Logo

Privacy Policy

Last updated: 04.04.2026

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

Stonehill Media GmbH
Harrlachweg 1
68163 Mannheim
Germany

Managing Director: Oliver Schönmehl
Email: support@stonehillcreatorlab.com

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • our website
  • our web application
  • the connection and management of supported social media accounts through third-party integration providers and connected platform interfaces

We process personal data in accordance with the General Data Protection Regulation (GDPR).

3. Hosting and Infrastructure

Our application uses infrastructure provided by different hosting providers.

Application server and database hosting:
ALL-INKL.COM - Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

Additional infrastructure services:
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy
L-1855 Luxembourg

AWS services are used in the EU region (Frankfurt, Germany – eu-central-1), where applicable.

We use infrastructure and related services including:

  • application server and database hosting provided by ALL-INKL.COM
  • AWS CloudFront (Content Delivery Network)
  • additional AWS infrastructure services located in the EU, where applicable

Where service providers process personal data on our behalf, processing is carried out on the basis of a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR.

4. Website Data Collection

When visiting our website, the following technical data may be collected automatically:

  • IP address
  • date and time of access
  • browser type and version
  • operating system
  • referrer URL

Purpose:

  • ensuring system security
  • technical stability
  • preventing misuse

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation)

Server logs are stored for a maximum of 30 days unless longer storage is required for security reasons.

5. Data Processed via Third-Party Integrations

Our application uses third-party integration providers and connected social media platform interfaces to enable account connections, publishing, scheduling, analytics, and related features.

Depending on the connected service and the permissions granted by the user, we may process data such as:

  • account identifiers and usernames
  • profile-related information
  • connected account metadata
  • content and media submitted for publishing or scheduling
  • analytics and insights data
  • technical connection and authentication information

We access and process only the data necessary to provide the functionality of our service.

6. Purpose of Processing

Personal data processed in connection with supported social media accounts is used exclusively for:

  • displaying account-related information
  • publishing and scheduling content
  • providing analytics and insights features
  • operating and improving account connection and platform-related functions of the service

We do not create independent user profiles beyond the data required to provide our service.

We do not sell or trade personal data.

7. Storage and Retention

We store personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Content and media submitted for publishing or scheduling may be processed and stored temporarily to provide the requested functionality.

Account-related analytics and insights data may be stored for up to 24 months unless the user deletes their account earlier or requests deletion, unless longer retention is required by law.

If a user deletes their account or requests deletion, associated personal data will be deleted within 30 days unless legal retention obligations apply.

8. Legal Basis for Processing

  • Art. 6(1)(a) GDPR – consent, where applicable
  • Art. 6(1)(b) GDPR – performance of a contract or pre-contractual measures
  • Art. 6(1)(f) GDPR – legitimate interest in providing a secure and functional service

Where processing is based on consent, consent may be revoked at any time with effect for the future.

9. Data Transfers

Data is processed primarily within the European Union.

Where personal data is processed by third-party integration providers or connected social media platforms outside the European Union or the European Economic Area, such processing takes place only on the basis of applicable legal safeguards.

Such safeguards may include:

  • EU Standard Contractual Clauses
  • an adequacy decision by the European Commission
  • other legally recognized safeguards under applicable data protection law

10. Data Deletion Instructions

Users may request deletion in the following ways:

  1. log into their account
  2. navigate to Account Settings
  3. select “Delete Account”

Alternatively, users may send an email to:
support@stonehillcreatorlab.com

Subject: Data Deletion Request

Please include your registered email address and, where applicable, the username of the connected social media account.

Data will be permanently deleted within 30 days unless legal retention obligations apply.

Users may also disconnect connected social media accounts through the respective platform or provider settings, where such options are available.

11. Data Subject Rights

Under the GDPR, users have the right to:

  • access (Art. 15 GDPR)
  • rectification (Art. 16 GDPR)
  • erasure (Art. 17 GDPR)
  • restriction of processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • object to processing (Art. 21 GDPR)

Users also have the right to lodge a complaint with the competent data protection supervisory authority, including the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg.

12. Security Measures

  • SSL/TLS encryption
  • access control
  • data minimization
  • encrypted infrastructure, where applicable
  • EU-based hosting, where applicable

13. Changes to This Policy

We reserve the right to modify this Privacy Policy to comply with legal requirements or reflect technical or organizational changes to our services.