Privacy Policy | Model Pilot

1Controller

Name: Simon Eckert
Address: Leipziger Strasse 32, 04539 Groitzsch, Saxony, Germany
Email: [email protected]

2Data Protection Officer

No data protection officer has been appointed at this time.

3Categories of Data We Process

Account data (email, username, password hash, account settings).
Billing and subscription data (plan, status, invoices, transactions).
Communication and support data (messages, support requests).
Technical data (IP address, timestamps, device/browser info, logs, security events).
Usage and product data (feature usage, automation settings, activity records).

4Purposes and Legal Bases

Contract performance (Art. 6(1)(b) GDPR): provide and operate the service.
Legal obligations (Art. 6(1)(c) GDPR): accounting, tax, and compliance duties.
Legitimate interests (Art. 6(1)(f) GDPR): security, fraud prevention, and reliability.
Consent (Art. 6(1)(a) GDPR): only where optional features require prior consent.

5Payments

Payments are processed via Stripe. Stripe acts as payment service provider and processes payment data under its own responsibilities. Model Pilot remains the contractual seller and is responsible for its own subscription administration, invoicing, tax handling, and accounting obligations.

Payment provider: Stripe, Inc. / Stripe Payments Europe, Ltd. (depending on billing region)
Provider privacy policy: https://stripe.com/privacy
Data shared with provider: Email address, selected plan, subscription status, billing and order metadata, transaction amount, country, and tax-related details required for payment processing.
Card data: Payment card data is processed by Stripe, not by Model Pilot.

6Recipients and Processors

We share personal data only where required with hosting providers, infrastructure vendors, email services, support tools, and payment providers.

Current recipients and processors may include: Stripe (payment processing), Cloudflare (content delivery, security, abuse prevention), Google Fonts delivery endpoints (font file requests from page loads), hosting and infrastructure providers (service delivery and backups), email provider (support communication), and logging/monitoring providers (stability and abuse prevention).

7International Transfers

If personal data is transferred outside the EEA/UK, we apply appropriate safeguards, including adequacy decisions or Standard Contractual Clauses (SCCs), where required.

Depending on provider location, data may be processed in countries outside the EEA (for example by global CDN/security, payment, and infrastructure providers). Where required, transfers rely on adequacy decisions or SCCs with supplementary safeguards.

8Retention Periods

Account data: for the duration of the account plus 30 days after deletion request.
Billing and tax records: according to statutory retention periods (typically up to 10 years in Germany).
Logs and security records: 90 days.
Support data: 24 months.

9Cookies and Similar Technologies

We only use technically necessary cookies and local storage entries required for login security, session handling, and core interface preferences.

Necessary technologies in use: session/authentication cookie for login and security, theme preference storage for requested UI mode, and a dismiss-state record for the cookie information notice (model-pilot-cookie-info-dismissed-v1, stored for up to 365 days). We do not use analytics or marketing cookies.

10Your Rights

Right of access, rectification, erasure, restriction, portability, and objection.
Right to withdraw consent at any time with future effect.
Right to lodge a complaint with a supervisory authority.

11Supervisory Authority

Saechsische Datenschutz- und Transparenzbeauftragte, Devrientstrasse 5, 01067 Dresden, Germany, https://www.datenschutz.sachsen.de/

12Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The current version is always published on this page.