Privacy Policy

1. Controller

The controller responsible for processing your personal data is:

webSENZ GmbH · Schwäbisch Gmünd, Germany · [email protected]

2. Data We Collect

We collect the following personal data when you use our service:

Account data

Your email address and a hashed password, collected when you create an account.

Project information

Notes and details you share during the AI onboarding chat and in conversations with our team.

Chat messages

Messages exchanged between you and our team in the project live chat.

Usage data

IP address, browser type, pages visited, and timestamps stored in server logs.

Cookies

Session authentication, language preference, and display mode. See section 6 for details.

3. How We Use Your Data

We process your personal data for the following purposes:

Account management

Creating and maintaining your account and project.

Service delivery

Building, hosting, and maintaining your website as agreed.

Communication

Sending project updates, temporary passwords, and responding to your requests.

AI-assisted onboarding

Understanding your project requirements through our AI assistant.

Security

Detecting and preventing misuse of our service.

4. Legal Basis

We process your data under the following legal bases (GDPR Art. 6):

Contract · Art. 6(1)(b)

Processing your account and project data is necessary to provide our services.

Consent · Art. 6(1)(a)

Language and display preference cookies are set through your use of those features.

Legitimate interest · Art. 6(1)(f)

Server logs are kept for security and troubleshooting. This interest does not override your fundamental rights.

5. Third-Party Services

We use the following sub-processors that may handle your data:

Resend

We use Resend to deliver transactional emails (account creation, project updates). Your email address is passed to Resend solely for delivery.

Infrastructure

Our servers, databases, and AI processing run on our own infrastructure within the European Union. No conversation data is sent to third-party AI providers.

6. Cookies

We use three first-party cookies. No third-party tracking or advertising cookies are set.

ws-auth

httpOnly session cookie used for authentication. Required to use the service. Valid for 30 days or until logout.

LOCALE

Stores your preferred language (en or de). Set on first visit or when you change language. Valid for 1 year.

ws-dark

Stores your display preference (light or dark mode). Set when you toggle the theme. Valid for 1 year.

7. Data Retention

We retain your data only as long as necessary:

• Account and project data: retained while your account is active and for 2 years after closure, unless statutory obligations require longer retention.
• Chat messages: retained for the duration of the project plus 1 year.
• Server logs: automatically deleted after 30 days.

8. Your Rights

Under GDPR, you have the following rights. To exercise them, write to [email protected] — we will respond within 30 days.

Access · Art. 15

Request a copy of the personal data we hold about you.

Rectification · Art. 16

Have inaccurate or incomplete data corrected.

Erasure · Art. 17

Request deletion of your data ('right to be forgotten').

Restriction · Art. 18

Limit how we process your data in certain circumstances.

Portability · Art. 20

Receive your data in a structured, machine-readable format.

Objection · Art. 21

Object to processing based on our legitimate interests.

9. Supervisory Authority

If you believe we have not handled your data lawfully, you may lodge a complaint with the relevant supervisory authority:

Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg · Königstraße 10a, 70173 Stuttgart · [email protected]

10. Updates to This Policy

We may update this policy to reflect changes to our services or applicable law. The date at the top shows when it was last revised. For material changes we will notify you by email.