Last updated: February 2026
The controller within the meaning of Art. 4(7) GDPR is:
FRYR UG (haftungsbeschränkt)
Alteburger Str. 306
50968 Köln, Deutschland
E-Mail: hello@tyff.me
Website: https://tyff.me
Geschäftsführung: Nadine Walther (CEO), Ben Niehaus (CTO)
Handelsregister: HRB 124094, Amtsgericht Köln
USt-IdNr: DE455407097
TYFF (“Thank You For Failing”) is a community platform that helps entrepreneurs build failure tolerance. This privacy policy explains what personal data we collect, why we process it, and what rights you have under the EU General Data Protection Regulation (GDPR), the EU Data Act (Regulation 2023/2854), and other applicable legislation.
When you access tyff.me, our hosting provider (Vercel) automatically collects server log data including your IP address, browser type and version, operating system, referrer URL, pages visited, and date/time of the request. This data is necessary for the technical delivery of the website and to ensure its security.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and stable website operation).
Retention: Log files are automatically deleted after 30 days.
Your quiz answers and calculated spice level are processed entirely in your browser. No quiz data is transmitted to or stored on our servers.
Legal basis: No personal data is processed server-side.
When you submit a story to the Spice Wall, we collect: your story text, chosen spice level, optional display name, optional location, and optional email address.
Legal basis: Art. 6(1)(a) GDPR (your consent when submitting the form). You can withdraw consent at any time by requesting deletion of your story.
Retention: Stories are retained as long as the Spice Wall is active. You can request deletion at any time via hello@tyff.me.
If you provide your email address and opt in to community updates, your email is stored by our email marketing provider Mailerlite. We use double opt-in where required.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Retention: Until you unsubscribe. Every email contains an unsubscribe link.
Only with your explicit consent (via the cookie banner), we use PostHog to collect anonymised usage data such as page views, button clicks, and feature usage. PostHog does not use cross-site tracking.
Legal basis: Art. 6(1)(a) GDPR (your consent).
Retention: Analytics data is retained for 12 months, then automatically deleted.
Submitted stories are automatically checked for profanity, URLs, and email addresses using rule-based text filters. No artificial intelligence or automated decision-making within the meaning of Art. 22 GDPR is used. Flagged content is reviewed by a human moderator.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in maintaining community standards and protecting users).
We distinguish between technically necessary cookies and optional cookies:
You can manage or withdraw your cookie preferences at any time by clicking “Cookie Settings” in the footer or by using the cookie banner that appears on your first visit.
We use the following third-party services to operate TYFF:
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Vercel | Website hosting, edge functions | IP address, request metadata | EU / US (SCCs) |
| Supabase | Database, authentication | Story data, email addresses | EU (Frankfurt) |
| PostHog | Analytics (consent required) | Anonymised usage events | EU / US (SCCs) |
| Mailerlite | Email marketing (opt-in only) | Email address, name | EU (Lithuania) |
| Upstash | Rate limiting | IP address (temporary) | EU (Frankfurt) |
Google Fonts: Typography is self-hosted via Next.js (next/font). No requests are made to Google servers. No data is transferred to Google.
Some of our service providers process data in the United States. These transfers are protected by EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and, where applicable, by the EU-U.S. Data Privacy Framework. We ensure that all processors provide adequate safeguards as required by Chapter V GDPR.
In accordance with Regulation (EU) 2023/2854 (Data Act), we inform you that data generated through your use of TYFF (such as story submissions) remains accessible to you. You may request a copy of your data or its deletion at any time. TYFF does not use connected devices or IoT products, so the product data access provisions of the Data Act do not apply to this service.
TYFF does not employ artificial intelligence systems for profiling or automated decision-making that produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR or the EU AI Act (Regulation (EU) 2024/1689). Content moderation uses rule-based text filters (keyword matching), not AI or machine learning models. The Spice Test quiz uses a deterministic scoring algorithm processed entirely in your browser.
This site uses SSL/TLS encryption for security reasons and to protect the transmission of personal data. You can recognise an encrypted connection by the “https://” prefix in your browser's address bar.
You have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@tyff.me. We will respond within one month as required by Art. 12(3) GDPR.
Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The competent supervisory authority for our company is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2–4
40213 Düsseldorf
Website: www.ldi.nrw.de
We may update this privacy policy to reflect changes in our data processing practices or legal requirements. The current version is always available at tyff.me/privacy. Material changes will be communicated through a notice on the website.
FRYR UG (haftungsbeschränkt)
Alteburger Str. 306
50968 Köln, Deutschland
E-Mail: hello@tyff.me