Privacy policy
The winkk GmbH operates this website (https://www.winkk.ai). This page informs you about our privacy policy regarding the collection, use, and sharing of personal data that we receive from the users of the website and web application.
Valid from November 15, 2023 to April 9, 2025
This website is hosted by https://pages.cloudflare.com/ Cloudflare Pages operates in accordance with the General Data Protection Regulation (GDPR).
Cloudflare processes interactions with our internet services. This information is processed when end users access or use our domains and website. The processed information includes, among other things, IP addresses, data related to the forwarding of internet accesses, information about system configuration, and other information about traffic to and from our website.
For more information, see https://www.cloudflare.com/gdpr/introduction/ and https://www.cloudflare.com/privacypolicy/.
Although we do not use cookies on our website, Cloudflare may place cookies on visitors' computers for bot detection (such as "_cf_bm") and the redirection of internet traffic (Load Balancing) (_cflb). This is done to identify malicious visitors, support the filtering of web traffic, and reduce the likelihood of legitimate users being blocked. Learn more about these cookies here. It is not possible to disable these cookies.
If you contact us by email, your message and the associated data will be stored. The information will be used to process your request and for follow-up emails. This information will not be shared without your explicit consent.
If you subscribe to our newsletter, your email address will be managed and stored by Loops (a third party), by Astrodon Inc., in accordance with their Privacy Policy and Terms of Service. If you would like to unsubscribe from our newsletter, you can do so using the "Unsubscribe" button at the end of each email or contact us directly at: support@winkk.ai
You have the right to disclosure, correction, deletion, restriction, transfer, revocation, and objection. If you believe that our use of your data violates the General Data Protection Regulation (GDPR) or that your data is otherwise being processed incorrectly, please contact us. You can do this directly through our own contact information (support@winkk.ai) or by contacting the relevant data protection authority.
This privacy policy applies to the web application "winkk AI" (chat.winkk.ai).
The processing of personal data in the context of using the web application is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR) and in compliance with the Austrian legal regulations (DSG, TKG 2021). The storage of the actual application is conducted in Europe at Microsoft Azure (https://privacy.microsoft.com/de-de/privacystatement). The following services are used:
Azure App Service
Azure SQL Database
Azure Search
Azure Storage Account
Azure Service Bus
Azure Container Instances
Azure OpenAI
Personal data such as: first name, last name, email, and information about the company are stored in the database.
6.1.1. Security & Privacy of Azure OpenAI
Your prompts (inputs) and the resulting responses (outputs), your documents, web pages, and text blocks:
are NOT available to other customers.
are NOT available to OpenAI.
are NOT used to improve OpenAI models.
are NOT used to improve Microsoft or third-party products or services.
are NOT used for the automatic improvement of Azure OpenAI models for your use in your resource (the models are stateless unless you perform an explicit fine-tuning of the models with your training data).
Your fine-tuned Azure OpenAI models are only available for your use.
https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy
6.2.1. General
When you visit our app, we store the access data in so-called log files. The following data is collected from you:
Log data is stored temporarily and deleted after 90 days at Sentry (see point 2. Analysis).
IP address
Device detection
Date and time of access
Browser types and versions
The operating system used by the accessing system
Website from which an accessing system reaches our web application (via link)
Subpages that are accessed via an accessing system on our web application
Internet service provider of the accessing system
System data of the app is stored until further notice. A request for deletion can be made directly in the settings of the web application or via support@winkk.ai. This will be processed within 30 days. This system data concerns:
Account (when created, unique user ID)
Provided documents, web pages, and text modules
Chat history
6.2.2. Purpose of Data Processing
The information is needed to correctly process the content in our web application, to design it technically correctly, to optimize the content of our website, and to ensure functionality.
Furthermore, in the event of a cyberattack, the information will be made available to law enforcement authorities. There will be no further transfer to third parties or transmission to non-EU countries.
This data and information will be evaluated by winkk GmbH statistically and additionally with the aim of increasing the data protection and data security of the web application to ultimately ensure an optimal level of protection for the personal data we process. Furthermore, this data is evaluated in order to improve the application offering and make it more user-friendly, to find and resolve errors faster, and to manage server capacities.
The data from the server log files is stored separately from all personal data provided by an affected person.
6.2.3. Storage Duration and Deletion
A request for deletion can be made directly in the settings of the web application or via support@winkk.ai.
6.3.1. Sentry
Sentry is used to analyze errors and verify the performance of backend and web applications https://sentry.io/privacy/. Here, the on-premise version runs on the servers in the data processing section and is also stored. To track errors, the email of a user is stored. This data is used solely for error analysis and performance verification. This data will be removed after a maximum of 90 days.
6.3.2. Posthog
To provide as error-free an experience as possible for our users, we use Posthog (in Europe) for analyzing new features. https://posthog.com/handbook/company/security. Posthog does not collect data from end users of the application.
6.4.1. General
winkk GmbH, as the data controller, has implemented numerous technical and organisational measures to ensure as comprehensive a protection as possible of the personal data processed through this app. winkk GmbH takes appropriate technical and organisational measures in accordance with Article 32 of the GDPR, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of the risks to the rights and freedoms of natural persons. The following measures are taken, among others, to protect your data and secure it against loss, destruction, access, alteration, and dissemination by unauthorised persons: Pseudonymisation and encryption of personal data; Ensuring confidentiality, integrity, availability, and resilience of the systems and services related to processing; Ensuring the rapid restoration of the availability of personal data in the event of a physical or technical incident; Implementation of procedures for regular review, assessment, and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. Please also remember to treat your login credentials for the winkk AI web application confidentially and to protect your device against unauthorised access.
6.4.2. Google reCAPTCHA
Google reCAPTCHA is a security technology developed by Google to protect websites from spam and abuse. It serves as a method to distinguish between human users and automated bots that attempt to access a website or submit information. A cookie “_GRECAPTCHA” is set, which is used for the risk assessment of users wishing to log in/register, to prevent abuse/protect against unauthorised access.
