This Privacy Policy is originally drafted in the German language. The English version is provided solely for convenience and ease of understanding. In the event of any discrepancies, ambiguities, or inconsistencies between the German version and the English translation, the German version shall prevail and be legally binding.
As of: April 2, 2026 (Version 1.1)
Quick Overview
Provider and responsible party is Coco GmbH, Franz-Senn-Straße 13, 81377 Munich, Germany. You can reach data protection at privacy@trustroom.eu. Don't hesitate to contact us.
We distinguish between the website and the actual TRUSTROOM software, which follow different technical-conceptual rules.
Website (under www.trustroom.eu):
| Services / Topic | Usage | Data |
|---|---|---|
| Analytics / Tracking: | We use Plausible, a data-minimizing European solution from Estonia that we self-host in Germany. | We anonymize all data. |
| User contact in contact forms and newsletters | Currently no, email works for now. We send our app emails via Brevo (Sendinblue), see below. | No, later Email, Name, First Name; Company, Purposes |
| Data traffic optimization | Cloudflare (EU location), Raidboxes (Germany, Münster) | No |
Application (under app.trustroom.eu):
| Services / Topic | Usage | Data |
|---|---|---|
| Analytics / Tracking: | We use Plausible, a data-minimizing European solution from Estonia that we self-host in Germany. | We anonymize all data. |
| Data traffic optimization: | Without external technology provider | No |
| Account | Registration and login directly through the application | Email, Name, First Name, Screen name, Password, if applicable Wallet ID |
| Payments | Service provider Stripe, Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland | Name, First Name, Credit card data and other payment data such as term and CVC. |
| Contacting and sending emails | Brevo, by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin | Email, Name, First Name, Received Emails, Opens. |
Preamble
Dear Visitor, Dear Applicant, Dear other Contracting Partners or Interested Party,
- we, "COCO – Communications & Collaboration GmbH" from Munich (Franz-Senn-Straße 13, 81377 Munich, info@trustroom.eu), hereinafter simply "COCO" or "we"/"us",
- operate the TRUSTROOM software and its website at trustroom.eu and
- inform you here in accordance with Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) about the processing of your personal data and your data protection rights.
A. General Information on Data Processing
TRUSTROOM is a collaborative meeting software designed for modern teams. Depending on your relationship with us and how you came into contact with our services, different parts of our privacy policy apply to you.
A.1 COCO as Data Controller
The data controller is "Coco – Communications & Collaboration GmbH", Franz-Senn-Straße 13, 81377 Munich, info@trustroom.eu, registered in the Commercial Register of the Munich Local Court under HRB 270907 B, represented by Managing Director Christoph Kappes, Phone: +49 (0) 172 1010289, Email info@trustroom.eu, VAT ID DE348336157.
You can reach our internal data protection officer at privacy@trustroom.eu.
A.2 Scope of Data Processing
Personal data means any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data ("General Data Protection Regulation", GDPR) as well as the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).
A.3 Your Rights
As a data subject, you have the following rights in accordance with the statutory provisions:
- the right of access,
- the right to rectification or erasure,
- the right to restriction of processing,
- the right to data portability,
- If you have provided us with your personal data based on consent, you can revoke the consent at any time with effect for the future,
- You can object to the processing of your personal data if your personal data is processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, insofar as there are reasons arising from your particular situation.
To exercise these above-mentioned rights, you can contact us at any time, e.g. by email at privacy@trustroom.eu.
You also have the right to lodge a complaint with a supervisory authority of your choice (e.g. Bavarian Commissioner for Data Protection https://www.datenschutz-bayern.de/vorstell/impressum.html).
B. Data Processing in Connection with Our Website
B.1 Access to Our Website
When you visit our website, we automatically collect certain information that your browser transmits to our server. This information is temporarily stored in a so-called log file.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring the functionality of our website)
Retention period: The data is deleted as soon as it is no longer required for the purpose for which it was collected.
C. Data Processing in Connection with Our App
C.1 Service Provision
As part of our service, you can create, edit and share rooms and content via the web application. Depending on what you or other users enter into the software, personal data may be processed.
Legal basis: The data processing described above is based on the fulfillment of a contract and is required for this purpose (Art. 6 para. 1 lit. b GDPR).
Recipients: Recipients of the data are technical service providers in Germany. The service providers are obligated as processors to process the data only in accordance with our instructions set out in data processing agreements.
Duration of storage: Subject to statutory retention periods, we generally delete your data 3 years after the last user activity or after you have deleted your user account.
C.2 Registration and Login
If you create an account or log in with an existing account, COCO must process certain personal data such as profile data (username, email, possibly avatar photo), IP address and company data.
Legal basis: The data processing described above for creating or accessing your account is based on the fulfillment of a contract and is required for this purpose (Art. 6 para. 1 lit. b GDPR).
C.3 Payment Processing
When processing and monitoring payments for paid services, you must provide us with certain information that may contain personal data, such as profile data, company name, VAT ID, company address.
Recipients: The recipient of the data is STRIPE Payment Europe Ltd., Ireland, a subsidiary of a US service provider with global server instances.
Duration of storage: Due to applicable tax laws, we generally retain payment records for 10 years.
D. Data Security
We use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser when visiting the website. Whether an individual page of our website is transmitted in encrypted form can be recognized by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
E. Currency and Changes to this Privacy Policy
This privacy policy is currently valid and has the status of December 2025.
Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed at any time on the website at /privacy.