Terms of Service
1. General Information
Service Provider: myhotelrebel UG (haftungsbeschraenkt)
Registered Office: Gartenstraße 12a, 80809 Munich, Germany
Commercial Register: HRB 288537
Managing Director: Johannes Fuchs
Effective Date: 17. August 2025
2. Service Description
Cheerletter provides a cloud-based team communication and engagement platform ("Service") that enables organizations to:
• Create and manage team posts with images and rich content
• Organize teams into departments and manage user roles
• Send automated weekly team newsletters ("Cheerletters")
• Enable team member interaction through comments and reactions
• Provide administrative tools for team management and analytics
• Ensure secure data handling and compliance monitoring
3. Subscription Plans and Pricing
Free Plan: Up to 5 team members, basic features, limited support
Starter Plan: €9.99 per user per month, up to 50 team members, standard features
Business Plan: €19.99 per user per month, up to 200 team members, advanced features
Enterprise Plan: €39.99 per user per month, unlimited team members, premium features
All prices are exclusive of applicable VAT. Billing occurs monthly or annually as selected.
4. Account Registration and User Obligations
4.1. Users must provide accurate and complete registration information.
4.2. Users are responsible for maintaining the confidentiality of their account credentials.
4.3. Users must immediately notify us of any unauthorized use of their account.
4.4. Each user account is personal and may not be shared with third parties.
4.5. Organizations are responsible for managing their team members and ensuring compliance with these terms.
5. Payment Terms and Billing
5.1. Subscription fees are billed in advance on a monthly or annual basis.
5.2. Payment is due immediately upon invoice generation.
5.3. Late payments may result in service suspension after 7 days notice.
5.4. Price changes will be communicated 30 days in advance.
5.5. Failed payments will result in automatic retry attempts over 7 days.
6. Right of Withdrawal (Widerrufsrecht)
6.1. Consumers have the right to withdraw from this contract within 14 days without giving reasons.
6.2. The withdrawal period expires 14 days from the date of contract conclusion.
6.3. To exercise the right of withdrawal, you must inform us of your decision by email to support@cheerletter.com.
6.4. If you withdraw, we will reimburse all payments received from you without undue delay and in any event not later than 14 days.
6.5. The right of withdrawal expires if service provision has begun with your express consent and acknowledgment that you lose your right of withdrawal.
7. Content and User-Generated Data
7.1. Users retain ownership of content they upload to the Service.
7.2. Users grant us a limited license to store, process, and display content for service provision.
7.3. Users are responsible for ensuring they have rights to all uploaded content.
7.4. Prohibited content includes illegal material, harassment, spam, or content violating third-party rights.
7.5. We reserve the right to remove content that violates these terms.
7.6. Users can export their data at any time through the provided export functionality.
8. Service Availability and Maintenance
8.1. We strive for 99.9% uptime but do not guarantee uninterrupted service availability.
8.2. Scheduled maintenance will be announced 24 hours in advance when possible.
8.3. Emergency maintenance may be performed without prior notice.
8.4. Service interruptions for maintenance, updates, or force majeure events are not considered breaches.
9. Data Protection and Privacy
9.1. Data processing is governed by our Privacy Policy and GDPR requirements.
9.2. We process personal data only as necessary for service provision.
9.3. Users have rights to access, rectify, delete, and port their personal data.
9.4. Data is stored on secure servers within the European Union.
9.5. We implement appropriate technical and organizational measures to protect personal data.
10. Security and Compliance
10.1 Security Measures
• End-to-end encryption for data transmission
• Regular security audits and penetration testing
• Multi-factor authentication support
• Role-based access controls
• Automated security monitoring and threat detection
• Regular security updates and patches
10.2 Compliance Standards
• GDPR (General Data Protection Regulation) compliance
• ISO 27001 information security standards
• SOC 2 Type II compliance
• Regular compliance audits and certifications
10.3 Data Security
• Data encryption at rest using AES-256
• Secure data backup and disaster recovery procedures
• Data retention policies in accordance with legal requirements
• Audit logging of all administrative actions
• Secure data deletion upon account termination
10.4 Security Incident Response
• 24/7 security monitoring and incident response
• Notification of security breaches within 72 hours as required by GDPR
• Forensic analysis and remediation procedures
• Regular security awareness training for staff
10.5 User Security Responsibilities
• Using strong passwords and enabling two-factor authentication
• Keeping account credentials confidential
• Reporting suspicious activities immediately
• Regular review of user access and permissions
11. Intellectual Property
11.1. The Service, including software, design, and documentation, is our intellectual property.
11.2. Users receive a limited, non-exclusive license to use the Service.
11.3. Reverse engineering, modification, or redistribution of the Service is prohibited.
11.4. Our trademarks and logos may not be used without written permission.
12. Limitation of Liability
12.1. Our liability is limited to the extent permitted by German law.
12.2. We are liable without limitation for damages caused by willful misconduct or gross negligence.
12.3. For ordinary negligence, liability is limited to foreseeable damages typical for this type of contract.
12.4. Liability for consequential damages, lost profits, or data loss is excluded unless caused by willful misconduct.
12.5. The maximum liability amount is limited to the annual subscription fee paid by the customer.
13. Termination
13.1. Either party may terminate the subscription with 30 days notice to the end of the billing period.
13.2. We may terminate immediately for material breach of these terms.
13.3. Upon termination, users have 30 days to export their data before deletion.
13.4. Prepaid fees for unused periods will be refunded pro-rata.
13.5. Termination does not affect obligations that by their nature should survive termination.
14. Force Majeure
Neither party shall be liable for any failure to perform due to circumstances beyond their reasonable control, including natural disasters, war, terrorism, labor disputes, government actions, or technical failures of third-party services.
15. Governing Law and Jurisdiction
15.1. These terms are governed by German law, excluding the UN Convention on Contracts for the International Sale of Goods.
15.2. For disputes with merchants, the exclusive jurisdiction is the court at our registered office.
15.3. For consumer disputes, the consumer's place of residence or our registered office has jurisdiction.
15.4. EU consumers may use the EU Online Dispute Resolution platform: https://ec.europa.eu/consumers/odr/
16. Amendments
16.1. We may amend these terms with 30 days advance notice.
16.2. Amendments will be communicated via email and posted on our website.
16.3. Continued use of the Service after the effective date constitutes acceptance.
16.4. Users may terminate their subscription if they do not agree to amendments.
17. Severability
If any provision of these terms is found to be unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be replaced by a valid provision that most closely achieves the intended purpose.
18. Contact Information
For questions about these Terms and Conditions, please contact by the contact form on the homepage.
myhotelrebel UG (haftungsbeschraenkt)
Gartenstraße 12a, 80809 Munich, Germany Privacy Policy of the Service
Introduction
Cheerletter (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you use our team communication and employee engagement platform.
This Privacy Policy complies with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable German and European Union privacy laws.
3. Services We Provide
Cheerletter is a Software-as-a-Service (SaaS) platform that provides:
Team communication and collaboration tools
Employee recognition and engagement features (“Cheers”)
Automated weekly/monthly team newsletters (“Cheerletters”)
Department and organization management
Content sharing and commenting systems
Analytics and reporting for team engagement
4. Legal Basis for Processing
We process your personal data based on the following legal grounds under Article 6(1) GDPR:
Contract Performance (Art. 6(1)(b)): To provide our services and fulfill our contractual obligations
Legitimate Interest (Art. 6(1)(f)): For service improvement, security, and business operations
Consent (Art. 6(1)(a)): For marketing communications and optional features
Legal Obligation (Art. 6(1)(c)): To comply with legal requirements and tax obligations
5. Personal Data We Collect
5.1 Account and Profile Information
Account Data: Email address, password (encrypted), account preferences
Profile Information: First name, last name, display name, job title, date of birth (optional)
Organization Data: Organization name, department assignment, role within organization
Contact Information: Billing email addresses for organization administrators
5.2 Content and Communication Data
Posts and Comments: Content you create, share, or comment on within the platform
Images and Files: Photos and documents you upload to posts or your profile
Engagement Data: Likes (“Cheers”), comments, and interaction history
Cheerletter Data: Content included in automated newsletters sent to your organization
5.3 Usage and Technical Data
Log Data: IP addresses, browser type, device information, access times
Usage Analytics: Feature usage, click patterns, session duration
Security Data: Login attempts, two-factor authentication settings, security events
Performance Data: Page load times, error reports, system performance metrics
5.4 Billing and Subscription Data
Payment Information: Processed by Stripe (see Section 8 – Third-Party Services)
Billing History: Subscription plans, payment dates, invoice data
Organization Limits: Member counts, feature usage within subscription tiers
5.5 Notification and Communication Preferences
Email Preferences: Notification settings for posts, mentions, and system updates
Communication History: Records of emails sent through our system
6. How We Use Your Personal Data
6.1 Service Provision
Creating and managing your user account
Enabling team communication and collaboration features
Processing and displaying posts, comments, and engagement activities
Generating and sending automated Cheerletters to your organization
Managing department structures and team assignments
Providing customer support and technical assistance
6.2 Security and Compliance
Authenticating users and preventing unauthorized access
Monitoring for security threats and fraudulent activity
Maintaining audit logs for compliance and security purposes
Implementing two-factor authentication and security policies
Conducting security assessments and incident response
6.3 Service Improvement and Analytics
Analyzing usage patterns to improve platform functionality
Developing new features and enhancing existing ones
Conducting performance monitoring and optimization
Generating anonymized usage statistics and reports
6.4 Communication and Notifications
Sending transactional emails related to your account and usage
Delivering system notifications and security alerts
Providing updates about service changes and new features
Processing your communication preferences and unsubscribe requests
6.5 Legal and Business Operations
Complying with legal obligations and regulatory requirements
Enforcing our Terms of Service and platform policies
Processing billing and subscription management
Conducting business planning and operational analysis
7. Data Sharing and Disclosure
7.1 Within Your Organization
Profile information is visible to other members of your organization
Posts, comments, and engagement activities are shared within your organization
Organization administrators can access member management and analytics data
Cheerletter content is shared with all organization members via email
7.2 Service Providers and Processors
We share personal data with trusted third-party service providers who assist us in operating our platform:
Supabase: Database hosting and authentication services
Stripe: Payment processing and subscription management
Email Service Providers: For sending notifications and Cheerletters
Cloud Storage Providers: For secure file and image storage
Analytics Services: For platform performance and usage analysis
All service providers are bound by data processing agreements and must comply with GDPR requirements.
7.3 Legal Requirements
We may disclose personal data when required by law or to:
Comply with legal processes, court orders, or regulatory requirements
Protect our rights, property, or safety, or that of our users
Investigate fraud, security breaches, or violations of our Terms of Service
Cooperate with law enforcement or regulatory authorities
7.4 Business Transfers
In the event of a merger, acquisition, or sale of our business, personal data may be transferred as part of the transaction, subject to appropriate safeguards and notice requirements.
8. Third-Party Services
8.1 Stripe Payment Processing
We use Stripe for payment processing. Stripe processes your payment information according to their privacy policy. We do not store complete credit card information on our servers.
8.2 Supabase Infrastructure
Our platform is built on Supabase, which provides database and authentication services. Supabase acts as a data processor under our instructions and is GDPR compliant.
8.3 Third-Party Integrations
If you choose to integrate third-party services with your Cheerletter account, additional privacy terms may apply. We recommend reviewing the privacy policies of any connected services.
9. International Data Transfers
Our primary data processing occurs within the European Union. When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place:
Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission
Standard Contractual Clauses: Binding agreements with service providers for data protection
Certification Schemes: Partners certified under recognized privacy frameworks
10. Data Retention
We retain personal data for as long as necessary to provide our services and comply with legal obligations:
10.1 Active Accounts
Account Data: Retained while your account is active and for 30 days after deletion
Content Data: Posts and comments retained according to your organization’s retention policies
Usage Data: Aggregated analytics data retained for up to 2 years
10.2 Billing and Legal Data
Billing Records: Retained for 10 years to comply with German tax and accounting requirements
Audit Logs: Security and compliance logs retained for 7 years
Legal Hold: Data may be retained longer if required for legal proceedings
10.3 Inactive Accounts
Accounts inactive for more than 2 years may be automatically deleted after appropriate notice.
11. Your Rights Under GDPR
You have the following rights regarding your personal data:
11.1 Right of Access (Art. 15 GDPR)
Request information about personal data we process about you, including a copy of the data.
11.2 Right to Rectification (Art. 16 GDPR)
Request correction of inaccurate or incomplete personal data.
11.3 Right to Erasure (Art. 17 GDPR)
Request deletion of your personal data in certain circumstances.
11.4 Right to Restrict Processing (Art. 18 GDPR)
Request limitation of processing in specific situations.
11.5 Right to Data Portability (Art. 20 GDPR)
Request a copy of your data in a structured, commonly used format.
11.6 Right to Object (Art. 21 GDPR)
Object to processing based on legitimate interests or for direct marketing.
11.7 Right to Withdraw Consent
Withdraw consent for processing based on consent at any time.
11.8 Exercising Your Rights
To exercise these rights, contact us at privacy@cheerletter.com. We will respond within 30 days of receiving your request.
12. Data Subject Rights for German Residents
Under German data protection law, you have additional rights:
Right to Information: Receive information about data processing in German upon request
Right to Compensation: Seek compensation for damages caused by GDPR violations
Right to Lodge Complaints: File complaints with German data protection authorities
German Data Protection Authority: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) Graurheindorfer Str. 153, 53117 Bonn, Germany
13. Security Measures
13.1 Technical Safeguards
Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Network Security: Firewalls, intrusion detection, and monitoring systems
Secure Development: Regular security testing and code reviews
13.2 Organizational Measures
Staff Training: Regular privacy and security training for all personnel
Access Management: Principle of least privilege for data access
Incident Response: Established procedures for security breach response
Vendor Management: Due diligence and contracts for all service providers
13.3 Data Protection by Design and Default
Privacy by Design: Privacy considerations integrated into system architecture
Data Minimization: Collection limited to necessary data for service provision
Purpose Limitation: Data used only for specified, legitimate purposes
Storage Limitation: Automatic deletion according to retention schedules
14. Cookies and Tracking Technologies
14.1 Essential Cookies
We use essential cookies necessary for platform functionality:
Authentication: Session management and login persistence
Preferences: User interface settings and preferences
Security: CSRF protection and security monitoring
14.2 Analytics Cookies
With your consent, we use analytics cookies to:
Understand platform usage patterns
Improve user experience and performance
Generate anonymized usage statistics
14.3 Cookie Management
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.
15. Age Restrictions
Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data promptly.
16. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:
Implementation of new features affecting privacy
Changes to data sharing practices
Introduction of new technologies or analytics
17. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be communicated via:
Email notification to registered users
Prominent notice on our platform
Updated effective date on this policy
Continued use of our services after changes constitutes acceptance of the updated policy.
18. Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Any automated processing is limited to:
System analytics for performance optimization
Content filtering for security purposes
Usage-based feature recommendations
20. Governing Law and Jurisdiction
This Privacy Policy is governed by German law and the laws of the European Union. Any disputes will be subject to the jurisdiction of German courts.