Privacy policy

Information pursuant to Art 13 and 14 GDPR (Datenschutz-Grundverordnung). Last updated: [PLACEHOLDER: date].

1. Controller

The controller responsible for processing personal data on this website and within the ClientQueue service is:

[PLACEHOLDER: Full legal name]
[PLACEHOLDER: Street address, postal code, city, Austria]
Email: [PLACEHOLDER: contact email for privacy matters]

2. Data we process

  • Account data: email address, name, hashed authentication credentials, plan and billing status.
  • Content data: posts, captions, comments, and media files (images/videos) you upload for scheduling, plus metadata of connected social media accounts (account name, avatar, platform identifiers) and access tokens required to publish on your behalf.
  • Client approval data: names you assign to approval links and comments/decisions entered by your clients via those links.
  • Usage data: log data such as IP address, browser type, timestamps, and in-app usage events needed to operate, secure, and bill the service.
  • [PLACEHOLDER: any additional categories, e.g. support correspondence]

3. Purposes and legal bases

  • Providing the ClientQueue service (account management, scheduling and publishing posts, client approvals, billing) — Art 6(1)(b) GDPR (performance of a contract).
  • Securing and improving the service, preventing abuse, aggregate usage analysis — Art 6(1)(f) GDPR (legitimate interest in operating a secure, reliable service).
  • Compliance with statutory obligations (e.g. tax and accounting records) — Art 6(1)(c) GDPR.
  • [PLACEHOLDER: marketing emails, if any — Art 6(1)(a) consent, with opt-out]

4. Processors and recipients

We use the following processors (Auftragsverarbeiter) under Art 28 GDPR data processing agreements:

  • Supabase — database, authentication, and file storage. [PLACEHOLDER: entity, hosting region, DPA/SCC reference]
  • Vercel — application hosting and content delivery. [PLACEHOLDER: entity, region, DPA/SCC reference]
  • Anthropic — AI caption adaptation; caption text you submit for adaptation is processed by the model provider. [PLACEHOLDER: entity, DPA reference, retention terms]
  • Stripe — payment processing; payment card data is processed directly by Stripe, not stored by us. [PLACEHOLDER: entity, DPA reference]
  • Social media platforms — when you connect an account and publish, post content is transmitted to the respective platform (e.g. Meta, TikTok, LinkedIn, X) as an independent controller.
  • [PLACEHOLDER: any further processors, e.g. email delivery provider]

Where processors process data outside the EU/EEA, transfers are safeguarded by adequacy decisions (e.g. EU-US Data Privacy Framework) or EU Standard Contractual Clauses. [PLACEHOLDER: verify per processor.]

5. Storage duration

We store personal data for as long as your account exists. After account deletion, data is deleted within [PLACEHOLDER: e.g. 30 days], except where statutory retention obligations (e.g. § 132 BAO — 7 years for accounting records) require longer storage. Uploaded media is deleted when you delete the related post or your account. [PLACEHOLDER: confirm exact retention periods per data category.]

6. Your rights

Under Art 15–21 GDPR you have the right to:

  • access the personal data we hold about you (Art 15),
  • rectification of inaccurate data (Art 16),
  • erasure ("right to be forgotten", Art 17),
  • restriction of processing (Art 18),
  • data portability (Art 20), and
  • object to processing based on legitimate interests (Art 21).

Where processing is based on consent, you may withdraw it at any time with effect for the future. To exercise any of these rights, contact us at [PLACEHOLDER: privacy email].

7. Right to lodge a complaint

If you believe the processing of your data violates data protection law, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria — www.dsb.gv.at — or with the supervisory authority of your habitual residence.

8. Cookies

ClientQueue uses only strictly necessary cookies: session cookies required for authentication and security. These are technically essential to provide the service and therefore do not require consent (§ 165 Abs 3 TKG 2021). We do not use tracking, advertising, or third-party analytics cookies. [PLACEHOLDER: update this section and add a consent banner if any non-essential cookies are ever introduced.]