GDPR Compliance
At Minopa, we are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).
At Minopa, we are committed to protecting your privacy and complying with the European Union's General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how you can exercise them.
Minopa is operated by Mohammad Hossein Mardani, based in Köln, Germany. As a data controller established in the EU, we are fully subject to GDPR requirements.
Deletion
You have the right to request that we delete all of your personal data (GDPR Article 17 — Right to Erasure).
Delete Your Account
You can request deletion of your Minopa account and all associated data at any time:
- Log in to your account at https://minopa.com
- Go to Settings
- Click Delete My Account
- Confirm the deletion
Your account deletion request triggers one of two states:
- Pending Deletion: If you have an active paid subscription, you can continue using the Platform until your subscription period ends. Your subscription is cancelled at the end of the current billing period with no refund.
- Suspended: If you do not have an active paid subscription, your account is locked immediately and you will no longer be able to log in.
Permanent deletion occurs after a cooling-off period: the later of 30 days from your request or the end of your subscription period (if applicable). The default cooling-off period is 30 days.
Upon permanent deletion, the following data is deleted:
- Your account and profile information (name, email, avatar)
- All Workspaces you own, including team data, scheduled posts, drafts, media uploads, and analytics data associated with those Workspaces
- All uploaded media files from cloud storage
- Integration connections and OAuth tokens — tokens are revoked where supported (X, TikTok, Canva, Google Drive); tokens for other platforms (Instagram, Facebook, Threads, LinkedIn, Pinterest) expire naturally
- Usage records and activity history
- Contact information from marketing systems
The following data is retained:
- Stripe customer and billing records: retained for invoice and tax compliance as required by applicable law (typically 7 years under German law, § 147 AO / § 257 HGB)
Content already published to your social media platforms (Instagram, Facebook, LinkedIn, X, TikTok, Threads) will not be removed from those platforms — you must delete published content directly on each platform.
You may request reactivation of your account by contacting support before the permanent deletion date.
Request Deletion via Email
If you are unable to access your account or prefer to submit a request manually, you can contact us:
- Email: [email protected]
- Subject: Data Deletion Request
We will verify your identity and process your request within 30 days.
Data Deletion for Connected Social Platforms
If you connected your social media accounts (Facebook, Instagram, LinkedIn, X, TikTok, Threads) to Minopa and wish to remove Minopa's access and delete associated data:
- Disconnect the account in Minopa: Go to Settings → Integrations → click Disconnect next to the account.
- Revoke Minopa's access on the platform itself:
- Facebook/Instagram: Go to Facebook Settings → Apps and Websites, find Minopa, and click Remove.
- LinkedIn: Go to LinkedIn Settings → Permitted Services, find Minopa, and click Remove.
- X (Twitter): Go to X Settings → Connected Apps, find Minopa, and click Revoke Access.
- TikTok: Go to TikTok Settings → Security → Manage App Permissions, find Minopa, and remove access.
When you disconnect a social account in Minopa, all stored data from that platform (posts, analytics, account information) is deleted from our systems.
Facebook / Instagram Data Deletion (Meta)
In compliance with Meta Platform Terms, if you remove the Minopa app from your Facebook account via Facebook Settings → Apps and Websites, you can request deletion of all data Minopa has received from Facebook and Instagram.
To request data deletion:
- Go to Facebook Settings → Apps and Websites
- Find Minopa and click Remove
- Select Delete all data associated with Minopa
Alternatively, email us at [email protected] with the subject "Facebook Data Deletion Request" and include the email address associated with your account.
We will delete all Facebook and Instagram data within 30 days and can provide a confirmation code for tracking upon request.
Access / Portability
You have the right to request a copy of the personal data we hold about you (GDPR Article 15 — Right of Access) and to receive it in a portable format (GDPR Article 20 — Right to Data Portability).
What Data We Hold
When you request access, we can provide:
- Account information (name, email, avatar)
- Workspace and team membership data
- Content you created (posts, drafts, media)
- Connected social account information
- Analytics and performance data
- Billing history (via Stripe)
- Usage logs and activity history
- Legal document acceptance records
How to Request Your Data
Contact us to request a copy of your data:
- Email: [email protected]
- Subject: Data Access Request (or Data Portability Request)
We will verify your identity and provide your data in a structured, commonly used, machine-readable format (JSON or CSV) within 30 days.
Modification
You have the right to request correction of inaccurate personal data (GDPR Article 16 — Right to Rectification).
Self-Service Modifications
You can update the following directly in your account:
- Name and profile information → Settings → Profile
- Email address → Settings → Profile
- Password → Settings → Security
- Workspace settings → Workspace Settings
- Email preferences → Settings → Email Preferences
- Cookie preferences → Cookie Settings (available in the website footer)
Request a Modification
For changes you cannot make yourself, contact us:
- Email: [email protected]
- Subject: Data Modification Request
We will process your request within 30 days.
Data Protection Agreement
We have established agreements and safeguards to ensure the protection of all personally identifiable information that we collect and store.
Legal Basis for Processing
We process your personal data based on the following legal grounds (GDPR Article 6):
| Legal Basis | Examples |
|---|---|
| Contract (Art. 6(1)(b)) | Providing the Service, managing your account, processing payments, publishing your social media content |
| Consent (Art. 6(1)(a)) | Analytics cookies, marketing cookies, session recordings (Microsoft Clarity) |
| Legitimate Interest (Art. 6(1)(f)) | Service improvement, security monitoring, error tracking (Sentry), fraud prevention, newsletter and marketing emails |
| Legal Obligation (Art. 6(1)(c)) | Retaining billing records for tax compliance, responding to legal requests |
Data Processing Agreements
We have Data Processing Agreements (DPAs) in place with all third-party sub-processors that handle personal data on our behalf, ensuring they meet GDPR requirements.
International Data Transfers
Some of our sub-processors are located outside the European Economic Area (EEA). Where personal data is transferred internationally, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional technical and organizational safeguards
Sub-Processors
The following third-party services process personal data on our behalf:
| Provider | Service | Location | Data Processed |
|---|---|---|---|
| Hetzner | Server hosting and infrastructure | Germany (EU) | All platform data |
| Google (OAuth) | Social login authentication | USA | Email, name, profile picture |
| Stripe | Payment processing | USA | Billing details, transaction data |
| Google Analytics | Website analytics | USA | Usage data, device info, IP address (anonymized) |
| Microsoft Clarity | Session recordings and heatmaps | USA | Usage patterns, click behavior, device info |
| Sentry | Error tracking and monitoring | USA | Error reports, device info, IP address |
| Resend | Transactional and marketing email | USA | Email address, name, email preferences |
| Meta (Facebook/Instagram/Threads) | Social media API | USA | Account data, post data, engagement metrics |
| Social media API | USA | Account data, post data, engagement metrics | |
| X (Twitter) | Social media API | USA | Account data, post data, engagement metrics |
| TikTok | Social media API | Various | Account data, post data, engagement metrics |
This list may change as we add or remove services. We will update this page accordingly.
Use of Cookies and Similar Technologies
We use cookies and similar technologies to help our website and application work effectively. For complete details, see our Cookie Policy.
Summary
| Category | Purpose | Consent Required |
|---|---|---|
| Essential | Authentication, security, consent storage | No (strictly necessary) |
| Functional | Theme, language preferences | Yes |
| Analytics | Google Analytics, Microsoft Clarity, Sentry | Yes |
| Marketing | Currently not in active use | Yes |
You can manage your cookie preferences at any time via the Cookie Settings link in the website footer.
Your Rights Under GDPR
As a data subject, you have the following rights:
| Right | Article | Description |
|---|---|---|
| Access | Art. 15 | Request a copy of your personal data |
| Rectification | Art. 16 | Request correction of inaccurate data |
| Erasure | Art. 17 | Request deletion of your data ("Right to be Forgotten") |
| Restriction | Art. 18 | Request restriction of processing |
| Portability | Art. 20 | Receive your data in a portable format |
| Objection | Art. 21 | Object to processing based on legitimate interest |
| Withdraw Consent | Art. 7(3) | Withdraw consent at any time (does not affect prior processing) |
| Automated Decisions | Art. 22 | Not be subject to solely automated decision-making |
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, contact us at [email protected].
We will respond to all requests within 30 days. If a request is complex, we may extend this period by up to two additional months and will inform you of the extension.
Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33).
- Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34).
- Document all breaches, including the facts, effects, and remedial actions taken.
Children's Privacy
Minopa is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take immediate steps to delete that data.
Dispute Resolution
If you have concerns about how we handle your personal data, we encourage you to contact us first:
- Email: [email protected]
- Address: Krohstraße 2, 50968 Köln, Deutschland
Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. As we are based in North Rhine-Westphalia, Germany, the relevant authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) Kavalleriestraße 2-4 40213 Düsseldorf Germany Website: https://www.ldi.nrw.de
You may also contact the supervisory authority in your own EU member state.
EU Online Dispute Resolution
The European Commission provides an Online Dispute Resolution (ODR) platform: https://ec.europa.eu/consumers/odr/
Frequently Asked Questions
Q: Does GDPR apply to me if I'm not in the EU?
A: GDPR applies to anyone whose personal data is processed by an EU-based company (like Minopa), regardless of where you are located. We extend the same data protection rights to all our users worldwide.
Q: What happens to my data when I disconnect a social media account?
A: When you disconnect a social account (e.g., Facebook, Instagram, LinkedIn), all data associated with that account — including posts, analytics, and account information — is deleted from Minopa. Content already published to the social media platform remains on that platform.
Q: How long does it take to delete my data?
A: Account data is permanently deleted after a cooling-off period of at least 30 days from your request. If you have an active paid subscription, deletion occurs after your subscription period ends (if later than 30 days). Billing records may be retained longer as required by tax law. Analytics data in third-party services (Google Analytics, Clarity) expires according to their own retention schedules (see our Privacy Policy for details).
Q: Does Minopa sell my personal data?
A: No. We do not sell your personal data to any third party. We only share data with service providers who process it on our behalf under strict Data Processing Agreements.
Q: How can I opt out of newsletter or marketing emails?
A: Go to Settings → Email Preferences in your account to manage your subscriptions. You can also click the unsubscribe link in any newsletter or marketing email. Opting out does not affect service-related emails (e.g., account verification, billing notifications).
Q: How can I withdraw consent for analytics/cookies?
A: Click the Cookie Settings link in the website footer to update your preferences at any time. You can also manage cookies through your browser settings.
Q: What data does Minopa receive from Facebook/Instagram?
A: When you connect your Facebook Page or Instagram account, we receive account name, avatar, page/account data, post data, and engagement metrics. We use this data solely to provide the scheduling and analytics features of our Service. See our Privacy Policy for the full breakdown.
Contact
For any GDPR-related questions or requests:
- Data Controller: Mohammad Hossein Mardani
- Address: Krohstraße 2, 50968 Köln, Deutschland
- Email: [email protected]
- Website: https://minopa.com/contact