LegalPrivacy Policy
This policy explains what personal data VODPilot processes, on which legal basis, how long it is kept, which third parties receive it, and which rights you have under the GDPR.
Last updated: April 21, 2026
1. Controller
The controller for data processing on this website and inside VODPilot is Michael Ketzer, Rotkehlchenweg 51, 40789 Monheim am Rhein, Germany. VODPilot is operated by Michael Ketzer. You can reach us at
support@vodpilot.com.
2. Data protection officer
A separate data protection officer has not currently been designated.
3. Categories and sources of personal data
- Account data such as email address, account identifiers, session information, and sign-in verification data.
- Workspace and service data such as member roles, channel connections, stream session records, VOD metadata, review status, and storage usage.
- Payment and subscription data such as Paddle customer IDs, invoices, subscription status, transaction references, and billing period records.
- Communication data when you contact support.
- We collect personal data directly from you, from connected services such as Twitch, and from payment-related events sent by Paddle.
4. Purposes and legal bases
- Account creation, authentication, connected-channel management, subscription handling, and service delivery are processed under Art. 6(1)(b) GDPR.
- Tax, accounting, invoicing, and mandatory record-keeping are processed under Art. 6(1)(c) GDPR.
- IT security, fraud prevention, abuse prevention, service stability, and support handling are processed under Art. 6(1)(f) GDPR based on our legitimate interest in operating VODPilot securely and reliably.
- If we request consent for a specific processing activity, the legal basis is Art. 6(1)(a) GDPR. Consent can be withdrawn at any time for the future.
5. Recipients and processors
- Neon: database infrastructure for application data.
- Paddle: payments, subscriptions, invoicing, and refund handling.
- Resend: transactional email delivery such as sign-in codes.
- Twitch: OAuth account connection and channel identity data.
- Cloudflare R2: object storage for media-related files.
6. International transfers
Some of the providers used by VODPilot may process personal data outside the EU or EEA, including in the United Kingdom and the United States. Where a recipient is located in a country without an adequacy decision, transfers are intended to be based on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, together with any supplementary measures offered by the relevant provider.
7. Retention periods
- Account and workspace data is generally kept for the duration of the customer relationship and then for up to three years for defence against legal claims, unless longer retention is legally required.
- Billing, invoice, and tax-relevant records are retained for the statutory retention period, generally up to ten years.
- Commercial and support correspondence may be retained for up to six years where required by commercial or tax law, otherwise for as long as necessary to handle the request and any follow-up.
- Verification codes are retained only until expiry or use.
- Connected-service data and stored content are retained until deletion, disconnection, account closure, or expiry of any mandatory retention obligations.
8. Provision of data
Providing personal data is necessary where it is required to create an account, authenticate you, connect third-party services, process subscriptions, or provide support. If required data is not provided, VODPilot may not be able to conclude or perform the contract.
9. Cookies and similar technologies
VODPilot uses essential technologies required for authentication, security, fraud prevention, and session continuity. We do not currently describe optional marketing or advertising cookies because they are not part of the present implementation.
10. Your rights
- You may request access to your personal data.
- You may request correction or deletion where applicable.
- You may request restriction of processing or object to certain processing.
- You may request data portability where applicable.
- You may withdraw consent at any time where processing is based on consent.
- You may lodge a complaint with a competent data protection authority.
11. Supervisory authority
12. Automated decision-making
VODPilot does not currently use solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR.
13. Security
We use reasonable technical and organizational measures to protect personal data. No internet-based service can guarantee absolute security, but we aim to minimize unauthorized access, loss, misuse, and alteration.
14. Changes to this policy
We may update this privacy policy when the product, legal requirements, or third-party processing arrangements change. The current version is always the one published on this page.