Logo

Privacy Policy

Last updated: 19.02.2026

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

Stonehill Media GmbH
Harrlachweg 1
68163 Mannheim
Germany

Managing Director: Oliver Schönmehl
Email: oliver@stonehill-media.de

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • Our website
  • Our web application
  • The connection of Instagram and Facebook accounts via the Meta Platform APIs

We process personal data in accordance with the General Data Protection Regulation (GDPR).

3. Hosting and Infrastructure

Our application is hosted using services provided by Amazon Web Services (AWS).

Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg

Infrastructure region: EU (Frankfurt, Germany – eu-central-1)

We use:

  • AWS CloudFront (Content Delivery Network)
  • AWS infrastructure services located in the EU

Data processing is carried out on the basis of a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.

4. Website Data Collection

When visiting our website, the following technical data may be collected automatically:

  • IP address
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referrer URL

Purpose:

  • Ensuring system security
  • Technical stability
  • Preventing misuse

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

Server logs are stored for a maximum of 30 days unless longer storage is required for security reasons.

5. Data Processed via Instagram and Facebook APIs

Our application integrates with the Meta Platform APIs.

Permissions Requested

  • pages_show_list
  • ads_management
  • instagram_basic
  • instagram_manage_insights
  • instagram_content_publish
  • pages_read_engagement

Data We May Access

After user authorization, we may access:

  • Instagram username
  • Instagram account ID
  • Profile picture
  • Facebook Page ID and Page name
  • Media metadata (caption, timestamp, media type)
  • Engagement metrics (likes, comments, shares)
  • Reach and impressions
  • Insights data (audience demographics and performance statistics)
  • Advertising account information (if authorized)

We access only data necessary for providing the functionality of our service.

6. Purpose of Processing

Instagram and Facebook data is processed exclusively for:

  • Displaying account information
  • Providing analytics dashboards
  • Displaying engagement metrics
  • Managing connected Facebook Pages
  • Publishing content to Instagram
  • Managing advertising accounts (if enabled by the user)

We do not create independent user profiles beyond the platform data provided.

We do not sell or trade personal data.

7. Storage and Retention

We do not permanently store Instagram media files.

Media files may be processed temporarily for publishing purposes via the Instagram Content Publishing API.

Insights and analytics data may be stored for up to 24 months unless the user deletes their account earlier.

If a user deletes their account or requests deletion, all associated personal data will be deleted within 30 days unless legal retention obligations apply.

8. Legal Basis for Processing

  • Art. 6(1)(a) GDPR – Consent
  • Art. 6(1)(b) GDPR – Contract performance
  • Art. 6(1)(f) GDPR – Legitimate interest in secure and functional service

Consent may be revoked at any time.

9. Data Transfers

Data is processed primarily within the European Union.

If data is transferred to third countries (e.g., Meta Platforms Inc., USA), this is done based on:

  • EU Standard Contractual Clauses
  • Or other legally recognized safeguards

10. Data Deletion Instructions

Users may request deletion in the following ways:

  1. Log into their account
  2. Navigate to Account Settings
  3. Select “Delete Account”

Or send an email to:

oliver@stonehill-media.de
Subject: Data Deletion Request

Please include your Instagram username and registered email address.

Data will be permanently deleted within 30 days.

Users may also remove the app directly in their Facebook or Instagram account settings.

11. Data Subject Rights

Under the GDPR, users have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

Users also have the right to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg.

12. Security Measures

  • SSL/TLS encryption
  • Access control
  • Data minimization
  • Encrypted infrastructure
  • EU-based hosting

13. Changes to This Policy

We reserve the right to modify this Privacy Policy to comply with legal requirements or reflect technical changes.