Privacy policy
Last updated · June 2026
At a glance
PartsDesk is the back office for an aviation-parts broker — so it processes business data on the broker’s behalf. This policy explains what we process, why, who processes it with us, and the rights you have. The primary data store is hosted in the EU (Germany); some processing is carried out by carefully chosen providers outside the EU, listed in full below.
1Controller
The controller responsible for data processing is David Jöbstl, Grazer Straße 1, 8120 Peggau, Austria — admin@partsdesk.io. For any privacy matter, write to that address.
2What we process, and why
This website. The marketing site uses no tracking or analytics cookies. Our server keeps standard technical logs (e.g. IP address, request time) to operate the site securely — legal basis: our legitimate interest in a working, secure service (Art. 6(1)(f) GDPR).
When you contact us. If you email us — for example to request a demo — we process the details you send (such as your name, company and message) to respond and to take steps before a possible contract (Art. 6(1)(b) and (f) GDPR).
When you use the service. To run a customer’s back office we process their account and workspace data and the content of the emails and parts enquiries that pass through it — solely to provide the service under the contract with that customer (Art. 6(1)(b) GDPR). Customer data is isolated per workspace and is never sold or shared between customers.
3Processors and recipients
We use the following providers to deliver the service. Each acts as a processor under a data-processing agreement and only on our instructions:
- Hetzner Online GmbHGermany · EU
Hosting and object storage (the primary data store).
- Postmark (Wildbit, LLC / ActiveCampaign)USA
Sending and receiving the transactional email the service runs on.
- Google LLCUSA
Cloud Vision OCR — reading certificates and tags from uploaded documents.
- Anthropic PBCUSA
AI processing of email and RFQ content (parsing, drafting).
- Clerk, Inc.USA
Authentication and account management for the dashboard.
- Functional Software, Inc. (Sentry)USA
Error monitoring and operational stability.
4Transfers outside the EU
As the list above shows, some processing takes place in the United States (email, OCR, AI, authentication and monitoring). Where data is transferred to a third country, we rely on the European Commission’s Standard Contractual Clauses and/or the EU–US Data Privacy Framework where the recipient is certified, together with additional safeguards as appropriate. The primary data store itself remains in the EU.
5How long we keep it
We keep personal data only as long as needed for the purpose it was collected for, or as long as the law requires (for example, accounting and audit records are retained for the statutory period). When data is no longer needed and no legal obligation requires us to keep it, we erase or anonymise it.
6Your rights
Under the GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing. You can exercise any of these by writing to admin@partsdesk.io.
You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), dsb.gv.at, if you believe your data is processed unlawfully.
7Changes to this policy
We may update this policy as the service evolves. The current version always lives at this address, with the date of the latest revision shown at the top.