Privacy Policy

This English version is provided for convenience. In case of any discrepancy with the German version, the German original prevails.

1. Overview

This Privacy Policy explains how Noorder partners GmbH ("we", "us", "our") processes personal data when you visit autopilot.ventures, subscribe to our newsletter, become a member of AV Insider, or otherwise interact with this website. We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

2. Data Controller

Noorder partners GmbH
Neubertstraße 36
22087 Hamburg, Germany
Email: [email protected]
Managing Director: Martin Zielinski

For all privacy-related questions, please contact us at [email protected].

3. When You Visit This Website

3.1 Server Log Data

When you access autopilot.ventures, our hosting provider automatically records technical information required to deliver the site, including:

• IP address (shortened/anonymized where feasible)
• Date and time of the request
• Requested URL / page
• Referrer URL (the page you came from)
• Browser type and version, operating system
• HTTP status code and transferred data volume

Legal basis: Art. 6 (1) (f) GDPR — our legitimate interest in operating a secure and stable website.
Retention: Server logs are deleted or anonymized after a maximum of 30 days.

3.2 Built-in Ghost Analytics

This website is built on Ghost, an open-source publishing platform hosted by the Ghost Foundation (Ghost(Pro)). Ghost provides privacy-focused, built-in analytics powered by Tinybird. This analytics system is cookie-free and does not use persistent identifiers or cross-site tracking. It aggregates pageviews, referrers, country-level location (derived from IP at the point of request, not stored), and session indicators to help us understand which content is useful.

Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in measuring content reach in a privacy-preserving way.
Data storage: Ghost(Pro) servers are located in Amsterdam, The Netherlands (EU).

4. Cookies

The site currently sets only essential cookies (Ghost session and Portal cookies). No analytics or marketing cookies are in use. Should we introduce any non-essential cookies in the future, we will obtain your prior consent via a consent banner in accordance with §25 TTDSG and Art. 6 (1) (a) GDPR.

The following cookies may be set:

• Ghost session cookies (ghost-members-ssr, ghost-admin-api-session) — essential, used to keep you signed in as a member or admin. Session-based, expire on browser close or after a short period.
• Ghost Portal cookies — essential, used by the sign-in / sign-up flow (the "Subscribe" / "Sign in" modal). They remember the state of your interaction with the membership portal.
• Stripe cookies — set only when you access a checkout page. Stripe uses cookies (__stripe_mid, __stripe_sid) for fraud prevention. See stripe.com/privacy.

You can manage or withdraw your cookie preferences at any time by clearing cookies in your browser settings.

5. Newsletter: AV Intelligence

When you subscribe to our newsletter (AV Intelligence) we process:

• Email address (required)
• Name (optional)
• Subscription timestamp, IP address of subscription, and confirmation timestamp

We use a double opt-in procedure: after entering your email, you will receive a confirmation message. Your subscription only becomes effective once you click the confirmation link. This serves as proof of consent.

Legal basis: Art. 6 (1) (a) GDPR (your consent) and §7 (2) UWG.
Retention: We store your data for as long as you remain subscribed. You can unsubscribe at any time using the link at the bottom of every newsletter, or by emailing [email protected]. After unsubscribing, we may retain evidence of your consent for a limited period to document compliance.

5.1 Newsletter Processor: Mailgun

Newsletter delivery is handled by Mailgun Technologies, Inc. (San Antonio, Texas, USA) on behalf of Ghost. Mailgun processes your email address and engagement data (open/click events, where enabled) to deliver our newsletters reliably and to reduce spam. We have a data processing agreement in place via Ghost, and transfers to the United States are safeguarded through the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.

6. Membership and Payments (AV Insider)

If you become a paying member (AV Insider, EUR 144/year), we process:

• Email address and name
• Billing details and payment metadata (passed to Stripe, see below)
• Subscription status and invoice history

Legal basis: Art. 6 (1) (b) GDPR — performance of the membership contract.

6.1 Payment Processor: Stripe

Payments are processed by Stripe Payments Europe, Ltd. (Dublin, Ireland) with technical processing by Stripe, Inc. (USA). When you check out, data such as name, email, billing address, and payment method are submitted directly to Stripe. We do not see or store your full card details. Transfers to the United States are safeguarded by the EU–US Data Privacy Framework and SCCs. See Stripe's privacy policy: stripe.com/privacy.

7. Contact by Email

If you contact us by email, we process the data you provide (email address, name, content of your message) for the purpose of responding. Legal basis: Art. 6 (1) (b) or (f) GDPR. Messages are retained for as long as necessary to handle your inquiry and any resulting business relationship, and otherwise deleted.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — you can ask what data we hold about you
• Right to rectification (Art. 16 GDPR) — you can ask us to correct inaccurate data
• Right to erasure (Art. 17 GDPR) — you can ask us to delete your data
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR), in particular to processing based on legitimate interest
• Right to withdraw consent (Art. 7 (3) GDPR) — effective for the future, e.g. by unsubscribing from the newsletter

To exercise these rights, please contact [email protected]. We will respond within one month.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The authority competent for us is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(The Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Straße 22, 20459 Hamburg, Germany
Website: https://datenschutz-hamburg.de/

10. Data Retention

• Server logs: max. 30 days
• Newsletter subscription: until unsubscribed
• Member accounts: until deletion is requested or the membership is cancelled and statutory retention periods have elapsed
• Invoices and tax-relevant documents: up to 10 years pursuant to §147 AO (German Fiscal Code)
• Contact emails: for as long as necessary to handle the inquiry

11. No Automated Decision-Making

We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. The current version is always available on this page.

Last updated: April 2026