Privacy Policy
Last updated: April 21, 2026
Thundera Group ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services at thundera.eu and all associated subdomains.
1. Information We Collect
Information you provide
| Data | Purpose | Required |
|---|
| Name | Display name across services | Yes |
| Email address | Account identification, notifications | Yes |
| Phone number | Account recovery, security verification | Yes |
| Password | Authentication (stored as bcrypt hash) | Yes |
| Recovery email | Account recovery | No |
| Profile photo | Display across services | No |
Information from third-party sign-in
When you sign in with Google, Microsoft, Facebook, or GitHub, we receive:
- Your name and email address
- Your profile picture (if available)
- A unique identifier from the provider
We do not access your contacts, files, or any other data from these providers.
Information collected automatically
- IP address (for security and audit logging)
- Browser user agent (for session management)
- Login timestamps and authentication events
2. How We Use Your Information
- To provide and maintain your Thundera account
- To authenticate you across all Thundera services (Single Sign-On)
- To send security notifications (password resets, MFA changes)
- To detect and prevent unauthorized access or abuse
- To maintain audit logs for security compliance
3. Data Storage and Security
- All data is stored in encrypted databases hosted on AWS infrastructure in the EU/US
- Passwords are hashed using bcrypt with 12 salt rounds
- All traffic is encrypted via HTTPS (TLS 1.2+)
- Access tokens expire after 15 minutes; refresh tokens after 7 days
- Authentication events are logged for security audit purposes
4. Data Sharing
We do not sell, trade, or rent your personal information. We may share data only in the following cases:
- With your organization administrator, if you are part of an organization account
- When required by law or legal process
- To protect the rights, property, or safety of Thundera Group or its users
5. Cookies
We use essential cookies for authentication:
| Cookie | Purpose | Duration |
|---|
| thundera_token | Session authentication | 15 minutes |
| thundera_refresh | Session renewal | 7 days |
We do not use tracking cookies, analytics cookies, or advertising cookies.
6. Your Rights
You have the right to:
- Access your personal data through your account settings
- Correct inaccurate information
- Delete your account and associated data
- Export your data
- Withdraw consent for optional data processing
7. Data Retention
- Account data is retained as long as your account is active
- Audit logs are retained for 12 months
- Deleted accounts are purged within 30 days
- Backup data is purged within 90 days of account deletion
8. Children's Privacy
Our Services are not intended for children under 16. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Services.
10. Contact
For privacy-related questions or requests, contact us at privacy@thundera.eu.
Thundera Group — thundera.eu
