Datenschutzerklärung | Privacy Policy

Last updated: November 13, 2025

1. Introduction

BOSETEIN UG ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, and protect your data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.

This policy applies to all our services, including our business automation tools and AI-powered solutions ("Services").

2. Scope of Services and Data Processing

Our Services include business automation tools and AI-powered solutions. We act as a data controller when you use our Services directly, and as a data processor when providing services through our business partners.

2.1 Data We Process:

• Authentication credentials necessary for service provision
• Technical service identifiers
• Service performance metrics
• Temporary session data required for functionality
• Business account information

2.2 Platform Integrations:

When you use our Services with third-party platforms:

• We only request necessary platform permissions
• We process platform data solely for providing our Services
• We adhere to all platform-specific terms and developer policies
• We maintain separate data storage for different platforms
• When you connect your LinkedIn profile or organization page, we request only the permissions necessary (e.g., posting, analytics, comments) and process this data solely to provide the requested features.
• Only LinkedIn Page administrators may connect an organization page to Smartypant.
• If you disconnect LinkedIn or delete your account, related LinkedIn data and stored access tokens are deleted or anonymized within 30 days.

2.3 LinkedIn Data Use

Depending on the permissions you grant, we may on your behalf:

• Create, publish, and manage posts for your personal profile or organization page.
• Access post and page analytics (e.g., impressions, reactions, comments) to display performance metrics.
• Read and reply to comments on authorized posts.

We do not sell LinkedIn-derived data or share it with third parties for their independent purposes. LinkedIn access can be revoked at any time via your LinkedIn settings or within our Services. Upon revocation, stored tokens are invalidated immediately and associated data is deleted or anonymized within 30 days, subject to legal retention obligations.

2.4 Google & YouTube Data Accessed

When you connect your Google or YouTube account to Smartypant AI, we access only the data that you explicitly authorize through the Google OAuth consent screen. This data is required to provide automated content creation, publishing, and analytics features.

Data Accessed

• Google Account Information (userinfo.email, userinfo.profile, openid):
  • Email address
  • Name and profile picture
  • Google account unique ID
• YouTube Channel Information (youtube.readonly):
  • Channel ID
  • Channel title
  • Channel thumbnail image
  • Subscriber count
• Video Upload Permissions (youtube.upload):
  • Permission to upload videos to your YouTube channel on your behalf
  • Metadata needed for publishing (title, description, tags, privacy settings)
• YouTube Analytics Data (yt-analytics.readonly):
  • Views and watch time
  • Likes and comments count
  • Subscribers gained
  • Daily or time-range performance metrics for your videos

How We Use This Data

• To authenticate your Google account and securely link it to your Smartypant AI account
• To automatically upload videos or Shorts that you create or schedule inside Smartypant AI
• To show your YouTube channel details in the dashboard so you can see which account is connected
• To display analytics and performance insights for the content Smartypant AI posts on your behalf

Data Storage & Security

• OAuth access tokens are stored securely and encrypted. They are used only to perform actions you have authorized.
• We store the media files (videos/Shorts) that Smartypant AI generates for you so we can edit, schedule, and publish them to your connected platforms.
• We do not download or permanently store copies of your existing YouTube videos or comments; we only keep the IDs and analytics metrics needed to display performance.
• When you disconnect YouTube or delete your Smartypant AI account, we delete stored Google OAuth tokens and related channel credentials without undue delay and in any case within 30 days, unless a longer period is required by law.

No Data Sharing

We do not sell, rent, or share Google user data with any third party. Data obtained from Google APIs is used exclusively to provide the features you choose to enable within Smartypant AI.

3. Data Protection Principles

We follow strict data protection principles:

• Data Minimization: We collect and process only data necessary for service provision
• Purpose Limitation: Data is used solely for specified business purposes
• Storage Limitation: Data is retained only as long as necessary
• Integrity and Confidentiality: Implementation of strong security measures

4. Security Measures

We implement state-of-the-art technical and organizational measures:

• End-to-end encryption for sensitive data
• Regular security audits and assessments
• Multi-factor authentication
• Access control and monitoring systems
• Regular security training for employees
• Automated backup and recovery systems
• We rely on Supabase-managed infrastructure that provides encryption in transit (TLS) and encryption at rest for stored data.
• Access tokens are stored securely within our infrastructure; they are never exposed in client-side code and are invalidated immediately when you revoke access.

5. Data Storage and Transfer

All data is stored exclusively on servers located within the European Union. Any data transfers outside the EU are conducted only with adequate safeguards in accordance with GDPR requirements.

6. Your Rights Under GDPR

You have the following rights:

• Right to access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restrict processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent

To exercise these rights, contact us at [email protected]

7. Data Protection Officer

Our Data Protection Officer ensures compliance with data protection regulations and can be contacted at:

Dr.-Ing. Alok Singh
Email:[email protected]

8. Changes to Privacy Policy

We may update this privacy policy to reflect changes in our practices or for operational, legal, or regulatory reasons. Updates will be posted on this page with a revised date.

9. Contact Information

BOSETEIN UG
Reinsburgstr. 77
70197 Stuttgart
Germany
Email: [email protected]
[email protected]
[email protected]
Phone: +49 157 3722 9481
Commercial Register: HRB 774002