The winkk GmbH operates this website (https://www.winkk.ai). This page informs you about our privacy policy regarding the collection, use, and sharing of personal data that we receive from the users of the website and web application.
Valid since April 9, 2025
This website is managed by Framer (https://framer.com/). For hosting, the infrastructure provided by Framer uses Amazon Web Services (AWS) with CloudFront. You can find more information about hosting with Framer here. You can find more information about data protection at Framer here.
Emails sent to us
If you contact us by email, your message and the associated data will be stored. The information will be used to process your request and for follow-up emails. This information will not be shared without your explicit consent.
Newsletter
When you subscribe to our newsletter, your email address will be managed and stored by Pipedrive (a third party) in accordance with their privacy policy and terms of service. If you wish to unsubscribe from our newsletter, you can do so using the "Unsubscribe" button at the end of each email or by contacting us directly at: support@winkk.ai
Your rights to data protection
You have the right to disclosure, correction, deletion, restriction, transfer, revocation, and objection. If you believe that our use of your data violates the General Data Protection Regulation (GDPR) or that your data is being otherwise mishandled, please contact us. You can do this directly through our own contact information (support@winkk.ai) or by reaching out to the relevant data protection authority.
Web application
This privacy policy applies to the web application "winkk AI" (next.winkk.ai).
The processing of personal data in the context of using the web application is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and in compliance with the Austrian legal provisions (DSG, TKG 2021). The storage of the actual application is conducted in Europe at Microsoft Azure (https://privacy.microsoft.com/de-de/privacystatement). The following services are used:
Azure App Service
Azure SQL Database
Azure Search
Azure Storage Account
Azure Service Bus
Azure Container Instances
Azure OpenAI
Personal data such as: first name, last name, email, and information about the company are persisted in the database.
6.1.1. Security & Privacy of Azure OpenAI
Your prompts (inputs) and the resulting responses (outputs), your documents, web pages, and text blocks:
are NOT available to other customers.
are NOT available to OpenAI.
are NOT used to improve OpenAI models.
are NOT used to improve Microsoft or third-party products or services.
are NOT used for the automatic improvement of Azure OpenAI models for your use in your resource (the models are stateless unless you undertake explicit fine-tuning of the models with your training data).
Your fine-tuned Azure OpenAI models are solely available for your use.
https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy
6.2.1. General
When you visit our app, we store access data in so-called log files. The following data is recorded from you:
Log data is stored temporarily and deleted after 90 days at Sentry (see point 2. Analysis).
IP address
Device recognition
Date and time of access
Browser types and versions
the operating system used by the accessing system
The website from which an accessing system accesses our web application (via link)
Subpages accessed via an accessing system on our web application
Internet service provider of the accessing system
System data of the app will be stored until revoked. A request for deletion can be made directly in the settings of the web application or via support@winkk.ai. This will be processed within 30 days. This system data concerns:
Account (when created, unique user ID)
Provided documents, web pages, and text modules
Chat history
6.2.2. Purpose of Data Processing
The information is needed to process the content correctly in our web application, to design it technically correctly, to optimize the content of our website, and to ensure functionality.
Furthermore, in the event of a cyber attack, the information will be made available to law enforcement agencies. No further transfer to third parties or transmission to non-EU countries will take place.
This data and information is evaluated by winkk GmbH statistically and also with the aim of increasing data protection and data security of the web application, ultimately ensuring an optimal level of protection for the personal data we process. In addition, this data is evaluated to further improve the application's offerings and make it more user-friendly, to find and fix errors faster, and to manage server capacities.
The data from the server log files is stored separately from all personal data provided by the affected person.
6.2.3. Retention Period and Deletion
A request for deletion can be made directly in the settings of the web application or via support@winkk.ai.
6.3.1. Sentry
Sentry is used for the analysis of errors and performance monitoring of backend and web applications https://sentry.io/privacy/. Here, the on-premise version is run on the servers in the data processing section and is stored. To track errors, a user's email is stored. This data is used solely for error analysis and performance monitoring. This data will be deleted after a maximum of 90 days.
6.3.2. Posthog
To provide our users with as error-free an experience as possible, we use Posthog (in Europe) for analyzing new features. https://posthog.com/handbook/company/security. Posthog does not collect data from end users of the application.
6.4.1. General
winkk GmbH has implemented numerous technical and organizational measures as the data controller to provide the most comprehensive protection of personal data processed through this app. winkk GmbH takes appropriate technical and organizational measures in accordance with the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of risk to the rights and freedoms of natural persons, as defined in Art 32 GDPR. The following measures are taken, among others, to protect your data and secure it against loss, destruction, access, alteration, and dissemination by unauthorized persons: Pseudonymization and encryption of personal data; Ensuring the confidentiality, integrity, availability, and resilience of systems and services in connection with processing; Ensuring a rapid restoration of the availability of personal data in the event of a physical or technical incident; Implementing procedures for regular review, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing. Please also note to treat your access data to the winkk AI web application as confidential at all times and to protect your device against unauthorized access.
6.4.2. Google reCAPTCHA
Google reCAPTCHA is a security technology developed by Google to protect websites from spam and abuse. It serves as a method to distinguish between human users and automated bots that attempt to access a website or submit information. A cookie "_GRECAPTCHA" is set, which is used for the risk assessment of users who want to log in/register, to prevent abuse/protect against unauthorized access.