Privacy Policy for Social Media Manager

Last Updated: August 18, 2025

1. Data Controller and Contact Information

The controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) is:

Lukas Hübner
In der Seite 15
57250 Netphen
Germany
Email: support@social-media-manager.info

This Privacy Policy applies to our website (social-media-manager.info), our web application (app.social-media-manager.info), and all related services (collectively, the "Service").

We are not legally required to appoint a Data Protection Officer and have therefore not appointed one.

2. Your Rights as a Data Subject

As our service is based in the European Union and subject to the General Data Protection Regulation (GDPR), you have specific rights that give you significant control over your personal data. These rights include:

  • The Right to Access: You have the right to request a copy of the personal data we hold about you.
  • The Right to Rectification: You have the right to request the correction of any inaccurate or incomplete data we hold about you.
  • The Right to Erasure (the 'Right to be Forgotten'): You have the right to request the deletion of your personal data under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we temporarily or permanently stop processing all or some of your personal data.
  • The Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format and to have it transmitted to another service.
  • The Right to Object: You have the right to object to us processing your data at any time, for example, when our processing is based on our "legitimate interests."
  • Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. (Our Service does not currently use this type of processing).
  • The Right to Withdraw Consent: For any data processing that is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • The Right to Lodge a Complaint: If you believe we are processing your personal data unlawfully, you have the right to file a complaint with your local data protection authority.

3. Exercising Your Rights

We are committed to making it easy for you to exercise your rights. You can control your personal data in the following ways:

A. Server Log Files

To enhance user privacy, we have configured our servers not to store IP addresses in our log files. When you visit our Service, our server automatically collects the following anonymized information that your browser transmits to us:

  • Browser type and version
  • Operating system used
  • The specific path (URL) you accessed
  • Date and time of the server request

This anonymized data is not merged with other data sources. We process this data for the purpose of ensuring the security and stability of our systems and for error analysis. This data is automatically deleted after a period of 7 days.

The legal basis for this processing is our legitimate interest in maintaining a secure and functional service (Art. 6(1)(f) GDPR).

B. By Contacting Us Directly

For any rights that cannot be exercised through your account settings, or if you prefer to contact us directly, please send your request via email to:

support@social-media-manager.info

This includes requests for access to your data, data portability, restriction of processing, or to object to processing.

C. Identity Verification

To protect the security of your personal data, we may need to verify your identity before we can process your request. This is a necessary security measure to ensure that we do not disclose personal data to any person who has no right to receive it. We may ask you to provide additional information to confirm that you are the authorized account holder.

D. Response Time and Fees

We will respond to all legitimate requests without undue delay and at the latest within one month of receiving the request. Exercising your rights is free of charge. However, in accordance with the GDPR, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded, repetitive, or excessive.

4. Data Processing and Its Purposes

This section details the personal data we collect when you use our Service and the specific purposes for which we process it.

A. Server Log Files

To enhance user privacy, we have configured our servers not to store IP addresses in our log files. When you visit our Service, our server automatically collects the following anonymized information that your browser transmits to us:

  • Browser type and version
  • Operating system used
  • The specific path (URL) you accessed
  • Date and time of the server request

This anonymized data is used exclusively for ensuring the security and stability of our systems and for error analysis. It is automatically deleted after a period of 7 days.

B. Account Registration and Use of the Service

To use our Service, you must create an account. The data processing for this is as follows:

  • Account Data: During registration, we collect your Name and Email Address. You also create a Password, which we store exclusively in a hashed, unreadable format.
  • Service Data: To perform the core functions of the Service, you provide us with text and/or images ("Your Content"). You may also connect your third-party platform accounts by providing us with access credentials or security tokens, which we store in an encrypted format.
  • Usage Data: We may collect anonymized data about how you interact with our Service, such as which features are used most frequently. This helps us understand usage patterns and improve the Service's functionality.

The primary purpose of processing this data is to provide and manage your account and deliver the services you have requested.

C. Contact via Email

If you contact us via our support email address (support@social-media-manager.info), we will process the data you provide (your email address, name, and the content of your inquiry) solely to respond to your request. This data will be retained only as long as necessary to resolve your inquiry and for any subsequent follow-up.

D. Use of Cookies

Our Service uses cookies, which are small text files stored on your device. We use only strictly necessary cookies that are essential for the Service to function correctly, such as managing your login session and ensuring security. We do not use any cookies for analytics, performance, or marketing purposes.

For more detailed information, please review our full Cookie Policy.

5. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we are required to have a valid legal ground ("legal basis") for each of our data processing activities. The legal bases we rely on for processing your personal data are as follows:

A. Performance of a Contract (Art. 6(1)(b) GDPR)

Much of our data processing is necessary for us to fulfill our contractual obligations to you, as outlined in our Terms of Service. This legal basis applies when we process your data to:

  • Create, manage, and maintain your user account.
  • Provide the core functions of the Service, including processing "Your Content" and managing connected third-party credentials.
  • Respond to your support requests and inquiries sent via email.

B. Legitimate Interests (Art. 6(1)(f) GDPR)

In some cases, we process your data based on our legitimate interests to operate and improve our Service, provided that these interests are not overridden by your rights and freedoms. This legal basis applies when we process data to:

  • Ensure the security, stability, and proper functioning of our systems by processing anonymized server log files.
  • Understand usage patterns and improve the Service's features by analyzing anonymized usage data.
  • Provide essential functionality, such as managing your login session, through the use of strictly necessary cookies.

You have the right to object to processing based on our legitimate interests at any time. For more information, please see the "Your Rights as a Data Subject" section.

C. Legal Obligation (Art. 6(1)(c) GDPR)

We may be required to process your personal data to comply with a legal or regulatory obligation, such as responding to a court order or a request from a law enforcement agency.

D. Consent (Art. 6(1)(a) GDPR)

We do not rely on consent as the legal basis for providing our core Service. If we were to introduce a feature or communication that requires your consent (for example, an optional marketing newsletter), we would ask for your explicit permission separately. In such cases, you would have the right to withdraw your consent at any time.

6. Data Sharing and Recipients

We do not sell or rent your personal data to third parties. We only share your personal data with the following categories of trusted third-party service providers ("subprocessors") when it is strictly necessary to provide our Service, or when we are required to do so by law.

  • Infrastructure and Hosting Providers: We use a third-party hosting provider located in Germany to operate our servers and store our data. Our provider processes data only on our behalf and in accordance with our instructions. We have a legally required Data Processing Agreement (DPA / Auftragsverarbeitungsvertrag) in place with our provider to ensure your data is protected.
  • AI Service Provider: To provide the core content adaptation feature of our Service, we send "Your Content" to our AI provider, Google (using the Gemini API). We have a DPA with Google that ensures they process your data securely and do not use it to train their models. For more details on this, please see the "Use of Artificial Intelligence" section.
  • Legal Obligations: We may disclose your personal data if we are legally required to do so, for example, in response to a court order or a request from a law enforcement agency. The legal basis for this is our legal obligation to comply with the law (Art. 6(1)(c) GDPR).

7. Use of Artificial Intelligence

The core feature of our Service is the AI-powered adaptation of your content. This section explains how we use artificial intelligence and how your data is handled in this process.

A. Our AI Service Provider

To provide this feature, we utilize the Google Gemini Application Programming Interface (API) as our AI service provider. In the context of GDPR, Google acts as a subprocessor for the content you provide.

B. Data Processing by Google

When you submit content for adaptation through our Service, that content ("Your Content") is securely transmitted to Google to be processed by their AI models.

C. Google's Data Use Commitments

We have a legally binding Data Processing Addendum (DPA) with Google which contractually ensures the privacy and security of your content. According to these terms:

  • Google will not use Your Content to train or improve its generative AI models.
  • Google will not use Your Content for any other purpose than to provide the AI service back to us.
  • Your Content is encrypted in transit and at rest by Google.

We have specifically chosen this enterprise-grade service to ensure your content is not added to any shared datasets and remains under your control. You can review Google's commitment to data privacy in their Cloud Data Processing Addendum: https://cloud.google.com/terms/data-processing-addendum.

D. Responsibility for AI-Generated Content

You acknowledge that AI-generated output is provided as a suggestion and may contain errors or inaccuracies. You are solely responsible for reviewing, editing, and approving all content before it is published on any Third-Party Platform.

E. Our Data Practices

For clarity, we do not use Your Content to train any of our own proprietary AI models.

8. International Data Transfers

A. Primary Data Hosting

Our primary infrastructure and servers, where your account and service data are stored, are located exclusively within Germany, within the strong data protection framework of the European Union.

B. Transfer for Internal AI Processing

To provide our AI content adaptation feature, we use Google's Gemini API. This involves transferring the content you wish to adapt to Google, which may process this data on servers located in the United States. This transfer is necessary for the core functionality of the Service. To protect your data, we rely on Google's certification under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection.

C. User-Directed Transfers to Publishing Destinations

Our Service allows you to connect to various third-party platforms to publish your content. When you configure and use these connections, you are instructing us to transfer your content to that specific destination. The location of these destinations is under your control, and they may be outside the European Economic Area (EEA). This applies when you publish to:

  • Social Media Platforms: Such as Meta (Facebook and Instagram).
  • Content Management Systems: Such as a self-hosted WordPress site.
  • Email Services: Via SMTP to an email provider of your choice.

For these user-directed transfers, you are responsible for ensuring that the destination service provides adequate data protection. Where available (such as with Meta), we rely on safeguards like the EU-U.S. Data Privacy Framework. For other services (like your own WordPress host or email provider), you are responsible for the data protection practices of the services you choose to connect.

9. Data Retention and Deletion

We adhere to the GDPR principles of data minimization and storage limitation, meaning we only store your personal data for as long as necessary to fulfill the purposes for which it was collected or as required by law. Your personal data associated with your account is retained for the entire duration that your account is active.

You have the right to delete your account at any time by navigating to your account settings at https://app.social-media-manager.info/settings and using the "Delete Account" function. When you initiate this process, your personal data will be promptly and permanently removed from our active production systems.

Please be aware that after deletion from our active systems, your data may persist in our secure, encrypted backup archives for a limited period (e.g., up to 30 days) before being permanently erased as part of our automated backup rotation cycle. Furthermore, we may be required to retain certain information to comply with our legal obligations (such as for tax and accounting purposes or in response to a legal investigation), even after your account has been deleted.

10. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. Our commitment to data security includes, among others:

  • Encryption: All data transmitted to and from our Service is encrypted in transit using SSL/TLS. Sensitive information, such as your account password and third-party access tokens, is stored in a hashed or encrypted format at rest.
  • Access Control: Access to personal data within our systems is strictly limited to authorized personnel who require it to perform their job functions.
  • Regular Reviews: We regularly review and update our security practices to adapt to new threats and to align with industry best practices.

However, it is also important for you to protect your own data. Please use a strong, unique password for your account and keep your login credentials confidential.

Please be aware that despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

11. Children's Privacy

Our service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We'll notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

13. How We Handle "Do Not Track" Signals

Our Service does not currently respond to "Do Not Track" signals because there is no industry-standard approach to handling them.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at "support@social-media-manager.info" or by mail:

Lukas Hübner
In der Seite 15
57250 Netphen
Germany