startuppilot .dev

Privacy Policy (EU) — Datenschutzerklärung

Last updated:

The German version of this page is authoritative; this English version is a courtesy translation. In case of any discrepancy, the German wording governs.

This Privacy Policy applies to citizens and persons with permanent residence in the European Economic Area and Switzerland.

In this Privacy Policy, we explain what we do with the data we have collected about you via https://startuppilot.dev. We recommend that you read this document carefully. During our processing, we comply with the legal requirements. This means, among other things:

  • We clearly state the purposes for which we process personal data. We do this through this Privacy Policy.
  • We aim to limit our collection of personal data to those personal data needed for legitimate reasons.
  • We will first obtain your explicit consent if necessary to process your personal data.
  • We take appropriate security measures to protect your personal data and require the same from parties that process personal data on our behalf.
  • We respect your right to view, correct, or delete your personal data.

If you have questions or would like to know what personal data we hold about you, please contact us.

1. Purpose, data, and retention period

We process personal data exclusively for the following purposes:

1.1 Contact (email, phone)

If you contact us by email at info@startuppilot.dev or by phone at +49 160 91849604, we process the following data:

  • First and last name (if provided)
  • Email address (for email contact)
  • Phone number (for telephone contact)
  • The content of your message

Legal basis: Art. 6 (1)(b) GDPR (initiation or performance of a contract) or Art. 6 (1)(f) GDPR (legitimate interest in responding to your inquiry).

Retention period: We store this data until your inquiry has been resolved. Correspondence subject to commercial or tax law retention requirements is kept for 6 or 10 years under the German Commercial Code (HGB) / Fiscal Code (AO).

1.2 CTO consulting engagement

Once you engage our CTO consulting offering, we additionally process:

  • Full name
  • Postal address
  • Phone number and email
  • Contract-related correspondence

Legal basis: Art. 6 (1)(b) GDPR (contract performance).

Retention period: Until the business relationship ends; commercial and tax law retention periods remain unaffected.

1.3 StartupPilot waitlist signup

When you sign up for the StartupPilot product waitlist, we process:

  • Your email address

Technical implementation (Tally): The waitlist is provided through Tally (Tally BV, August Van Lokerenstraat 71, 9050 Ghent, Belgium) as a processor within the meaning of Art. 28 GDPR. Tally is headquartered in the European Union; form responses are processed and stored on servers within the EU. Tally uses its own subprocessors (some outside the EU); transfers to those subprocessors are covered by the Standard Contractual Clauses (SCCs) adopted by the European Commission, concluded between Tally and the respective subprocessors.

Privacy-by-design: The Tally widget script (https://tally.so/widgets/embed.js) is only loaded after you explicitly click the waitlist button — never on regular page load. As long as you do not click the button, no network call is made to Tally.

Legal basis: Art. 6 (1)(a) GDPR (consent — your submission of the form in the Tally popup).

Retention period: Until you request deletion of your signup or until the waitlist program ends. Tally’s GDPR notice is available at tally.so/help/gdpr.

1.4 Server logs (Infomaniak hosting)

This website is hosted by Infomaniak Network SA (Switzerland). Infomaniak also operates our email infrastructure (kSuite) and acts as a processor within the meaning of Art. 28 GDPR; the existing data-processing agreement (Auftragsverarbeitungsvertrag) with Infomaniak covers both web hosting and email. When you visit the pages, technically necessary data is collected and stored in server logs:

  • IP address (truncated as soon as possible)
  • Date and time of access
  • Requested URL
  • HTTP status code and amount of data transferred
  • User-Agent (browser and device detection)
  • Referrer URL (if present)

Legal basis: Art. 6 (1)(f) GDPR (legitimate interest in stable, secure operation of the website and in defending against attacks).

Retention period: Server logs are retained by Infomaniak within statutory and operational retention periods; no further analysis takes place beyond that.

Data transfer to Switzerland: Infomaniak is headquartered in Switzerland. Switzerland is a third country within the meaning of Chapter V GDPR; however, the European Commission has issued an adequacy decision for Switzerland under Art. 45 GDPR, recognising an adequate level of data protection. The transfer is therefore permitted on the basis of that adequacy decision, and no additional safeguards (e.g., Standard Contractual Clauses) are required. Infomaniak’s privacy notice is available at infomaniak.com/en/gtc/privacy-policy.

2. Cookies

Our website uses cookies. For more information about cookies, please see our Cookie Policy.

3. Disclosure practices

We disclose personal data when we are required to do so by law or by court order, e.g. at the request of a law enforcement agency, to the extent permissible under the legal provisions, to provide information, or for an investigation in a matter affecting public safety.

If our website or our business is acquired or sold in the course of a merger or acquisition, your data may be disclosed to our advisors and potential buyers and transferred to the new owners.

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit the misuse of and unauthorized access to personal data. This ensures that only necessary persons have access to your data, that this access is protected, and that our security measures are regularly checked.

5. Third-party websites

This Privacy Policy does not apply to third-party websites linked to ours. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend that you read the privacy policies of these websites before using them.

6. Amendments to this Privacy Policy

We reserve the right to make changes to this Privacy Policy. It is recommended that you read this Privacy Policy regularly to inform yourself of changes. In addition, we will inform you wherever possible.

7. Access and editing your data

If you have questions or would like to know what personal data we hold about you, please contact us. You can reach us using the information below. You have the following rights:

  • You have the right to know why your personal data are used, what happens to them, and how long they are retained.
  • Right of access: You have the right to view the personal data we hold about you.
  • Right of rectification: You have the right, whenever you wish, to supplement, correct, delete, or block your personal data.
  • If you have given us your consent to process your data, you have the right to revoke that consent and have your personal data deleted.
  • Right to data portability: You have the right to request all your personal data from a controller and transfer them in their entirety to another controller.
  • Right to object: You can object to the processing of your data. We will comply with this unless there are legitimate grounds for the processing.

Please ensure that you always clearly state who you are, so that we can be sure not to process or delete the data of the wrong person.

8. Submitting a complaint

If you are not satisfied with the way we handle (your complaint about) the processing of your personal data, you have the right to submit a complaint to the data protection authority.

9. Contact details

Tobias Graf Randorferstr. 2 81673 Munich Germany

Website: https://startuppilot.dev Email: info@startuppilot.dev Phone: +49 160 91849604

© Tobias Graf, startuppilot.dev, 2026