Privacy & security

We're a Germany-based GDPR-first product. Customer data lives in the EU, we self-host the critical infrastructure, and we run the security checklist below so you don't have to audit it for us.

Where your data lives

• Database — self-hosted Supabase on netcup (Nuremberg, Germany). No cloud-managed Postgres, no cross-border replication.
• Background workers — same netcup rack, connected over WireGuard.
• Error tracking — self-hosted GlitchTip, also in Germany. No Sentry, no US-hosted telemetry.
• Email — Mailcow self-hosted on the same infrastructure. No Resend, no Mailgun.
• Payments — Stripe (Dublin, Ireland); their sub-processors are disclosed in our privacy policy.

Amazon tokens

Your Amazon refresh token is stored encrypted at rest (AES-256, key in Supabase vault). Access tokens are short-lived (60 minutes) and never logged. When you disconnect, both are deleted immediately.

Row-level security

Every database table is protected by Supabase RLS policies. A request authenticated as organization A cannot read or write any row belonging to organization B. This is enforced at the database layer, not just in application code.

Automated decisions (Art. 22 GDPR)

When an automation rule pauses a keyword or adjusts a bid, that counts as an automated decision under Art. 22 GDPR. You have the right to request human review, to object, and to receive an explanation of the rule logic. Every automated action is logged with the triggering rule, values, and timestamp.

Exporting and deleting your data

From Settings → Account → Export you can pull a JSON dump of everything we hold about you. Delete organization erases all campaign data, automation history, and audit logs within 30 days.