GDPR & data deletion

Your data: stored in our SQLite database on Hetzner servers in Germany (GDPR-compliant). Includes email, password hash, niche/city/audience description, search history, saved signals.

Surfaced posts: we only show posts from public profiles. We do not store ALL public posts — only those matching your active searches.

Right to delete: email hello@bypath.app — we delete your account + all associated data within 7 days. Confirmation email sent.

Right to access: ask hello@bypath.app — we export your data as JSON within 7 days.

Right to portability: included in the export above.

Third-party processors: Stripe (EU + USA, billing only), OpenAI (USA, for AI classification — post text + your search criteria only), Apify (Czech Republic, scraping), Resend (USA, email delivery), Hetzner (Germany, hosting), Vercel (USA, frontend).