logo

Tembra

Data protection

Simple API

arrow_back
  • Terms of Use
  • Data Processing Agreement
  • Privacy Policy (GDPR)

Terms of Use

Effective Date: November 1st, 2025

Last Updated: November 1st, 2025

1. Introduction

These Terms of Use (“Terms”) govern your access to and use of the Tembra software-as-a-service platform, including all related websites, applications, and services (collectively, the “Service”).

The Service is operated by Bronislav Klučka, with registered office at Bedřicha Smetany 111, Staňkov, 34561, Czech Republic, company ID (IČO): 72632399, (“we”, “us”, “our”).

By creating an account or using the Service, you (“User”, “you”) agree to these Terms. If you do not agree, do not use the Service.

2. Eligibility and Account Registration

You must be at least 18 years old and have full legal capacity to enter into a contract.

To use the Service, you must create an account and provide accurate, complete, and up-to-date information.

You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account.

We reserve the right to suspend or terminate accounts involved in fraudulent, abusive, or unlawful activity.

3. Description of the Service

The Service allows users to create, manage, and publish digital content through a cloud-based platform.

We may update or improve the Service periodically. Such updates may add, remove, or modify features. Continued use after updates constitutes acceptance of the modified Service.

4. License and Acceptable Use

We grant you a limited, non-exclusive, non-transferable, revocable license to use the Service in accordance with these Terms.

You agree not to use the Service to:

  • Violate any applicable law or regulation;
  • Upload, distribute, or promote content that infringes copyrights, trademarks, or other intellectual property rights;
  • Upload, publish, or share child sexual abuse material (CSAM), content that exploits or harms children, or content depicting sexual violence;
  • Harass, threaten, defame, or incite violence or discrimination based on race, ethnicity, religion, gender, sexual orientation, or disability;
  • Upload or transmit malware, viruses, or any code that disrupts system integrity;
  • Attempt to gain unauthorized access to or disable any part of the Service or related systems;
  • Use the Service to operate illegal activities, spamming, or phishing.

We reserve the right to remove or restrict access to any content that violates these Terms or applicable law, and to cooperate with law enforcement where required.

5. User Content

You retain ownership of all content you upload or create through the Service (“User Content”).

By uploading User Content, you grant us a non-exclusive, worldwide, royalty-free license to host, store, process, and display such content solely to operate the Service.

You represent and warrant that:

  • You own or have the necessary rights to your User Content;
  • Your content does not violate any intellectual property rights, data protection laws, or third-party rights.

We are not responsible for reviewing or moderating User Content, but we may remove content that violates these Terms or applicable law.

6. Fees, Usage, and Payment

The Service is billed on a usage-based, monthly basis. You pay for what you use during each month, as measured and reported by the Service.

Pricing, usage metrics, and applicable rates are available on our website or your account dashboard.

Invoices are issued at the beginning of each month for your usage during the previous month. Payment is due within 14 days of the invoice date.

All fees are in Euro and include/exclude VAT as required by Czech law.

Failure to pay within the due date may result in suspension or termination of your account.

We reserve the right to update pricing and usage rates with at least 30 days’ prior notice.

No refunds are provided for partial usage periods, except as required by law.

7. Term and Termination

These Terms remain in effect while you use the Service.

You may terminate your account at any time via your account settings or by contacting us.

We may suspend or terminate your access if you:

  • Breach these Terms;
  • Fail to pay amounts due;
  • Engage in unlawful, abusive, or harmful activity.

Upon termination:

  • Your account will be deactivated;
  • We may delete your data immediately, unless required to retain it by law;

Sections 5, 8, 9, 10, and 11 will survive termination.

8. Intellectual Property

All intellectual property rights in the Service (software, designs, logos, documentation) are owned by us or our licensors.

You may not copy, modify, or create derivative works based on the Service.

You may not use our trademarks or branding without prior written consent.

9. Data Protection and Privacy

We process personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection laws.

Our Privacy Policy explains how we collect, use, and protect personal data.

When you process personal data through the Service, you act as a data controller, and we act as your data processor.

Such processing is governed by the Data Processing Agreement to these Terms.

10. Disclaimer and Limitation of Liability

The Service is provided “as is” and “as available”, without warranties of any kind.

To the maximum extent permitted by law, we disclaim all implied warranties, including fitness for a particular purpose, accuracy, or uninterrupted operation.

We are not liable for:

  • Loss of data, profits, goodwill, or revenue;
  • Indirect or consequential damages;
  • Downtime, data corruption, or unauthorized access due to user negligence or third-party actions.

Our total liability under these Terms is limited to the total amount paid by you to us in the 12 months preceding the claim.

Nothing in these Terms limits liability for death, personal injury, willful misconduct, or where prohibited by law.

11. Governing Law and Dispute Resolution

These Terms are governed by the laws of the Czech Republic.

Any dispute shall be resolved by the courts of the Czech Republic.

EU consumers may also submit disputes via the European Online Dispute Resolution (ODR) platform: https://ec.europa.eu/consumers/odr.

12. Changes to These Terms

We may update these Terms periodically. When we do, we will notify you. Continued use of the Service after that date constitutes acceptance of the changes.

13. Contact Information

Bronislav Klučka

Bedřicha Smetany 111

Staňkov - Krchleby, 34561

Czech Republic

📧 info@tembra.app

Data Processing Agreement (DPA)

Effective Date: November 1st, 2025

Last Updated: November 1st, 2025

Part of: Terms of Use between Bronislav Klučka (“Processor”) and the User (“Controller”)

1. Subject Matter and Duration

This Data Processing Agreement (“Agreement”) forms part of the Terms of Use between the Controller and the Processor for the use of the Tembra software-as-a-service platform (“Service”).

The Agreement governs the processing of personal data by the Processor on behalf of the Controller in connection with the Service.

The Agreement remains in force for as long as the Processor provides the Service or retains personal data on behalf of the Controller.

2. Definitions

For the purposes of this Agreement:

  • “Personal Data” means any information relating to an identified or identifiable natural person as defined in Article 4(1) GDPR.
  • “Processing”, “Controller”, “Processor”, and “Data Subject” have the meanings given in Article 4 of the GDPR.
  • “Subprocessor” means any third party engaged by the Processor to process Personal Data on behalf of the Controller.

3. Scope and Purpose of Processing

The Processor shall process Personal Data only to the extent necessary to provide the Service as described in the Terms of Use and in accordance with the Controller’s documented instructions.

The types of personal data and categories of data subjects are described in Annex A below.

The Processor shall not process Personal Data for any purpose other than the provision of the Service or as required by law.

4. Obligations of the Controller

The Controller shall:

  • Ensure that the processing of Personal Data is lawful, fair, and transparent.
  • Obtain all necessary consents or legal bases for processing Personal Data via the Service.
  • Provide documented processing instructions to the Processor.
  • Comply with all applicable obligations under GDPR, including responding to data subject requests.

5. Obligations of the Processor

The Processor agrees to:

  • Process only on documented instructions from the Controller, including with respect to international data transfers.
  • Ensure confidentiality — only authorized personnel bound by confidentiality obligations shall access the data.
  • Implement technical and organizational security measures as required by Article 32 GDPR, including encryption, pseudonymization, access control, and regular security testing.
  • Assist the Controller in fulfilling obligations related to data subject rights, security, breach notifications, and DPIAs (Data Protection Impact Assessments).
  • Notify the Controller without undue delay (and no later than 48 hours) after becoming aware of a personal data breach.
  • Make available all information necessary to demonstrate compliance and allow for reasonable audits by the Controller or an independent auditor (with reasonable notice and during business hours).
  • Delete or return all personal data after the end of the provision of services, unless retention is required by law.

6. Subprocessing

The Controller authorizes the Processor to engage Subprocessors necessary for the provision of the Service, provided that:

  • Each Subprocessor is bound by a written agreement imposing equivalent data protection obligations; and
  • The Processor remains fully liable for the performance of the Subprocessor’s obligations.

The Processor shall notify the Controller of any intended changes regarding Subprocessors and allow the Controller to object within 15 days of notice.

7. International Data Transfers

The Processor shall not transfer Personal Data outside the European Economic Area (EEA) unless:

  • The transfer is to a country with an EU adequacy decision; or
  • Appropriate safeguards under Articles 46–49 GDPR are in place (e.g., Standard Contractual Clauses).

The Processor shall ensure that all Subprocessors involved in such transfers comply with equivalent safeguards.

8. Security Measures

The Processor implements and maintains appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including (as applicable):

  • Access control and authentication
  • Encryption of data in transit and at rest
  • Regular backups and redundancy
  • Logging and monitoring of system access
  • Regular vulnerability assessments
  • Incident response procedures

A detailed overview of implemented measures is available upon written request.

9. Data Subject Rights

Where a data subject makes a request to exercise rights under Chapter III GDPR (e.g., access, rectification, erasure, portability), the Processor shall promptly notify the Controller.

The Processor shall not respond to any such request except on documented instructions from the Controller, unless required by law.

10. Personal Data Breach Notification

In case of a personal data breach, the Processor shall notify the Controller without undue delay and provide details of:

  • The nature of the breach;
  • Categories and approximate number of affected data subjects;
  • Likely consequences; and
  • Measures taken or proposed to mitigate the breach.

The Processor shall cooperate with the Controller in complying with breach notification obligations under Articles 33 and 34 GDPR.

11. Audit and Inspection Rights

The Controller or an independent auditor may audit the Processor’s compliance with this Agreement once per year (or more frequently if required by law).

The Processor shall provide reasonable assistance and access to relevant documentation.

Both parties shall bear their own costs related to audits.

12. Liability

Liability arising from or related to this Agreement shall be subject to the limitations and exclusions of liability set out in the Terms of Use, unless otherwise required by applicable law.

13. Termination and Data Return

Upon termination of the Service:

  • The Processor shall, at the Controller’s choice, delete or return all personal data within 30 days;
  • The Processor shall confirm in writing that deletion has been completed;
  • Data may be retained as required by EU or Czech law (e.g., accounting or legal obligations).

14. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of the Czech Republic, and disputes shall be subject to the exclusive jurisdiction of Czech courts.

Annex A — Details of Processing

Category Description
Subject matter Processing of personal data in connection with the provision of the Tembra SaaS platform.
Duration For the duration of the service subscription or as otherwise agreed.
Nature and purpose Hosting, storage, and management of content and user data on behalf of the Controller.
Types of personal data Names, email addresses, contact details, user IDs, IP addresses, and any personal data uploaded by the Controller.
Categories of data subjects End users, employees, customers, or Service visitors of the Controller.
Subprocessors Cloud hosting (AWS / MongoDB), analytics tools (Google, Microsoft).

Annex B — Technical and Organizational Measures (Example Summary)

  • Encrypted communication (HTTPS/TLS)
  • Password hashing (ARGON2ID)
  • Access restricted to authorized personnel only
  • Role-based access controls
  • Regular software and security updates
  • Encrypted database backups
  • Incident response and recovery procedures

Privacy Policy

Effective Date: November 1st, 2025

Last Updated: November 1st, 2025

1. Introduction

This Privacy Policy explains how Bronislav Klučka (“we”, “us”, “our”) collects, uses, and protects personal data when you use the Tembra software-as-a-service platform (the “Service”).

We are committed to protecting your privacy and processing your personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection laws.

If you do not agree with this Policy, please do not use our Service.

2. Data Controller and Contact Details

Data Controller:

Bronislav Klučka

Bedřicha Smetany 111

Staňkov - Krchleby, 34561

Czech Republic

📧 privacy@tembra.app

If you have any questions or concerns about how we process personal data, contact us at the above address.

3. Categories of Personal Data We Process

We collect and process personal data in the following categories:

Category Examples Purpose
Account DataName, email address, username, company nameTo create and manage your account
Billing DataPayment method, billing address, VAT IDTo process payments and issue invoices
Usage DataIP address, browser type, device info, session logsTo operate, secure, and improve the Service
Content DataFiles, text, images, or other materials uploaded to ServiceTo provide the core functionality of the Service
Support DataMessages, tickets, chat logsTo provide customer support and resolve issues
Marketing Data (optional)Email preferences, opt-in historyTo send product updates and newsletters (with consent)

4. How We Collect Personal Data

We collect personal data in several ways:

  • When you register or update your account;
  • When you use or interact with the Service;
  • When you contact us (e.g., via support or email);
  • Automatically via cookies and analytics tools (see Section 9).

We do not purchase personal data from third parties.

We do not sell personal data to third parties.

5. Purposes and Legal Bases for Processing

We process personal data for the following purposes and legal grounds:

Purpose Legal Basis (Article 6 GDPR)
To provide and maintain the ServicePerformance of a contract (Art. 6(1)(b))
To process payments and issue invoicesPerformance of a contract; Legal obligation (Art. 6(1)(b), (c))
To provide customer supportPerformance of a contract (Art. 6(1)(b))
To send important service updatesLegitimate interest (Art. 6(1)(f))
To improve the Service and user experienceLegitimate interest (Art. 6(1)(f))
To send newsletters or promotional emailsConsent (Art. 6(1)(a))
To comply with accounting and legal obligationsLegal obligation (Art. 6(1)(c))

6. Data Processing on Behalf of Users (B2B/B2C Customers)

When you use Service to process personal data of your own users, customers, or website visitors, you act as a data controller, and we act as a data processor.

Such processing is governed by the Data Processing Agreement.

7. Data Sharing and Subprocessors

We do not sell personal data.

We may share limited personal data with trusted service providers (“Subprocessors”) who help us operate the Service, such as:

Type of SubprocessorPurposeLocation
Cloud hosting (e.g., AWS, MongoDB)Infrastructure and data storageEU / EEA
Payment processor (e.g., PayPal)Billing and payment processingEU / EEA / US (with safeguards)
Email delivery (e.g., AWS)Transactional and support emailsEU / EEA / US (with safeguards)
Analytics tools (e.g., Google, Microsoft)Usage statisticsEU / EEA

All subprocessors are bound by written agreements ensuring GDPR compliance and equivalent security standards.

A full list of subprocessors is available upon request at privacy@tembra.app.

8. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as:

  • An adequacy decision by the European Commission; or
  • Standard Contractual Clauses (SCCs) approved by the Commission.

You may request copies of these safeguards by contacting us.

9. Cookies and Analytics

We use cookies and similar technologies to:

  • Enable core functionality (e.g., authentication, session management);
  • Improve performance and security;
  • Analyze aggregate usage data.

We do not use invasive tracking or third-party advertising cookies.

You can manage or delete cookies in your browser settings.

If you disable essential cookies, some parts of the Service may not function properly.

Analytics data is collected in aggregate, anonymized form and does not identify individual users.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described above:

  • Account data: retained while your account is active;
  • Billing data: retained for 10 years to comply with Czech accounting law;
  • Support data: retained for 12 months after ticket resolution;
  • Content data: deleted after account termination.

We regularly review and delete data no longer needed.

11. Data Security

We implement appropriate technical and organizational measures to protect personal data against loss, misuse, or unauthorized access, including:

  • Encrypted data transmission (HTTPS/TLS);
  • Encrypted database storage and backups;
  • Role-based access controls;
  • Regular software updates and security audits;
  • Incident response procedures.

In the event of a personal data breach, we will notify affected users and supervisory authorities in accordance with Articles 33–34 GDPR.

12. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Access – to obtain a copy of your personal data;
  • Rectification – to correct inaccurate or incomplete data;
  • Erasure (“Right to be Forgotten”) – to request deletion of your data;
  • Restriction of Processing – to limit how your data is used;
  • Data Portability – to receive your data in a structured format;
  • Objection – to object to processing based on legitimate interests;
  • Withdrawal of Consent – where processing is based on consent.

To exercise these rights, contact us at privacy@tembra.app

We will respond within one month, as required by GDPR.

You also have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, Czech Republic) - https://www.uoou.cz/.

13. Children’s Privacy

Our Service is not directed to individuals under the age of 18.

We do not knowingly collect or store personal data of minors.

If you believe a child has provided us personal data, contact us and we will delete it immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make significant changes, we will notify users by email or through the Service.

The “Last Updated” date above reflects the most recent revision.

15. Contact Information

For privacy-related questions or requests, please contact:

Bronislav Klučka

Bedřicha Smetany 111

Staňkov - Krchleby, 34561

Czech Republic

📧 privacy@tembra.app