Skip to content
Legal

Privacy policy

Last updated · June 2026

At a glance

PartsDesk is the back office for an aviation-parts broker — so it processes business data on the broker’s behalf. This policy explains what we process, why, who processes it with us, and the rights you have. The primary data store is hosted in the EU (Germany); some processing is carried out by carefully chosen providers outside the EU, listed in full below.

1Controller

The controller responsible for data processing is David Jöbstl, Grazer Straße 1, 8120 Peggau, Austria — admin@partsdesk.io. For any privacy matter, write to that address.

2What we process, and why

This website. The marketing site uses no tracking or analytics cookies. Our server keeps standard technical logs (e.g. IP address, request time) to operate the site securely — legal basis: our legitimate interest in a working, secure service (Art. 6(1)(f) GDPR).

When you contact us. If you email us — for example to request a demo — we process the details you send (such as your name, company and message) to respond and to take steps before a possible contract (Art. 6(1)(b) and (f) GDPR).

When you use the service. To run a customer’s back office we process their account and workspace data and the content of the emails and parts enquiries that pass through it — solely to provide the service under the contract with that customer (Art. 6(1)(b) GDPR). Customer data is isolated per workspace and is never sold or shared between customers.

3Processors and recipients

We use the following providers to deliver the service. Each acts as a processor under a data-processing agreement and only on our instructions:

  • Hetzner Online GmbHGermany · EU

    Hosting and object storage (the primary data store).

  • Postmark (Wildbit, LLC / ActiveCampaign)USA

    Sending and receiving the transactional email the service runs on.

  • Google LLCUSA

    Cloud Vision OCR — reading certificates and tags from uploaded documents.

  • Anthropic PBCUSA

    AI processing of email and RFQ content (parsing, drafting).

  • Clerk, Inc.USA

    Authentication and account management for the dashboard.

  • Functional Software, Inc. (Sentry)USA

    Error monitoring and operational stability.

4Transfers outside the EU

As the list above shows, some processing takes place in the United States (email, OCR, AI, authentication and monitoring). Where data is transferred to a third country, we rely on the European Commission’s Standard Contractual Clauses and/or the EU–US Data Privacy Framework where the recipient is certified, together with additional safeguards as appropriate. The primary data store itself remains in the EU.

5How long we keep it

We keep personal data only as long as needed for the purpose it was collected for, or as long as the law requires (for example, accounting and audit records are retained for the statutory period). When data is no longer needed and no legal obligation requires us to keep it, we erase or anonymise it.

6Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing. You can exercise any of these by writing to admin@partsdesk.io.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), dsb.gv.at, if you believe your data is processed unlawfully.

7Changes to this policy

We may update this policy as the service evolves. The current version always lives at this address, with the date of the latest revision shown at the top.