Datenschutzerklärung | Privacy Policy
Last updated: September 20, 2025
1. Introduction
BOSETEIN UG ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, and protect your data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.
This policy applies to all our services, including our business automation tools and AI-powered solutions ("Services").
2. Scope of Services and Data Processing
Our Services include business automation tools and AI-powered solutions. We act as a data controller when you use our Services directly, and as a data processor when providing services through our business partners.
2.1 Data We Process:
- Authentication credentials necessary for service provision
- Technical service identifiers
- Service performance metrics
- Temporary session data required for functionality
- Business account information
2.2 Platform Integrations:
When you use our Services with third-party platforms:
- We only request necessary platform permissions
- We process platform data solely for providing our Services
- We adhere to all platform-specific terms and developer policies
- We maintain separate data storage for different platforms
- When you connect your LinkedIn profile or organization page, we request only the permissions necessary (e.g., posting, analytics, comments) and process this data solely to provide the requested features.
- Only LinkedIn Page administrators may connect an organization page to Smartypant.
- If you disconnect LinkedIn or delete your account, related LinkedIn data and stored access tokens are deleted or anonymized within 30 days.
2.3 LinkedIn Data Use
Depending on the permissions you grant, we may on your behalf:
- Create, publish, and manage posts for your personal profile or organization page.
- Access post and page analytics (e.g., impressions, reactions, comments) to display performance metrics.
- Read and reply to comments on authorized posts.
We do not sell LinkedIn-derived data or share it with third parties for their independent purposes. LinkedIn access can be revoked at any time via your LinkedIn settings or within our Services. Upon revocation, stored tokens are invalidated immediately and associated data is deleted or anonymized within 30 days, subject to legal retention obligations.
3. Data Protection Principles
We follow strict data protection principles:
- Data Minimization: We collect and process only data necessary for service provision
- Purpose Limitation: Data is used solely for specified business purposes
- Storage Limitation: Data is retained only as long as necessary
- Integrity and Confidentiality: Implementation of strong security measures
4. Security Measures
We implement state-of-the-art technical and organizational measures:
- End-to-end encryption for sensitive data
- Regular security audits and assessments
- Multi-factor authentication
- Access control and monitoring systems
- Regular security training for employees
- Automated backup and recovery systems
- We rely on Supabase-managed infrastructure that provides encryption in transit (TLS) and encryption at rest for stored data.
- Access tokens are stored securely within our infrastructure; they are never exposed in client-side code and are invalidated immediately when you revoke access.
5. Data Storage and Transfer
All data is stored exclusively on servers located within the European Union. Any data transfers outside the EU are conducted only with adequate safeguards in accordance with GDPR requirements.
6. Your Rights Under GDPR
You have the following rights:
- Right to access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restrict processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent
To exercise these rights, contact us at [email protected]
7. Data Protection Officer
Our Data Protection Officer ensures compliance with data protection regulations and can be contacted at:
Dr.-Ing. Alok Singh
Email:[email protected]
8. Changes to Privacy Policy
We may update this privacy policy to reflect changes in our practices or for operational, legal, or regulatory reasons. Updates will be posted on this page with a revised date.