How DataPanda collects, uses, and protects your personal data.
This Privacy Policy describes how Digimark GmbH ("DataPanda", "we", "us") collects, uses, stores, and shares personal data when you use our platform at datapanda.io.
We are committed to protecting your privacy and handling your data in compliance with the EU General Data Protection Regulation (GDPR) and applicable data protection laws.
Digimark GmbH
Kolonnenstraße 8 · 10827 Berlin · Germany
Email: hello@digimarkstudio.com
When you register, we collect your email address and a hashed password. We do not store plain-text passwords.
When you connect an Instagram Business or Creator account, we receive access tokens and public profile data (username, profile picture, follower count, media metrics) via the Meta Graph API. We store only the data necessary to generate reports.
We collect activity logs (e.g., report creation, account addition) to enable the activity history feature and for security purposes. We also collect standard server logs (IP address, browser type, timestamps) for operational security.
Payment processing is handled by Stripe, Inc. We do not store credit card details. We receive and store subscription status, plan tier, and billing history references from Stripe.
We use cookies and similar technologies as described in our Cookie Policy.
| Purpose | Legal Basis |
|---|---|
| Providing the service (account, reports) | Contract performance (Art. 6(1)(b) GDPR) |
| Payment processing & billing | Contract performance (Art. 6(1)(b) GDPR) |
| Security & fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Analytics & service improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing & communications | Consent (Art. 6(1)(a) GDPR) |
| Legal obligations | Legal obligation (Art. 6(1)(c) GDPR) |
We use the collected data to: provide and operate the DataPanda service; process payments and manage subscriptions; send transactional emails (e.g., scheduled reports, password reset); respond to support requests; detect and prevent abuse or unauthorized access; improve and develop new features; and comply with legal obligations.
We do not sell your personal data. We share data only with trusted third-party service providers acting as data processors on our behalf:
We may also disclose data if required by law, court order, or to protect the rights and safety of DataPanda and its users.
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.
We retain your account data for as long as your account is active. After account deletion, we delete or anonymize personal data within 30 days, except where retention is required by law (e.g., financial records for 10 years under German tax law). Log data is retained for up to 12 months for security purposes.
Under the GDPR, you have the following rights:
To exercise your rights, contact us at hello@digimarkstudio.com. We will respond within 30 days. You also have the right to lodge a complaint with the Berlin Commissioner for Data Protection and Freedom of Information (BlnBDI).
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), hashed passwords, and access controls. See our Security Policy for more details.
DataPanda is a B2B service intended for users aged 18 and over. We do not knowingly collect personal data from minors.
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of DataPanda after changes constitutes acceptance of the updated policy.
📧 Privacy questions? Contact us at hello@digimarkstudio.com — we aim to respond within 2 business days.
