Skip to content
Postpilot
Back to home

Privacy policy

Your data is yours. This page explains what we collect, why, where it lives, and how to get it deleted. We host everything in Germany and use no third-party tracking.

Last updated · 11 May 2026

Placeholder — legal entity registration in progress. Final text reviewed by counsel before public launch.

Data controller

Postpilot · operated by Patrick Wouterse · hello@benotable.de. Final registered entity to be added once registration completes.

What we collect

Your account email, the social-media account handles you connect, the posts you publish through Postpilot, and the public engagement metrics (likes, comments, saves) that the platforms expose. We never collect message content from DMs unless your plan includes the inbox and you explicitly connect that platform.

Why we collect it

To deliver the service: scheduling, publishing, analytics, inbox replies. No data is sold, no data is used to train external AI models. We use OpenAI models in our own backend with zero-retention agreements where available.

Where it lives

All data sits in PostgreSQL and MinIO on Hetzner servers in Falkenstein, Germany. There is no transfer to the US or other third countries. Backups are encrypted and stored in the same region.

How long we keep it

Active account data lives for the life of your subscription. After cancellation we retain it for 30 days (in case you re-activate), then permanently delete. Anonymised analytics may persist longer to improve the product.

Your rights under GDPR

Access, rectification, deletion, portability, restriction, and objection — all available on request. Mail hello@benotable.de from the address registered to your account and we respond within 14 days.

Cookies and tracking

We use one functional cookie for your login session. No tracking cookies. No third-party analytics (no Google Analytics, no Meta Pixel, no Hotjar). Page analytics are powered by self-hosted Plausible, which uses no cookies.

Contact

Data-protection questions: hello@benotable.de. Designated Data Protection Officer (DPO) once we cross the GDPR threshold — currently not legally required.