Privacy Policy
This policy describes how MPI GmbH processes personal data when you use SMGR at smgr.at, in accordance with the GDPR and Austrian data protection law.
Company-wide privacy information from MPI GmbH: mpi-erp.at/datenschutz
1. Controller
MPI GmbH
Badstraße 14
A-4160 Aigen-Schlägl
Österreich
office@mpi-erp.at
See also Imprint.
2. Scope
This policy covers the SMGR web application, APIs, background jobs, and integrations used to plan and publish social content. It supplements the MPI GmbH privacy notice linked above.
3. Data we process
- Account — name, email, password hash, verification status
- Workspace — workspace name, members, roles, subscription tier
- Brand & content — profiles, plan slots, drafts, media, publish queue
- Integrations — OAuth tokens, connection metadata, encrypted session payloads
- Billing — Stripe customer and subscription status (card data stays with Stripe)
- Usage — AI quota, pipeline logs, impersonation audit entries
- Technical — IP address, session cookies, server logs
4. Purposes and legal bases
- Providing SMGR — Art. 6(1)(b) GDPR (contract)
- Billing and fraud prevention — Art. 6(1)(b) and (f) GDPR
- Security and abuse detection — Art. 6(1)(f) GDPR
- Support and product improvement — Art. 6(1)(f) GDPR
- Legal obligations — Art. 6(1)(c) GDPR
5. Processors
We use hosting providers, Stripe, OpenAI or your BYOK provider, Meta, TikTok, and email delivery services under data processing agreements where required.
6. Retention
- Account data — for the life of the account plus statutory retention
- Deleted workspaces — soft-deleted 30 days, then permanent removal including media
- Billing records — per Austrian tax and commercial law (typically 7 years)
7. Your rights
You have rights of access, rectification, erasure, restriction, portability, and objection. You may complain to the Austrian Data Protection Authority (dsb.gv.at).
Contact: office@mpi-erp.at
8. Cookies
Essential session cookies are used for authentication. No advertising cookies are set by default.