Web Developer& AI Consultant
markus stoeger
ContactDE
Back

PRIVACY POLICY

As of March 2026

Legal note: This English version is provided for convenience only. Only the German version is legally binding. In case of discrepancies between the two versions, the German text prevails.

1. Controller

Markus Stöger
Lehmhäusl 23, 3261 Steinakirchen am Forst, Austria
Email: office@markusstoeger.com
Phone: +43 660 326 64 97

2. Data We Collect

Website Visit

When our website is accessed, the web server automatically logs the following data: IP address, date and time of access, requested URL, referrer URL, browser and operating system used. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in operating and securing the website). Retention period: 7 days.

Contact Form

If you contact us via the contact form or by email, we store your name, email address, and message content to process your inquiry. Legal basis: Art. 6 (1) (b) GDPR (contract initiation) or Art. 6 (1) (f) GDPR. Retention period: 3 years after the end of communication.

Language Preference

We store your language preference (German/English) in your browser’s localStorage. This information never leaves your browser and is not transmitted to us.

3. Data Sharing

We do not share your data with third parties, except:

  • Hosting: Hetzner Online GmbH, Germany (servers in Nuremberg/Falkenstein) — under a Data Processing Agreement (DPA)
  • Email delivery: Contact form data is transmitted via email (end-to-end within our infrastructure)
  • Legal obligation: Upon official request

4. Your Rights

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection. Contact: office@markusstoeger.com

You have the right to lodge a complaint with the Austrian Data Protection Authority (dsb@dsb.gv.at, +43 1 52 152-0).

5. Cookies

This website does not use tracking or marketing cookies. Only a single localStorage entry is set for the language preference (not a cookie in the technical sense, no server access).

6. SSL/TLS Encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can identify an encrypted connection by the browser address bar switching from "http://" to "https://".

7. Hosting

This website is hosted on a dedicated server at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner is GDPR-compliant and ISO 27001 certified. A Data Processing Agreement (DPA) is in place.

8. Use of the Meta Graph API (Facebook & Instagram Auto-DM)

We operate an internal tool named HeyHank Auto-DM that connects to Meta platforms (Facebook Pages, Instagram Business) via the official Meta Graph API. This connection is used exclusively for comment-triggered Private Reply messages: when a user comments a keyword (pre-configured by the Page administrator) on a Page post or Instagram media, the tool sends a one-time private reply to that person containing the pre-configured content (typically a previously announced link or resource).

Data we process from Meta users

For each Auto-DM operation we technically process:

  • Comment ID (Meta-issued public comment identifier)
  • Commenter ID / Page-Scoped ID (Meta-issued public identifier for the commenting person)
  • Comment Text (compared against the configured keyword)
  • Post ID (public identifier of the commented post)
  • Display Name (if publicly visible on the comment)

We do NOT process: private profile information, email addresses, phone numbers, follower lists, reactions/likes, insights, ads data, or any other engagement statistics.

Purpose

The processing serves the sole purpose of executing the Page administrator’s Auto-Reply logic. Sent Private Reply messages are stored in the technical send-audit log with timestamp and IDs for deduplication purposes (preventing duplicate messages to the same person).

Retention

  • Comment ID + Commenter ID + Post ID + timestamp: as long as the associated Auto-DM rule is active (deduplication list). Deleted on rule deletion.
  • Comment Text: NOT persistently stored. Processed in-memory only during keyword matching.
  • Sent DM content: not retained beyond the send operation.

Revocation / Deauthorize

Page administrators can revoke the app authorization at any time via Facebook or Instagram settings (Settings → Apps and Websites → HeyHank Auto-DM → Remove). Our backend is automatically notified through the registered Deauthorize Callback URL: https://agent.markusstoeger.com/api/auth/meta/deauthorize. All stored tokens and configurations are subsequently deleted.

Data Deletion Requests

Users may request deletion of stored Auto-DM data (Comment ID + Commenter ID) at any time via the registered Data Deletion URL: https://agent.markusstoeger.com/api/auth/meta/data-deletion or by email to office@markusstoeger.com. We confirm deletion within 30 days.

Legal Basis

Processing is based on Article 6(1)(f) GDPR (legitimate interest in efficient customer funnel management for our own page content) and in compliance with the Meta Platform Terms.

Legal Notice · Terms & Conditions