🚀 You are a Freelancer? Create e-invoices now for free.

New privacy policy and update of the AVV

Robert Reiz Robert Reiz | May 01, 2025 | 12:11 UTC
The privacy policy has been completely revised by the data protection experts at dacuro GmbH and a few important points have been added to the AVV.

ZEIT.IO is a platform for automatic billing of project time. Approved project time can be automatically billed and credited. The automatically generated outgoing invoices and credit notes are valid e-invoices according to the ZUGFeRD (Factur-X) standard. The XRechnung format is also supported.

New privacy terms and AVV
New privacy terms and AVV


The privacy policy was completely rewritten by the data protection experts at dacuro GmbH. It is available in both German and English. The new privacy policy differs from the old version in particular in the following points:

  • It explicitly states where the application is hosted and which content delivery networks are used to deliver static assets with high performance. 
  • It explicitly states the optional registration with Google accounts.
  • It explicitly states the optional registration with Microsoft accounts.
  • It explicitly states the social media channels on which ZEIT.IO has a presence.

ZEIT.IO is 100% developed and operated in Germany. All data remains in German data centers. No third-party JavaScript add-ons are used on the website, and accordingly, no third-party cookies are set. Therefore, ZEIT.IO operates entirely without a cookie banner!

We also ensure that all static assets are loaded exclusively from ZEIT.IO servers. For example, no Google fonts are loaded from Google servers, nor are JavaScript libraries loaded from public CDNs. When you visit the ZEIT.IO website, no data is sent to third parties! This ensures your privacy!

AVV

The DPA (Data Processing Agreement) was previously only concluded upon request with corporate customers who valued this. This has now changed. The DPA is now publicly accessible, just like the privacy policy. Furthermore, the DPA is now an integral part of the registration process. Every user who creates an account with ZEIT.IO must accept the DPA in addition to the terms of use and the privacy policy. The same applies to creating a new ZEIT.IO organization.

The DPA has not fundamentally changed. With the update to the DPA, only one point was added. IONOS SE was added to the table of approved subcontractors. IONOS is a cloud provider from Germany, and ZEIT.IO uses IONOS's audit-compliant storage. For corporate customers who have activated audit-compliant storage, all invoice documents (outgoing invoices, incoming invoices, credit notes, etc.) are stored with two different cloud providers in two different geographical locations for a period of 10 years. This includes IONOS in Berlin.

IONOS' audit-proof storage meets the highest standards of security and data protection. This storage is:

  • ISO 27001 certified
  • Complies with the C5 certification
  • Meets the legal WORM ("Write Once Read Many") requirements for long-term data storage.
  • Thanks to Object Lock, it meets all legal requirements for long-term data storage.

This means that the data is not only stored in compliance with the German Data Protection Act (GoBD) but also meets all requirements for long-term data storage.

Conclusion

These changes were made to comply with the requirements of the General Data Protection Regulation (GDPR) and to increase transparency for customers and partners. Particular emphasis is placed on the importance of the Data Protection Agreement, which clearly defines the responsibilities between the company and its service providers. Through these measures, ZEIT.IO strengthens the protection of personal data and underscores its commitment to data protection and compliance.