Privacy Policy

Last updated: March 30, 2026

1. Controller

The data controller responsible for processing your personal data under the EU General Data Protection Regulation (GDPR) is:

Lorenz Kutschka — Sole proprietor (Einzelunternehmer)
Graz, Austria
Email: [email protected]

2. What Data We Collect

2.1 Information you provide

  • Business description and questionnaire answers
  • Contact information (email, phone, business address)
  • Account credentials (if you create an account)
  • Payment information (processed by Stripe; we do not store card details)
  • Content you upload (logos, images, text)
  • Third-party account credentials (OAuth tokens for TikTok, Instagram, etc., if you connect them)

2.2 Automatically collected

  • IP address, browser type, device type
  • Usage data (pages visited, features used, timestamps)
  • Cookies and similar tracking technologies (see section 8)

3. How We Use Your Data

  • To provide the Service (generate, host, and deploy your websites)
  • To communicate with you about your account, billing, and product updates
  • To process payments via Stripe
  • To post content to your connected third-party accounts (only when explicitly initiated by you)
  • To prevent fraud and abuse
  • To comply with legal obligations
  • To improve the Service (aggregated, anonymized analytics only)

4. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance — to provide the Service you requested
  • Consent — for marketing emails, cookies, and optional third-party integrations
  • Legitimate interest — fraud prevention, service improvement, security
  • Legal obligation — tax records, compliance with court orders

5. Third-Party Processors

We use the following processors to provide the Service:

  • Cloudflare — website hosting and DNS (Cloudflare Inc., USA)
  • Railway — backend hosting (Railway Corp., USA)
  • Vercel — frontend hosting (Vercel Inc., USA)
  • Stripe — payment processing (Stripe Payments Europe, Ireland)
  • Resend — transactional email (Resend Inc., USA)
  • Anthropic — AI content generation (Anthropic PBC, USA)
  • Google (Stitch) — AI design generation (Google Ireland Ltd.)
  • Porkbun — domain registration, when applicable (Porkbun LLC, USA)
  • Upload-Post / similar — social media posting, when you connect such services

Transfers to processors outside the EEA are covered by Standard Contractual Clauses (SCCs) or adequacy decisions. We have Data Processing Agreements in place with all processors handling personal data.

6. InstantPage TikTok Integration

InstantPage offers an optional TikTok integration that allows our users (business owners, creators, and operators of small businesses who build websites with InstantPage) to publish video content to their own TikTok accounts directly from the InstantPage dashboard, as part of our website marketing features.

What data InstantPage collects when you connect TikTok:

  • OAuth access token and refresh token (stored encrypted)
  • Your TikTok open_id and username (for display in the dashboard)
  • Scopes granted: user.info.basic, video.publish, video.upload

How InstantPage uses this data:

  • To publish videos to your TikTok account, only when you explicitly click “Publish” in the InstantPage dashboard
  • To display your connected TikTok username in your InstantPage dashboard for account management
  • To refresh the access token when it expires, so you don't need to reconnect repeatedly

What InstantPage does NOT do:

  • We do not read, download, or access your TikTok videos, messages, comments, or followers
  • We do not post content on your behalf without your explicit action
  • We do not share your TikTok data with any third parties other than the processors listed in section 5
  • We do not use your TikTok data for advertising, profiling, or training AI models

Data retention and deletion: You may disconnect the TikTok integration at any time from your InstantPage dashboard under Settings → Integrations. Disconnecting immediately revokes InstantPage's access, deletes the stored OAuth tokens, and removes your TikTok account association from our systems. You can also revoke InstantPage's access at any time directly from your TikTok account settings.

Your use of TikTok is also governed by TikTok's Privacy Policy and TikTok's Terms of Service.

6a. Other Third-Party Platform Integrations

InstantPage also offers optional integrations with Instagram, Meta (Facebook), LinkedIn, X/Twitter, YouTube, and similar platforms. The same principles apply: we store only the minimum OAuth tokens needed, perform only actions you explicitly authorize, never access your data beyond the granted scope, and let you disconnect at any time from your dashboard.

7. Data Retention

  • Account data: retained while your account is active
  • Generated websites: retained while your subscription is active
  • Payment records: retained for 7 years (Austrian tax law)
  • Support emails: retained for 3 years
  • Analytics: anonymized and retained for up to 24 months

After account deletion, we remove your personal data within 30 days, except where retention is required by law.

8. Cookies

We use essential cookies for authentication and session management, and analytics cookies (with your consent) to understand usage. You can manage cookie preferences at any time.

9. Your Rights (GDPR Art. 15-22)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (export your data)
  • Withdraw consent at any time
  • Lodge a complaint with your data protection authority (in Austria: Datenschutzbehörde, dsb.gv.at)

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. Security

We use industry-standard security measures including TLS encryption, secure password hashing, and restricted access to production systems. However, no system is 100% secure. You are responsible for safeguarding your account credentials.

11. Children

The Service is not intended for anyone under 18 years old. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to registered users. The “Last updated” date at the top reflects the latest version.

13. Contact

Questions about this Privacy Policy or your data: [email protected]

instantpage.ai·Privacy Policy·Terms of Service