Privacy Policy
Effective Date: March 4, 2026
1. Data Controller
The data controller responsible for the processing of your personal data is OnlineBuilders LLC. For our full company details and contact information, please see our Imprint.
This Privacy Policy explains how we collect, use, and protect your personal data when you use OetziBot. We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Data Protection Contact
For any questions regarding data protection or to exercise your rights, please contact us via the details on our Imprint page.
3. Data We Collect
We collect and process the following categories of personal data:
a) Account Data
- Name, email address (via Firebase Authentication or beta signup)
- Google profile information (if signed in via Google)
- Company name, LinkedIn URL (optional, from beta signup)
b) Beta Signup Data
- First name, last name, email address
- Company name and LinkedIn URL (optional)
- IP address and user agent (for verification and fraud prevention)
- Consent status and timestamp
- UTM parameters and referral source (for marketing attribution)
- Language preference
c) Usage Data
- Content generation timestamps and scheduling data
- Feature usage patterns and interaction data
- Browser type, device information, IP address
d) Content Data
- Brand identities and descriptions you provide
- Generated scripts, videos, and media assets
- Social media account connections
e) Payment Data
- Transaction records and subscription details (via Mollie)
- We do not store full credit card numbers or bank details
4. Legal Bases for Processing
We process your personal data based on the following legal grounds (Art. 6 GDPR):
| Purpose | Legal Basis |
|---|---|
| Service provision, account management | Art. 6(1)(b) — Performance of contract |
| Payment processing | Art. 6(1)(b) — Performance of contract |
| Beta signup and verification emails | Art. 6(1)(a) — Consent |
| Newsletter and product updates | Art. 6(1)(a) — Consent |
| Analytics and service improvement | Art. 6(1)(a) — Consent (cookie banner) |
| Fraud prevention and security | Art. 6(1)(f) — Legitimate interest |
| Legal compliance and tax obligations | Art. 6(1)(c) — Legal obligation |
5. Sub-Processors & Data Transfers
To provide our Services, we share data with the following service providers:
| Partner | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Firebase | Authentication, Database, Storage, Hosting | EU / US | EU SCCs, DPF |
| Google Gemini | AI Content Generation | US | EU SCCs, DPF |
| AWS (Bedrock) | AI Video Generation | EU / US | EU SCCs, DPF |
| ElevenLabs | AI Voice Generation | US | EU SCCs |
| Mollie | Payment Processing | EU (NL) | GDPR compliant |
| Mailgun | Transactional Emails | EU | GDPR compliant |
| Crosspostify | Social Media Publishing | EU / US | EU SCCs |
| Cloudflare | Security, CDN, CAPTCHA (Turnstile) | Global | EU SCCs, DPF |
| Google Analytics | Website Analytics | EU / US | EU SCCs, DPF, IP anonymization |
International Transfers: Where personal data is transferred outside the EU/EEA, we ensure adequate safeguards are in place, including EU Standard Contractual Clauses (SCCs), the EU-US Data Privacy Framework (DPF) where applicable, or other mechanisms permitted under GDPR.
6. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right to Access (Art. 15)Request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16)Request correction of inaccurate or incomplete personal data.
- Right to Erasure (Art. 17)Request deletion of your personal data ("right to be forgotten").
- Right to Restriction (Art. 18)Request restriction of processing of your personal data.
- Right to Data Portability (Art. 20)Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21)Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw ConsentWithdraw consent at any time without affecting prior processing.
- Right to Lodge a ComplaintFile a complaint with a data protection supervisory authority.
To exercise any of these rights, please contact us via the details on our Imprint page.
Supervisory Authority: If you are located in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with the data protection supervisory authority of your country of residence. A list of EU data protection authorities is available at edpb.europa.eu.
7. Cookies & Tracking
We use cookies and similar technologies on our website:
Essential Cookies (no consent required)
| Cookie | Purpose | Duration |
|---|---|---|
| Firebase Auth | User authentication and session management | Session |
| oetzi-locale | Language preference | Persistent |
| cookie-consent | Stores your cookie consent choice | 1 year |
| cf_clearance | Cloudflare Turnstile CAPTCHA verification | Session |
Analytics Cookies (consent required)
| Cookie | Purpose | Duration |
|---|---|---|
| Google Analytics | Website usage analysis (page views, interactions, conversions) | Up to 2 years |
Analytics tracking only occurs after you have given explicit consent via our cookie banner. You can change your consent at any time by clearing your cookies or using our cookie settings.
8. Automated Decision-Making
Our AI content generation involves automated processing of your brand data to create content. This processing does not constitute automated decision-making with legal or similarly significant effects on you as defined in Art. 22 GDPR. Content is generated based on your provided inputs and brand preferences, and you retain full control over whether to publish any generated content.
9. Data Retention
We retain personal data only for as long as necessary:
- Account data: Retained while your account is active, deleted within 30 days of account deletion.
- Beta signup data: Retained until account activation or 12 months after signup (whichever comes first), then deleted unless you become a paying customer.
- Payment records: Retained for up to 10 years as required by applicable tax law.
- Analytics data: Anonymized and aggregated, retained for up to 26 months.
- Log data: Retained for up to 90 days for security and debugging purposes.
If you request deletion of your data, we will comply within 30 days, except where retention is required by law.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and authentication (Firebase Auth)
- Regular security monitoring (Aikido)
- CAPTCHA protection against automated abuse (Cloudflare Turnstile)
- Rate limiting on API endpoints
11. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us (see Imprint) and we will delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 30 days before they take effect. The "Effective Date" at the top of this page indicates when the policy was last revised.
13. Contact
For all inquiries regarding this Privacy Policy, please refer to our Imprint for contact details.