Privacy Policy

Thicle Sàrl-S is the controller for OSSora account, billing, support, website, and product data where it determines why and how that data is processed. Registered address: 3 Um Paerchen, 8352 Dahlem, Luxembourg. Company registration number: B265768. VAT number: LU33898674.

For privacy questions, contact hello@ossora.eu. For product support, contact support@ossora.eu.

OSSora is a filing-preparation software tool for small EU e-commerce sellers. It helps users upload CSV sales exports, map columns, validate rows, generate quarterly country summaries, and export filing-prep reports.

OSSora is not a tax advisor and does not file tax returns for users.

The exact data collected depends on how you use OSSora. We aim to collect only what is reasonably needed to provide, secure, support, and improve the service.

OSSora processes uploaded business data so the service can parse, validate, summarize, and export it. CSV exports may include customer or order-level information depending on the source system and the columns you upload.

Users should avoid uploading unnecessary personal data where possible. If a column is not needed for OSS filing-preparation, consider removing it before upload.

OSSora uses cookies or similar technologies for authentication, session security, service operation, and basic technical diagnostics. Because OSSora currently uses strictly necessary cookies only, it does not show a non-essential cookie consent banner.

OSSora currently uses strictly necessary cookies only. If analytics, advertising, or other non-essential cookies are added later, OSSora will update its Cookie Policy and add any required consent flow before using them.

Where EU or Luxembourg data protection law applies, OSSora may rely on several legal bases depending on the context: performance of a contract to provide the service, legitimate interests in securing and improving the service, compliance with legal obligations, and consent where required.

Examples include performance of a contract for account access and product workflows, legitimate interests for security and abuse prevention, legal obligations for billing and business records, and consent where required for optional communications or future non-essential cookies.

OSSora does not sell user data. Data may be shared with service providers where needed to operate the service.

Some service providers may process data outside Luxembourg or the European Economic Area. Where this happens, OSSora uses provider terms, data processing agreements, and transfer safeguards that are appropriate for the service and data involved, such as Standard Contractual Clauses where applicable.

The current core provider stack is described in OSSora's compliance documentation and should be updated whenever providers or data flows change.

OSSora retains account and billing records for as long as needed to provide the service, maintain business records, meet legal obligations, resolve disputes, and support security.

Uploaded imports, parsed rows, summaries, and exports are retained while needed for the product workflow and according to plan limits or manual deletion. Starter currently has 90 days of import history. Growth and Founder currently have unlimited import history within the product policy.

Audit logs, security logs, and rate-limit records are retained for security, abuse prevention, troubleshooting, and business record purposes for as long as reasonably needed.

Deleted uploads may be soft-deleted in the application and removed from active views while related audit or billing usage records may be retained where needed.

OSSora uses technical and organizational measures intended to protect accounts and uploaded data. No internet service can guarantee absolute security, and users should keep passwords secure and limit uploaded data to what is needed.

If you believe your account or data may be at risk, contact support promptly at support@ossora.eu.

Depending on where you are located and how you use OSSora, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal data.

To make a privacy request, contact hello@ossora.eu. We may need to verify your identity and account relationship before acting on a request.

You may also have the right to complain to Luxembourg's data protection authority, the CNPD, or another competent supervisory authority.

Send privacy requests to hello@ossora.eu. Include the email address linked to your OSSora account and a short description of the request. Do not include unnecessary sensitive information in the request email.

This Privacy Policy may be updated as OSSora evolves, as providers change, or as legal requirements change. The latest version will be posted on this page with an updated effective date.