WebChatAgent LogoWebChatAgent_
FeaturesHow It WorksApplicationsFAQBlog
Sign inSign up

Privacy Policy

Last updated: 18.04.2025

1. Data Controller

Dominik Weber
Jöllenbecker Str. 143
33613 Bielefeld, Germany
Email: [email protected]
Phone: +49 521 44812504 (No support, please write us an email)
Legal Notice

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

2. Your Rights as a Data Subject

Within the scope of the applicable legal provisions (like GDPR, if applicable), you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to correction, blocking, or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint/legal notice.

Depending on your jurisdiction (e.g., under GDPR), your rights may include:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure ('right to be forgotten') (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

3. Data Collection on Our Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address (possibly anonymized)

This data is not merged with other data sources. The basis for data processing is Art. 6(1)(f) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures, or our legitimate interest in the technically error-free presentation and optimization of our website.

Registration and Login

You can register on our website to use additional features. We use the data entered for this purpose only for the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, such as the scope of the offer or technically necessary changes, we use the email address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6(1)(a) GDPR) or for the fulfillment of a contract or the implementation of pre-contractual measures (Art. 6(1)(b) GDPR). You can revoke your consent at any time. An informal message by email to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

Login with Google (Google OAuth)

We offer you the option to log in using your Google account. The provider of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

If you choose to log in with Google, you will be redirected to the Google login page. There you can log in with your Google user data. This links your Google profile with our website or our services. Through this link, we gain access to certain data stored with Google. These usually are:

  • Your name
  • Your email address
  • Your Google ID
  • Your profile picture (optional)

We use this data to set up, provide, and personalize your account.

The use of Google OAuth is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by removing the link in your Google account or deleting your user account with us.

Data transfer to the USA: Google also processes data in the USA. We point out that the USA is not considered a safe third country in terms of EU data protection law. US companies may be obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be excluded that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.

Further information can be found in Google's privacy policy: https://policies.google.com/privacy

Use of Large Language Models (LLMs) - e.g., Google Gemini / OpenAI

Our platform uses Large Language Models (LLMs) from third-party providers such as Google (Gemini) and/or OpenAI to generate chatbot responses and process your data (e.g., for indexing).

When you interact with our chatbot, the following data may be transmitted to the respective LLM providers (OpenAI, Google Gemini, or other configured AI models):

  • The requests (prompts) you submit.
  • Relevant text passages (context) retrieved from your data sources (websites, files) required to answer the request.
  • Possibly the previous conversation history (chat history) to ensure coherent responses.

IMPORTANT:

  • We do not transmit directly identifying information such as your name or email address as part of the LLM requests, unless they are explicitly part of your request or the submitted data sources.
  • Information retrieved from your data sources is pseudonymized before transmission to LLM providers by removing personally identifiable information where possible. However, contextual information may still be present in the data that could indirectly allow inferences to be made. Complete anonymization would restrict the functionality of the chatbots.
  • When using business API endpoints (OpenAI, Google Gemini), we have configured our API usage to request that your data not be used for training their models. However, we recommend reviewing the most current privacy policies of these providers for the latest information on their data handling practices.

Purpose of processing: The transmission of this data is technically necessary to enable the core functionality of our service – generating intelligent chatbot responses based on your data.

Legal basis: Processing is based on Art. 6(1)(b) GDPR (performance of a contract) or Art. 6(1)(f) GDPR (our legitimate interest in providing an AI-powered chatbot platform).

Data transfer to third countries: As with Google Login, the providers of the LLMs (Google, OpenAI) may process data in the USA or other third countries outside the EU/EEA. We point out the associated risks regarding the level of data protection and possible access by authorities. Where applicable, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards for the transfer of personal data.

Further information can be found in the providers' privacy policies:

Cookies

Our website uses cookies in some cases. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure.

We primarily use "session cookies", which are automatically deleted after your visit, as well as technically necessary cookies for login information.

We use only technically necessary cookies for our service to function. These essential cookies do not require explicit consent under GDPR as they are necessary for the provision of our service (Art. 6(1)(b) GDPR). We do not use tracking, marketing, or analytics cookies without your explicit consent.

Facebook Pixel and Social Media Plugins

Our website uses the "Facebook Pixel" of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This allows us to track user behavior after they have been redirected to our website by clicking on a Facebook advertisement. This enables us to measure the effectiveness of Facebook advertisements for statistical and market research purposes.

The data collected in this way is anonymous to us, i.e., we do not see the personal data of individual users. However, this data is stored and processed by Facebook. Facebook may link this data to your Facebook account and also use it for its own advertising purposes in accordance with Facebook's Data Policy. This processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time with effect for the future.

For more information on how Facebook handles your data, please see Facebook's privacy policy: https://www.facebook.com/about/privacy/

Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a system that enables marketers to update measurement codes and related code fragments collectively known as "tags" on their websites. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected.

For more information about Google Tag Manager, please visit: https://marketingplatform.google.com/about/tag-manager/

Cloudflare DNS

We use the services of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, for DNS resolution and enhanced security protection. Cloudflare may process your IP address and other connection data when you visit our website. This processing is necessary to establish a connection to our website and is based on our legitimate interest in providing a secure and faster website (Art. 6(1)(f) GDPR).

For more information on how Cloudflare processes your data, please visit: https://www.cloudflare.com/privacypolicy/

Server Hosting

Our servers are physically located in Germany. All data processing operations that require server infrastructure are therefore conducted within Germany, providing an additional layer of data protection under German and European data protection laws. The hosting provider has implemented appropriate technical and organizational measures to ensure data security in accordance with GDPR requirements.

Newsletter

If you subscribe to our newsletter, you will receive regular information about our products, services, and special offers. To send the newsletter, we need your email address. We also collect information about your subscription time and confirmation of the double opt-in process.

The legal basis for the processing of your data for sending the newsletter is your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by clicking on the unsubscribe link in every newsletter or by contacting us via email.

We may use standard technologies in our newsletters to measure interactions with the newsletters (e.g., opening of the newsletter, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content. This is done with the help of small graphics embedded in the newsletters (pixels). The data is collected exclusively pseudonymized and is not linked with your other personal data.

We use the newsletter service provider "Mailchimp" from The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Mailchimp may process your data in the USA. By subscribing to our newsletter, you acknowledge this data transfer. For more information about Mailchimp's privacy practices, please visit: https://mailchimp.com/legal/privacy/

Model Control Panel (MCP)

Our service includes a Model Control Panel (MCP) that allows you to customize and control your chatbot's AI model settings. When you interact with the MCP, we process configuration data including:

  • Your selected AI model preferences
  • Custom instructions and prompts you create
  • Configuration parameters (temperature, max tokens, etc.)
  • Usage statistics related to your model configurations

This data is processed to provide you with the ability to customize your chatbot's behavior and is stored as part of your account data. The legal basis for this processing is the performance of our contract with you (Art. 6(1)(b) GDPR).

Processing of Customer Data (Data Sources)

We collect, process, and use personal data that you provide to us as data sources (e.g., by uploading files or linking websites) only insofar as they are necessary for the establishment, content design, or modification of the contractual relationship (inventory data). This is done on the basis of Art. 6(1)(b) GDPR.

Your data sources are treated confidentially by us and used only for the purpose of providing the chatbot service (indexing, retrieval for RAG).

4. Data Security

We implement technical and organizational security measures to protect your personal data against accidental or unlawful deletion, alteration, or loss, and against unauthorized disclosure or access. This includes SSL/TLS encryption for data transmission, secure password storage using modern hashing algorithms, regular security updates, and access controls to restrict data access to authorized personnel only.

5. Changes to this Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. Your renewed visit will then be subject to the new privacy policy.