Privacy policy
The winkk GmbH operates this website (https://www.winkk.ai). This page informs you about our privacy policy regarding the collection, use, and sharing of personal data that we receive from the users of the website and web application.
Valid from 15th of November 2023 to 9th of April 2025
This website is hosted by https://pages.cloudflare.com/ Cloudflare Pages operates in accordance with the General Data Protection Regulation (GDPR).
Cloudflare processes interactions with our internet services. This information is processed when end users access or use our domains and website. The processed information includes, among other things, IP addresses, data related to the forwarding of internet accesses, information about system configuration, and other information about traffic to and from our website.
For more information, see https://www.cloudflare.com/gdpr/introduction/ and https://www.cloudflare.com/privacypolicy/.
Although we do not use cookies on our website, Cloudflare may place cookies on visitors' computers for bot detection (such as "_cf_bm") and the redirection of internet traffic (Load Balancing) (_cflb). This is done to identify malicious visitors, support the filtering of web traffic, and reduce the likelihood of legitimate users being blocked. Learn more about these cookies here. It is not possible to disable these cookies.
If you contact us by email, your message and the associated data will be stored. The information will be used to process your request and for follow-up emails. This information will not be shared without your explicit consent.
If you subscribe to our newsletter, your email address will be managed and stored by Loops (a third party), by Astrodon Inc., in accordance with their Privacy Policy and Terms of Service. If you would like to unsubscribe from our newsletter, you can do so using the "Unsubscribe" button at the end of each email or contact us directly at: support@winkk.ai
You have the right to disclosure, correction, deletion, restriction, transfer, revocation, and objection. If you believe that our use of your data violates the General Data Protection Regulation (GDPR) or that your data is otherwise being processed incorrectly, please contact us. You can do this directly through our own contact information (support@winkk.ai) or by contacting the relevant data protection authority.
This privacy policy applies to the web application "winkk AI" (chat.winkk.ai).
The processing of personal data in the context of using the web application takes place in accordance with the provisions of the General Data Protection Regulation (GDPR) and in compliance with Austrian legal provisions (DSG, TKG 2021). The storage of the actual application is carried out in Europe at Microsoft Azure ( https://privacy.microsoft.com/de-de/privacystatement). The following services are used:
Azure App Service
Azure SQL Database
Azure Search
Azure Storage Account
Azure Service Bus
Azure Container Instances
Azure OpenAI
Personal data such as first name, last name, email, and company information are stored in the database.
6.1.1. Security & Privacy of Azure OpenAI
Your prompts (inputs) and the resulting responses (outputs), your documents, web pages, and text blocks:
are NOT available to other customers.
are NOT available to OpenAI.
are NOT used to improve OpenAI models.
are NOT used to improve products or services from Microsoft or third parties.
are NOT used for the automatic improvement of Azure OpenAI models for your use in your resource (the models are stateless unless you perform explicit fine-tuning of the models with your training data).
Your fine-tuned Azure OpenAI models are exclusively available for your use.
https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy
6.2.1. General
When you visit our app, we store the access data in so-called logfiles. The following data is collected from you:
Log data is stored temporarily and deleted after 90 days at Sentry (see item 2. Analysis).
IP address
Device identification
Date and time of access
Browser types and versions
The operating system used by the accessing system
The website from which an accessing system reaches our web application (in the case of a link)
Subpages that are accessed through an accessing system on our web application
Internet service provider of the accessing system
App system data is stored until revoked. A request for deletion can be made directly in the settings of the web application or via support@winkk.ai. This will be processed within 30 days. This system data concerns:
Account (When created, unique user ID)
Provided documents, websites, and text modules
Chat history
6.2.2. Purpose of Data Processing
The information is needed to process the content in our web application correctly, to technically design it correctly, to optimise the content of our website, and to ensure functionality.
Furthermore, the information will be made available to law enforcement authorities in the event of a cyber attack. There will be no further disclosure to third parties or transmission to non-EU countries.
This data and information will be evaluated by winkk GmbH both statistically and with the aim of increasing the data protection and data security of the web application, ultimately ensuring an optimal level of protection for the personal data we process. In addition, this data is evaluated to further improve the application's offerings and make them more user-friendly, to find and fix errors more quickly, and to manage server capacities.
The data from the server logfiles is stored separately from all personal data provided by an affected person.
6.2.3. Duration of Storage and Deletion
A request for deletion can be made directly in the settings of the web application or via support@winkk.ai.
6.3.1. Sentry
Sentry is used to analyze errors and verify the performance of backend and web applications https://sentry.io/privacy/. Here, the on-premise version runs on the servers in the data processing section and is also stored. To track errors, the email of a user is stored. This data is used solely for error analysis and performance verification. This data will be removed after a maximum of 90 days.
6.3.2. Posthog
To provide as error-free an experience as possible for our users, we use Posthog (in Europe) for analyzing new features. https://posthog.com/handbook/company/security. Posthog does not collect data from end users of the application.
6.4.1. General
winkk GmbH, as the data controller, has implemented numerous technical and organisational measures to ensure as comprehensive a protection as possible of the personal data processed through this app. winkk GmbH takes appropriate technical and organisational measures in accordance with Article 32 of the GDPR, considering the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the likelihood and severity of the risks to the rights and freedoms of natural persons. The following measures are taken, among others, to protect your data and secure it against loss, destruction, access, alteration, and dissemination by unauthorised persons: Pseudonymisation and encryption of personal data; Ensuring confidentiality, integrity, availability, and resilience of the systems and services related to processing; Ensuring the rapid restoration of the availability of personal data in the event of a physical or technical incident; Implementation of procedures for regular review, assessment, and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing. Please also remember to treat your login credentials for the winkk AI web application confidentially and to protect your device against unauthorised access.
6.4.2. Google reCAPTCHA
Google reCAPTCHA is a security technology developed by Google to protect websites from spam and abuse. It serves as a method to distinguish between human users and automated bots that attempt to access a website or submit information. A cookie “_GRECAPTCHA” is set, which is used for the risk assessment of users wishing to log in/register, to prevent abuse/protect against unauthorised access.
