Privacy Policy

This Privacy Policy describes how pi-optimal UG (haftungsbeschränkt) ("we", "us", or "our"), located in Reutlingen, Germany, collects, uses, and protects your information when you use pi-automate, our workflow automation platform for Google Ads.

1. Data We Collect

When you use pi-automate, we collect and process the following types of data:

Google Ads Account Data

• Campaign and ad group information
• Ad content and performance metrics
• Customer lists and audience data
• Change history and audit logs

Account & Usage Data

• Email addresses and authentication information
• Workflow definitions and configurations
• API logs and technical usage data
• Communication records with our service

Important: Change logs may include email addresses of other team members with access to your Google Ads account. By using our service, you confirm you have the authority to share this information.

2. How We Use Your Data

We use your data for the following purposes:

• Workflow Execution: To execute the automation workflows you create and manage
• Natural Language Processing: To process your instructions through Azure OpenAI (hosted in Sweden)
• Service Operations: To maintain, improve, and secure our platform
• Billing: To manage your account and process payments

Operation Modes

• Co-Pilot Mode (Default): AI-generated suggestions require your approval before execution
• Autopilot Mode (Experimental): Fully automated execution without human review

3. Legal Basis (GDPR)

We process your data under the following legal bases as defined in GDPR Articles 6(1)(a-f):

• Consent: Where you have given explicit consent for processing
• Contract Performance: To fulfill our contractual obligations to you
• Legitimate Interests: For service improvement and security purposes

4. Third-Party Services

We share data with the following third-party service providers:

• Microsoft Azure (Netherlands): Infrastructure and data storage
• Microsoft Azure OpenAI (Sweden): AI/LLM processing for natural language instructions

We do not currently use third-party analytics, marketing, or advertising services.

5. Data Security

We implement the following security measures to protect your data:

• HTTPS/TLS encryption for all data in transit
• Encrypted authentication tokens
• Role-based access controls
• Secure data storage with encryption at rest

Note: As an early-stage startup, we do not yet have formal certifications such as SOC 2 or ISO 27001.

6. Data Retention

• Active Accounts: Data is retained for the duration of your authorization
• Deleted Accounts: Data is removed within 30 days of account deletion
• Backups: May persist for up to 90 days after deletion
• Legal Requirements: Some data may be retained longer if required by law

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Data Portability: Receive your data in a portable format
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Object: Object to certain types of processing

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: