Last updated: 14 July 2026 · Language: English (primary). This notice governs the website tissoftware.dev.
Introduction
TIS Software is an AI-native software development studio. This Privacy Notice explains what personal data we collect when you visit tissoftware.dev or contact us, why we collect it, the legal basis on which we rely, who we share it with, how long we keep it, and the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Bulgarian Personal Data Protection Act (Закон за защита на личните данни, "ЗЗЛД"). We have deliberately separated what applies today (a marketing website with a contact / "Build with AI" request form) from what is planned for the future ("Build with AI" engine with accounts and AI-generated code). Sections describing the future engine are marked [PLANNED — not yet active]. Nothing in the planned sections is processed until that feature goes live and this notice is updated.
1. Who we are (controller)
The controller responsible for processing your personal data is ТИС КОМЕРСИАЛ ЕООД / TIS COMMERSIAL EOOD (trading under the brand "TIS Software"), Unified Identification Code (ЕИК / UIC) 206011226, registered seat: ул. „Дилянка" № 41, ж.к. „Театър на мечтите", р-н Северен, 4003 Пловдив, България. Managing director: Тино Радостинов Цанев. Data-protection contact e-mail: contact@tissoftware.dev. Because the controller is established in the EU (Bulgaria), we are not required to designate an EU representative under Art. 27 GDPR. A Data Protection Officer is not mandatory at our current scale (Art. 37 GDPR); privacy requests are handled by management at the contact address above.
2. What personal data we collect
2.1 What applies today (marketing website)
- Contact / "Build with AI" request form — when you submit the form, we collect the name, e-mail address, and free-text project description you provide, delivered to us by e-mail. Please avoid including sensitive personal data in the free-text field.
- Language preference — stored locally in your browser (localStorage); it stays on your device and is not transmitted to us as an identified record.
- Server / CDN logs — our infrastructure and security provider (Cloudflare) automatically records standard technical data such as IP address, date/time, the resource requested, referrer, and browser/device information (user agent), to deliver the site, ensure security, and prevent abuse.
We do not currently operate user accounts, and we do not store payment card numbers.
2.2 What is planned for the future — [PLANNED — not yet active]
When we launch the "Build with AI" engine we expect to additionally process: account registration data (name, e-mail, phone where used, authentication data); verification status (e-mail/SMS); the prompts you enter; and the generated code/previews/artefacts. None of this is collected until the engine is live and this notice is updated.
3. Why we collect it and our lawful basis (Art. 6 GDPR)
| What we process | Purpose | Lawful basis (Art. 6(1) GDPR) |
|---|---|---|
| Contact / request form (name, e-mail, description) | Respond to your enquiry, prepare a possible project, take steps at your request prior to a contract | (b) pre-contract steps; and/or (f) legitimate interest in answering enquiries |
| Language preference (localStorage) | Remember your interface language | (f) legitimate interest in a functioning site (strictly necessary) |
| Server / CDN logs | Deliver the site, security, fraud/abuse prevention | (f) legitimate interest in security and integrity |
| [PLANNED] Account & verification data | Create/secure your account; verify contact details | (b) contract; (f) security |
| [PLANNED] Prompts & generated output | Operate the "Build with AI" engine | (b) contract |
| Marketing e-mails (if introduced later) | Send service updates | (a) consent, withdrawable |
Where we rely on legitimate interests, we have balanced them against your rights; you may object (section 8).
4. How we use your data
To receive and respond to project enquiries; prepare quotes and discuss engagements; operate, maintain, secure and improve the site; comply with legal obligations (e.g. accounting/tax); and [PLANNED] operate the "Build with AI" engine. We do not sell your personal data and do not use contact-form data for automated advertising profiling.
5. Who we share it with
We share data only with service providers who process it on our behalf and on our instructions (processors under Art. 28 GDPR), each bound by a data-processing agreement.
5.1 Applies today
- Cloudflare — DNS, e-mail routing, CDN, and bot/abuse protection; processes technical/log data and routes the contact-form e-mail.
- Our e-mail provider / mailbox — to receive and store submissions delivered to contact@tissoftware.dev.
- Our external accountant / bookkeeper — where an enquiry becomes a paying engagement, contact and billing details are shared for statutory bookkeeping and tax.
5.2 Planned for the future — [PLANNED — not yet active]
When the engine launches we expect to use: Supabase (auth, database, edge functions); Resend (transactional e-mail); Cloudflare (as above); and AI model providers Anthropic, OpenAI and Google (Gemini) to power the builder. Important: when you use the engine, the prompts you enter and related content may be transmitted to and processed by these AI providers to generate output. We will enable this only once the engine is live and will update this notice with the specific providers and links to their terms beforehand (see section 10).
5.3 Authorities and legal claims
We may disclose data where legally required, or to establish/exercise/defend legal claims, or in a business reorganisation or succession.
5.4 International transfers
Some providers (Cloudflare, and — for the future engine — Supabase, Resend, and the AI providers) may process data outside the EEA, including in the United States. Such transfers are safeguarded under Chapter V GDPR, in particular the European Commission's Standard Contractual Clauses (SCCs) and/or the provider's certification under the EU–U.S. Data Privacy Framework, plus supplementary measures where required. Request a copy at contact@tissoftware.dev.
6. How long we keep it (retention)
- Contact / request form: kept only as long as needed to handle it and any resulting engagement, and thereafter for a limited period to defend potential claims; unconverted enquiries are deleted once no longer needed (guideline: 12 months).
- Accounting/tax records (where invoiced): retained for the statutory period under the Bulgarian Accountancy Act — as a rule up to 10 years.
- Server / CDN security logs: retained for a short period (guideline: up to 12 months), then deleted or anonymised.
- Language preference: on your device until you clear browser storage; not retained server-side.
- [PLANNED] Account, prompts, generated output: retention will be defined and published before the engine launches.
7. How we keep it safe
We take technical and organisational measures appropriate to the risk (Art. 32 GDPR): transport encryption (TLS/HTTPS), access controls, bot/abuse protection at the network edge (Cloudflare), data minimisation, and contractual security obligations on our processors. No system is perfectly secure, but we work to protect your data against unauthorised access, loss or misuse.
8. Your rights
Under the GDPR and ЗЗЛД you have the right to: access (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction (Art. 18); data portability (Art. 20); object to processing based on legitimate interests, and to direct marketing at any time (Art. 21); and withdraw consent where we rely on it (Art. 7(3)). To exercise a right, contact contact@tissoftware.dev; we may verify your identity first and will respond within the statutory time limit (as a rule, one month). Right to complain: you may lodge a complaint with the Bulgarian supervisory authority, the Commission for Personal Data Protection (Комисия за защита на личните данни, КЗЛД), Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., www.cpdp.bg — or with the supervisory authority in your EU country of residence.
9. Cookies
The site currently uses only strictly necessary storage (such as the localStorage entry remembering your language preference) and standard technical/security cookies that may be set by Cloudflare to deliver and protect the site. These do not require consent. We do not currently use analytics or marketing cookies. If we introduce any non-essential cookies in future, we will request consent through a cookie banner beforehand. See our Cookie Notice for details.
10. AI engine note (EU AI Act Art. 50) — [PLANNED — not yet active]
The planned "Build with AI" feature is an AI system: it uses third-party generative-AI models to produce code and previews from your text prompts. In line with the transparency obligation under Article 50 of the EU AI Act (Regulation (EU) 2024/1689), which applies to this type of AI interaction from 2 August 2026, we will make clear within the product that you are interacting with an AI system. When the engine is live: your prompts and related inputs may be sent to and processed by third-party AI model providers (planned: Anthropic, OpenAI, and Google / Gemini); AI-generated output can contain errors and should be reviewed before use; and we will update this notice with the specific providers and safeguards beforehand. Until the engine launches, no prompts are processed and no data is sent to AI model providers through this website.
11. Changes to this notice
We may update this notice from time to time — e.g. when we launch the engine or add providers. The current version is the one published on tissoftware.dev. Where changes are material we will take reasonable steps to notify you. The English version is the reference version.
12. How to contact us
ТИС КОМЕРСИАЛ ЕООД / TIS COMMERSIAL EOOD (brand: TIS Software) · ЕИК 206011226 · Plovdiv, Bulgaria · contact@tissoftware.dev