Security
Tadoro is an index, not a filing cabinet. This page summarises what we do technically and organisationally to keep your family-protection information safe, and what we deliberately do NOT do.
Tadoro is index, not filing cabinet
We're deliberately not a filing cabinet, Tadoro is not designed for the following four kinds of data. So your preparedness stays safe even if something goes wrong elsewhere.
No document contents
No uploads, no scans, no PDFs. Please don't copy full contents of powers of attorney, wills, policies, or contracts into free-text fields. Tadoro records only organisational pointers, whether a document exists and where it is kept outside of Tadoro.
No passwords
Please don't store passwords, PINs, TANs, recovery codes, or access credentials to banks, insurers, email accounts, password managers, or any other services in Tadoro.
No account numbers or IBANs
Please don't enter IBANs, account numbers, credit-card data, or other payment data in Tadoro. The location field describes where information can be found, not its confidential content.
No medical records
Tadoro doesn't replace clinical documentation. Please don't store diagnoses, findings, medication plans, or medical records. Record only organisational pointers, e.g. “medication list exists, kept in the emergency binder.”
Your data. Your protection.
Hosted in the EU
All data is stored and processed in the European Union, fully GDPR compliant. No transfers to third countries.
Documents stay with you
Tadoro doesn't store documents, only whether something is in place and where it's kept. Your legal documents stay with you.
We don't look at your content
We don't review your data. There's no content inspection, no sharing with third parties, and no selling of your data.
Deletable anytime
You can delete your account and your plan data any time, no questions asked. What's legally required (invoices, suppression lists) stays for the prescribed period.
Nothing to sell you
No insurance, no legal services, no commissions, no advertising. You pay Tadoro directly, and Tadoro works only for you.
AI only if you want it
Tadoro uses AI for onboarding analysis, optional. You can build the plan entirely manually, without any content being sent to external AI services.
Self-funded. No outside investors, no pressure to monetize your data.
EU Hosting and Data Location
The central database (Supabase / PostgreSQL) runs in Frankfurt am Main. Application hosting via Vercel, transactional emails via Resend, bot protection via Cloudflare Turnstile. A complete list of all processors with location and transfer mechanism is in the Privacy Policy (§ 5).
Encryption
Transmissions between your device and Tadoro are encrypted via HTTPS. The database stores content encrypted at rest (AES-256, by Supabase). Passwords are not stored in plain text; they are hashed using current standards. For passkeys, Tadoro does not store private keys, these remain on your device or with your passkey provider.
Access Controls
Data within a preparedness plan is protected by workspace membership and role logic, a plan member only sees that plan's data. Admin access is limited to the operator and technically required maintenance access, additionally secured (passkey step-up via FIDO/WebAuthn), and logged.
Backups
The database is backed up automatically daily. Backups are overwritten according to the regular cycle, currently within 7 days. Backups are used solely for recovery in case of failure and are not used for any other purpose.
Your data belongs to you
- Export anytime. Readable as HTML (print or save as PDF) or as JSON for your own processing. Both available directly from Settings.
- Initiate deletion anytime. Account and plan data are deleted from the active system, unless statutory retention obligations or legitimate interests apply.
- Works even without Tadoro. The generated PDF overviews and emergency plans stay with you: as plain files, without app dependency. If you stop, you keep everything important in hand.
Retention periods arising from legal obligations or legitimate interests: Stripe invoice data, audit logs, email suppression entries, are listed in the Privacy Policy (§ 7 + § 8).
AI Processing
- What is sent?Only the free-text description of your family situation during onboarding, plus inputs for AI-assisted conversation guides. Concrete entry content like location descriptions is not automatically sent to the AI. AI-assisted features process only the inputs you deliberately enter or release for that purpose.
- What does Anthropic store?Anthropic Ireland Ltd. processes the input for analysis, does not store it for model training, and deletes it after a short retention. A data processing agreement (DPA) is in place.
- How to skip AI?In onboarding, choose "Fill in manually, without AI". You then enter areas, people, and items step by step. No free-text analysis, no transmission to Anthropic. The platform is functionally identical.
AI processing details are in the Privacy Policy (§ 5b) and the Terms of Service (§ 12).
What you should NOT enter
Tadoro is not designed to store sensitive original content. Please do not enter passwords, PINs, TANs, full account numbers, IBANs, ID-card copies, diagnoses, medication plans, or full contents of legal, medical, or financial documents. Instead, only record whether a document or piece of information exists and where it is stored. This clarity is the foundation for Tadoro remaining safe even if a single incident occurs.
Reporting a Security Incident
If you suspect a security incident: suspicious sign-in attempts, unusual account activity, or a possible vulnerability, please write to hilfe@tadoro.com. We acknowledge reports within 2 business days.
Questions
For data-protection enquiries, contact datenschutz@tadoro.com.
Last updated: May 2026