemm.net