← Back to homepage

Privacy Policy

Last updated: March 4, 2026

This Privacy Policy describes how CPI Technologies GmbH (“we”, “us”, “our”), the operator of PowerSetter.ai, collects, uses, stores, shares, and protects personal data. PowerSetter.ai is an AI-powered appointment scheduling platform that makes automated phone calls to book meetings on behalf of our users.

I. Data Controller

CPI Technologies GmbH
Brüsseler Str. 1-3
60327 Frankfurt am Main
Germany

Telefon: +49 6131 48 99 003
E-Mail: kontakt@cpitech.io

II. Data We Collect

a) Account Data

When you register, we collect: name, email address, company name, password (stored encrypted), IP address, and registration timestamp.

b) Call Data

For each call made by our AI, we store: recipient phone number, recipient name and email (if provided by user), call status and duration, full conversation transcripts, audio recordings of the conversation, booking details (date, time, type), and metadata such as source and language.

c) Payment Data

We collect billing address, company name, VAT ID, and payment method information. Credit card data is never stored on our servers — it is processed exclusively by our payment provider Stripe.

d) Integration Data

When you connect third-party services (Google Calendar, HubSpot, Microsoft Exchange), we store OAuth access tokens, refresh tokens, token expiration times, and the email address associated with the connected account.

e) Technical Data

We automatically collect: browser type and version, operating system, IP address, referrer URL, pages visited, date and time of access.

III. How We Use Your Data

We use your data for the following purposes:

  • Providing our AI appointment scheduling services, including making automated phone calls
  • Checking calendar availability and creating calendar events when appointments are booked
  • Synchronizing call results with your CRM system (when connected)
  • Processing payments and managing your subscription
  • Sending booking confirmations and calendar invitations via email
  • Technical improvement and security of our platform
  • Compliance with legal obligations

IV. Google User Data Usage

This section describes how PowerSetter.ai handles Google user data when you connect your Google Calendar account.

Data Accessed

We request the following Google OAuth scopes:

  • calendar.events – To read existing events (availability check) and create new events when a meeting is booked
  • calendar – To access free/busy information on your calendar
  • userinfo.email – To identify your connected Google account

How We Use Google Data

  • Availability checks: When our AI calls a prospect, your calendar is queried in real-time to determine available time slots. This only occurs at the time of an active phone call.
  • Event creation: When a prospect confirms a meeting time, our system automatically creates a Google Calendar event with the title, time, attendee information, and an optional Google Meet link.
  • We do not store Google Calendar data on our servers. Calendar queries are performed in real-time and are not cached.

Google Data Sharing

Google user data is not sold, rented, or used for advertising purposes. Google Calendar data is not used for AI/ML model training. Access to Google data is solely for the purpose of providing the appointment scheduling functionality you requested.

Google Data Storage

We only store OAuth tokens (access and refresh tokens) to access the calendar on behalf of the user, and the email address of the connected Google account. Calendar contents (events, free/busy data) are not stored on our servers.

Revoking Google Access

You can revoke Google Calendar access at any time via: (1) the integration settings in your PowerSetter.ai account, or (2) the “Third-party apps” page in your Google Account at https://myaccount.google.com/permissions. Upon revocation, stored OAuth tokens are immediately deleted from our system.

V. HubSpot Data Usage

When you connect your HubSpot account, we request the following permissions:

  • crm.objects.contacts.read and crm.objects.contacts.write – To read and create contacts in your HubSpot CRM
  • scheduler.meetings.meeting-link.read – To retrieve your meeting link configurations for appointment booking

How We Use HubSpot Data

  • Retrieving available appointment slots via your HubSpot meeting scheduler
  • Creating or updating contacts in your CRM after a call
  • Synchronizing call results (status, duration, summary) with your CRM

HubSpot data is not shared with any additional third parties and is used solely for providing the CRM integration functionality.

VI. Third-Party Services and Data Sharing

We use the following third-party services to operate our platform. Data is shared only to the extent necessary for each purpose:

a) ElevenLabs (AI Telephony)

Purpose: Conducting automated phone calls using an AI voice agent. Data shared: recipient phone number, name, company name, language, product description, call ID. Data received: conversation transcript, call status and duration, voicemail detection. ElevenLabs processes voice data in real-time and stores conversation recordings in accordance with their own privacy policy.

b) Twilio (Phone Delivery)

Purpose: Delivering phone calls. Twilio is used by ElevenLabs as the telephony provider. Data shared: phone numbers, audio data of conversations. Data processing is governed by Twilio’s privacy policy.

c) Stripe (Payment Processing)

Purpose: Payment processing and subscription management. Data shared: email, name, billing address, VAT ID, payment method. Credit card data is processed exclusively by Stripe and never stored on our servers. Stripe is PCI DSS Level 1 certified.

d) SendGrid (Email Delivery)

Purpose: Sending booking confirmations, email verifications, and password resets. Data shared: recipient email address, name, appointment details, calendar invitations (.ics files).

e) OpenAI (AI Text Generation)

Purpose: Generating objection handling suggestions based on the user’s product description. Data shared: only the product description entered by the user. No personal data is transmitted to OpenAI.

f) Vercel (Hosting and Analytics)

Purpose: Hosting the web application and collecting anonymized performance metrics. Data collected: page views, Core Web Vitals, anonymized usage data.

g) TikTok Pixel (Marketing Analytics)

Purpose: Measuring the effectiveness of our TikTok advertising campaigns and optimizing our marketing. On our landing page, we use the TikTok Pixel, a JavaScript code provided by TikTok Technology Limited (Ireland) and TikTok Inc. (USA).

Data collected and transmitted:

  • Page views and user navigation (ViewContent event)
  • Clicks on registration buttons (ClickButton event)
  • Completed registrations (CompleteRegistration and Lead events)
  • Device information: browser type, operating system, screen resolution
  • IP address (anonymized by TikTok)
  • Pixel ID and event timestamps
  • Hashed email address (SHA-256) upon successful registration – hashed exclusively on the client side before transmission; no plain-text email address is ever transmitted

The collected data is transferred to TikTok servers in the USA and other countries. TikTok uses the data to serve relevant advertisements and to build Custom Audiences and Lookalike Audiences. Data transfers to third countries (USA) are carried out on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring and optimizing our marketing activities). The TikTok Pixel is used exclusively on the public landing page, not in the logged-in app area.

Opt-out: You can object to data collection by the TikTok Pixel by disabling personalized advertising in your TikTok account settings or by visiting TikTok’s privacy policy at https://www.tiktok.com/legal/page/global/privacy-policy. You may also prevent data collection by using a browser ad blocker or by disabling third-party cookies in your browser settings.

h) Google Ads (Conversion Tracking)

Purpose: Measuring the effectiveness of our Google advertising campaigns and optimizing our ad spend. On our landing page and registration page, we use the Google Ads conversion tracking tag (Google Tag, formerly gtag.js), provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Data collected and transmitted:

  • Page views and navigation (page_view event)
  • Clicks on registration buttons (click event)
  • Completed registrations (sign_up, generate_lead, and conversion events)
  • Device information: browser type, operating system, screen resolution
  • IP address (anonymized by Google)
  • Conversion ID (AW-350722464) and event timestamps
  • Google Click ID (gclid) to attribute conversions to ad interactions

The collected data is transferred to Google servers in the USA and other countries. Google uses the data to measure ad conversions and optimize bidding strategies. Data transfers to third countries (USA) are carried out on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring and optimizing our marketing activities). The Google Ads tag is active exclusively on the public landing page and registration page, not in the logged-in app area.

Opt-out: You can disable personalized Google advertising at https://adssettings.google.com. Alternatively, you can prevent data collection via the Google Analytics opt-out browser add-on (https://tools.google.com/dlpage/gaoptout) or by disabling third-party cookies in your browser. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy

i) Meta Pixel / Facebook Pixel (Marketing Analytics)

Purpose: Measuring the effectiveness of our Facebook and Instagram advertising campaigns and optimizing our ad spend. On our landing page and registration page, we use the Meta Pixel (Pixel ID: 2154388281488546), provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Data collected and transmitted:

  • Page views (PageView event) on every page
  • Content views on the landing page (ViewContent event)
  • Clicks on registration buttons (custom ClickRegisterCTA event)
  • Completed registrations (Lead and CompleteRegistration events)
  • Device information: browser type, operating system, screen resolution
  • IP address, browser fingerprint, Facebook cookie (_fbp)
  • Pixel ID and event timestamps

The collected data is transferred to Meta servers in the USA and other countries. Meta uses the data to serve relevant advertisements and to build Custom Audiences and Lookalike Audiences on Facebook and Instagram. Data transfers to third countries (USA) are carried out on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring and optimizing our marketing activities). The Meta Pixel is active exclusively on the public landing page and registration page, not in the logged-in app area.

Opt-out: You can disable personalized Meta advertising in your Facebook settings at https://www.facebook.com/adpreferences/ad_settings. Further information can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy

j) Hotjar (User Behavior Analytics)

Purpose: Analyzing user behavior on our website through heatmaps, session recordings, and user surveys to improve the user experience. We use Hotjar (Hotjar Ltd., Level 2, St Julian’s Business Centre, Elia Zammit Street, St Julian’s STJ 3155, Malta).

Data collected:

  • Mouse movements, scroll depth, and click behavior (anonymized)
  • Session recordings: recordings of page interactions (inputs in form fields are automatically masked)
  • Device information: browser type, operating system, screen resolution, viewport size
  • IP address (anonymized – last octet is removed)
  • Referrer URL and pages visited
  • Hotjar User ID (hjid: 6662189)

Hotjar does not store full IP addresses. Inputs in password and payment fields are never recorded. Data is processed on servers in the EU and USA. Data transfers to third countries are carried out on the basis of Standard Contractual Clauses pursuant to Art. 46 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in analyzing and optimizing our user experience). Hotjar is active on all public pages.

Opt-out: You can disable Hotjar data collection at https://www.hotjar.com/legal/compliance/opt-out. Further information can be found in Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy

VII. Data Storage and Security

All user data is stored in a PostgreSQL database hosted by Neon in the AWS EU-Central-1 region (Frankfurt, Germany). The database connection is SSL-encrypted.

We employ the following security measures:

  • Encryption of all data transfers using TLS/HTTPS
  • Passwords are stored using cryptographic hashing and never in plain text
  • OAuth tokens are stored encrypted in the database
  • Access to production data is restricted to authorized personnel
  • Payment data is processed exclusively by PCI DSS-certified providers (Stripe)
  • Regular security reviews and updates

VIII. Data Retention and Deletion

Retention Periods

  • Account data: Stored as long as your account is active
  • Call data and transcripts: Stored as long as your account is active to provide access to your call history
  • Payment data: Stored in accordance with tax and commercial law retention periods (up to 10 years)
  • Integration tokens: Stored until the connection is revoked or the account is deleted
  • Server log files: Deleted after a maximum of 30 days

Your Right to Deletion

You may request the deletion of your data at any time by contacting us at kontakt@cpitech.io. Upon account deletion, all personal data, call recordings, transcripts, and integration tokens will be deleted within 30 days, unless legal retention obligations prevent this. OAuth tokens for connected services (Google, HubSpot, Microsoft) are deleted immediately.

IX. Your Rights (GDPR)

As a user and data subject, you have the following rights:

  • Right of access: Confirmation of whether personal data is being processed, and information about the processed data (Art. 15 GDPR)
  • Right to rectification: Correction of inaccurate or incomplete data (Art. 16 GDPR)
  • Right to erasure: Immediate deletion of your data (Art. 17 GDPR)
  • Right to restriction: Restriction of processing (Art. 18 GDPR)
  • Right to data portability: Receipt of your data in a common format (Art. 20 GDPR)
  • Right to object: Objection to processing (Art. 21 GDPR)
  • Right to lodge a complaint: Complaint with the competent supervisory authority (Art. 77 GDPR)

To exercise these rights, please contact us at kontakt@cpitech.io. We will respond to your request within 30 days.

X. Cookies

We use the following cookies:

  • Session cookie (session): Authentication and login status. Required for platform use.
  • Language preference (locale): Stores your preferred language (German/English). Valid for 1 year.
  • TikTok Pixel (_ttp, _tt_enable_cookie): Marketing and analytics cookies set by TikTok on our landing page. Used to measure advertising effectiveness and build audiences. Duration: up to 13 months.
  • Google Ads (_gcl_au, _gads, _gac_*): Conversion tracking cookies set by Google on the landing page and registration page. Used to attribute conversions to Google ad interactions. Duration: up to 90 days.
  • Meta Pixel (_fbp, _fbc): Marketing cookies set by Meta (Facebook/Instagram) on the landing page and registration page. Used to measure ad conversions and build audiences. Duration: up to 90 days.
  • Hotjar (_hjSessionUser_*, _hjSession_*, _hjid): Analytics cookies for heatmaps and session recordings. Set on all public pages. Duration: up to 1 year (_hjid) or session duration (_hjSession_*).

No tracking or advertising cookies are used in the logged-in app area. The TikTok Pixel, Google Ads tag, and Meta Pixel are active exclusively on the public landing page and registration page.

XI. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): Providing our services, making calls, processing payments
  • Consent (Art. 6(1)(a) GDPR): Connecting third-party services (Google, HubSpot, Microsoft), newsletter signup
  • Legitimate interest (Art. 6(1)(f) GDPR): Platform security and stability, analysis and optimization
  • Legal obligation (Art. 6(1)(c) GDPR): Tax and commercial law retention requirements

XII. Contact

For questions about the processing of your personal data or to exercise your rights, please contact us:

Email: kontakt@cpitech.io

Phone: +49 6131 48 99 003

CPI Technologies GmbH, Brüsseler Str. 1-3, 60327 Frankfurt am Main, Germany