Terms of Service
Privacy Policy
Refund Policy Impressum
Terms of Service Privacy Policy Refund Policy Impressum

Privacy Policy

Last updated: 12 Nov 2025

NovaPress, operated by Sole Proprietor Alena Zhukovets, is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, and protect personal information received from your use of our website located at https://novapress.com/ ("Site") and our software-as-a-service solution for social media management ("Services"). Together, the Site and Services are referred to as the "Platform."

This Policy is an essential part of the Terms of Service, located at https://novapress.com/doc/terms, as well as any other contracts concluded with you, if it is directly provided by their terms and conditions.

1. What does NovaPress do?

NovaPress provides a social media management Platform that allows you to bring together all of your social media accounts for easy access and management through a single interface. With this Platform, you can manage campaigns, schedule and publish posts, and view analytics.

2. What information do we collect?

We collect the following information when you use our Services:

2.1. Profile information:

  • Your profile details, such as your name, email address, password, organization name and address, preferred language and time zone.
  • The Services you purchased from us, including the pricing plan, team members count and transaction history associated with the Services.

2.2. Social media content:

  • Your messages, posts, images, videos and other content that you create using Platform and upload to your social media accounts.
  • A specific location, such as an address, city, or place (for example restaurant or hotel), if you choose to share this information.
  • We only request the minimum scope of permissions required to provide the Services, in line with each platform’s developer policies.

When you connect a social media account (such as Facebook, Instagram, X/Twitter, TikTok, Pinterest, LinkedIn, Telegram, or other platforms that may be supported in the future and integrated into the Platform) to your NovaPress profile, we may collect some information from your social media account, such as:

  • Profile picture, display name, username/page ID, content of your post/tweets and engagement data (such as likes, reposts, reach and impressions) and audience data, to the extent permitted by applicable law. This information will be used solely to deliver the Services you have explicitly requested and will not be shared with any third party.
  • Access tokens - strictly for the purpose of enabling the Services (e.g., posting on your behalf, retrieving analytics). These tokens are stored securely, used only by NovaPress, and never shared with third parties.

2.3. Logs, usage, and support data:

  • Log data, which may include your IP address, your browser type and settings, your device information (such as make, model, and OS), the web pages you visit, the search terms you use, and any advertisements you click.
  • Usage data and analytics, which may include login frequency and various types of user activities, such as frequently visited sections of the Services.
  • Usage analytics (login frequency, activity patterns).
  • Support questions, issues, and general customer feedback that you choose to provide.

2.4. Payment information

For billing, we process subscription plan details and transaction history. Payment card details and billing addresses are collected and processed exclusively by our authorized payment providers (e.g., Stripe, 2Checkout). NovaPress does not store or have access to your full payment card details.

3. How do we use your information?

3.1. Purposes of processing

We may use your personal information for:

  • Schedule and publish your posts/tweets/messages on social media platforms.
  • Show you analytics for your social media platforms.
  • If you choose to share your specific location information, we use that information to provide location-based features, such as allowing you to share your location in your social media posts that support that feature, and to use any location-based features.
  • Provide you with customer support.
  • Send you reminders, technical notifications, updates, product announcements, security alerts, support and administrative messages, service bulletins, or marketing materials.
  • Provide you with Services and other products that you may request or for which you have expressed an interest.
  • Conduct online surveys about the Platform.
  • Manage our day-to-day business needs, such as administration of the Platform, fraud prevention, enforcement legal terms and any other contractual agreement relating to our Platform or to comply with the law.

We do not use your personal data for automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).

3.2. Use of data from connected social media platforms

We use information obtained from connected social media platforms strictly in accordance with their respective platform terms and developer policies.

NovaPress does not use any data received from any social media platform for:

  • advertising,
  • cross-promotional purposes, or
  • building or augmenting user profiles.

All such data is used solely to provide and improve the functionality of our Services, in accordance with applicable platform policies and applicable law.

3.3. Special notice for Meta platforms

When processing data from Meta platforms (e.g., Facebook, Instagram), NovaPress acts strictly in accordance with Meta Platform Terms and Developer Policies. We only request the minimum necessary permissions required to provide the intended features (such as publishing posts and retrieving analytics).

Data received from Meta is:

  • Used solely for the purposes of providing and improving the requested features;
  • Not shared with any third parties;
  • Never used for advertising, cross-promotional purposes, or building or augmenting user profiles.

We retain Meta Platform data only as long as needed to provide the requested features and delete it automatically when you disconnect your Meta account or when tokens expire, and earlier upon a valid deletion request received via Meta’s user-initiated data deletion callback.

3.4. Controller/Processor roles

For your NovaPress account, billing, and our website, NovaPress acts as an independent controller. For social-media content and related personal data processed solely to provide the Services on your documented instructions (e.g., scheduling/publishing posts, retrieving analytics), NovaPress acts as a processor under Art. 28 GDPR. A Data Processing Agreement (DPA/AV-Vertrag) is available upon request.

4. To whom we may share your information?

We do not rent or sell your information. We restrict access to your information to authorized employees and do not share it with third parties except in the circumstances described below.

4.1. Social media platforms

Our primary use of information is to publish your content on social platforms and show you analytics for your social media platforms.

Data shared with social media platforms is limited to what is necessary for publishing content or retrieving analytics, in line with each platform’s API policies.

We may allow you to connect your NovaPress account to an account on a third-party social media platform, (such as Facebook, Instagram, TikTok, X/Twitter, Pinterest, LinkedIn, Telegram) and share your information to and from this third-party platform.

After you share your content on a social media platform, its use will be regulated by that platform's privacy policy.

4.2. Employees and authorized contractors

Our employees and authorized contractors may require access to your information when they need it to do their job. For example, a customer support worker may require access to your account to identify you and answer your question; our security personnel may review information to investigate fraudulent account activity or other attempts to compromise the Services.

All of our employees and contractors are required to agree to keep your information confidential and to protect your privacy.

4.3. Third-party subprocessors

We may engage selected third-party service providers (subprocessors) to support the operation of the Platform. These providers process limited categories of personal data only on our behalf and under strict data protection agreements. They are contractually bound to:

  • Process personal data solely in accordance with our instructions,
  • Implement appropriate technical and organizational safeguards,
  • Delete or anonymize data upon termination of the service relationship.

Our current subprocessors are:

  • Microsoft Azure - compute, storage, managed databases, and infrastructure. Configured to EU regions and the EU Data Boundary where available.
    DPA: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .
  • Hetzner Online GmbH - web hosting for the Site and hosting/infrastructure for the Services (e.g., app servers, workers, logging). Data centers in Germany.
    DPA: https://www.hetzner.com/AV/DPA_en.pdf .
  • SparkPost (via MessageBird) – transactional and notification email delivery.
    DPA: https://dotcom.messagebird.com/content/sparkpost.com_policies_dpa_.pdf .
  • Stripe - payment processing.
    DPA: https://stripe.com/gb/legal/dpa .

These subprocessors are contractually prohibited from accessing or using your data for any purposes other than providing the contracted services.

We may update this list if we onboard additional subprocessors (e.g., Verifone / 2Checkout for payment processing). Any such updates will be reflected in this Privacy Policy.

4.4. Law enforcement and government agencies

We may need to disclose information about you when we are required to do so by law, such as in response to a court order or lawsuit, or to establish, protect or enforce our legal rights or defend against legal claims or demands.

In the case of government requests for access to information relating to you or your organization, we will first try to redirect the request to you and/or first try to inform you, unless prohibited by law.

Additionally, we may disclose information about you if we believe it is necessary to protect our rights or property (or to the rights or property of those who use our Services), to protect us from liability, to protect the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive, or legally actionable activity, regarding situations that involve the security of our Services, abuse of the Services infrastructure, or third-party services (such as voluminous spamming, or denial of service attacks).

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • To perform a contract (Art. 6(1)(b) GDPR).
  • Based on your consent (Art. 6(1)(a) GDPR), e.g., for marketing communications.
  • To comply with legal obligations (Art. 6(1)(c) GDPR).
  • For our legitimate interests (Art. 6(1)(f) GDPR), such as improving services and preventing fraud.

6. Cookies and tracking technologies

We use cookies and similar technologies under § 25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz) and process any personal data collected via cookies under the GDPR. Non-essential cookies are used only with your consent via our banner/Cookie Preferences page. Where applicable, our consent solution is designed to be compatible with Germany’s Consent Management Ordinance (EinwV) effective 1 April 2025.

Types of cookies we use:

  • Necessary cookies – required for core site functions (e.g. login, language, time zone).
  • Functional cookies – enable extra features (e.g. social media widgets, feedback tools).
  • Analytics cookies – help us understand site usage and improve services.
  • Performance cookies – monitor stability and technical performance.
  • Marketing cookies – deliver personalized ads and measure campaigns.

Your consent:

  • Accept all cookies,
  • Reject non-essential cookies, or
  • Manage your preferences.

You can withdraw or change your consent at any time via our Cookie Preferences page, located at https://novapress.com/cookie-preferences.

Non-essential cookies (Functional, Analytics, Performance, Marketing) are only used if you give consent through the cookie banner or the Cookie Preferences page.

7. Data Security

We implement industry-standard technical and organizational measures, including encryption in transit (TLS) and at rest, strict access control (RBAC), secret management for API tokens, least-privilege service roles, audit logging, and regular access reviews. We maintain secure key rotation and promptly revoke and delete access tokens upon account disconnection or token expiry.

8. Data Retention

We retain personal data only as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements. Access tokens are stored only while your account remains connected. Billing and transaction records are retained as required under German tax law.

9. Your data protection rights

You have the following data protection rights:

  • If you want to access, correct, update, or request the deletion of your information, you can do so at any time simply by contacting us at support@novapress.com. Please note that if you request to remove your information, it may prohibit you from using the Site and/or Services.
  • If you decide at any time that you no longer wish to receive marketing messages from us, follow the unsubscribe instructions in any of the messages. You may also opt out from receiving commercial email from us by sending your request to us by email at support@novapress.com.

Additional rights for users in the European Economic Area (EEA):

If you are located in the EEA, you also have the following rights under the General Data Protection Regulation (GDPR):

  • The right to access the personal data we hold about you (Art. 15 GDPR),
  • The right to have inaccurate or incomplete data corrected (Art. 16 GDPR),
  • The right to request deletion of your data (Art. 17 GDPR),
  • The right to restrict how we process your data (Art. 18 GDPR),
  • The right to receive your data in a portable format (Art. 20 GDPR),
  • The right to object to processing based on our legitimate interests (Art. 21 GDPR).

If you wish to exercise any of these rights, please contact us at support@novapress.com. We will respond within 30 days as required by law.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the supervisory authority: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

10. Privacy Policy change

10.1. We may update this Policy from time to time to reflect changes in our Services, applicable laws and other factors. We will follow applicable laws and regulations regarding notification of such changes.

10.2. The applicable version of the Policy shall be available at https://novapress.com/doc/privacy.

11. Data Deletion

  • Account deletion: You can request deletion of your NovaPress account and all related data by contacting support@novapress.com
  • Meta platform data: If you connected via a Meta platform (such as Facebook or Instagram), you may also initiate deletion directly through your Facebook/Instagram account settings or via the data deletion callback provided to Meta. Once Meta sends us the request, our system will automatically delete all information related to your connected Meta account stored in NovaPress.
  • If Meta communicates to us a data subject rights request (e.g., access, correction, deletion), we will promptly inform you and comply with the request as required under applicable law and Meta’s policies.
  • Deletion requests related to other integrated platforms (e.g., X/Twitter, Pinterest, LinkedIn, Telegram) can be made via support@novapress.com and will be handled in accordance with this Policy.
  • Please note: certain data may need to be retained as required by law (e.g. billing records, tax documents) even after account deletion. Such data will be retained only for the legally required period and then securely deleted.

12. Data Controller

NovaPress (operated by Sole Proprietor Alena Zhukovets)
Dr.-Carlo-Schmid-Straße 214
90491 Nürnberg, Germany
support@novapress.com

Data Protection Officer

We assess that NovaPress’s core activities do not involve large-scale, regular and systematic monitoring of individuals; therefore a Data Protection Officer is not required under Art. 37 GDPR. We review this assessment periodically as our Services evolve.

However, we take privacy seriously and have designated internal staff to oversee our data protection compliance.

13. How to contact us

If you have any questions or concerns about our use of your information, please contact us using the following details: support@novapress.com.