Last Updated: August 1, 2025
1. Controller
weblens GmbH
Birkenstraße 23
40233 Düsseldorf
Germany
Email: [email protected]
2. Scope
This Privacy Policy applies to:
Visitors of our website Let your customers find the products they want – AI Product Advisors by weblens
Users of our SaaS platform (dashboard, configuration, analytics)
The processing of personal data when integrating our interactive, AI‑powered dialogue solution on our customers’ websites
3. Data Processing on Our Website
3.1 Server Logs
When you access our website, the following data is automatically processed:
IP address
Date and time of access
Browser type and version
Operating system
Referrer URL
Purpose: Website operation, IT security, abuse prevention
Legal basis: Art. 6(1)(f) GDPR (legitimate interests)
Storage period: Maximum 14 days, then deletion
3.2 Cookies
We use strictly necessary cookies to enable essential functions of our website.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests).
If we use analytics or marketing cookies, this will only be done based on your consent.
Legal basis: Art. 6(1)(a) GDPR (consent).
3.3 Contact
When contacting us via form or email, we process:
Name
Email address
Content of your inquiry
Purpose: Handling your request
Legal basis: Art. 6(1)(b) GDPR (pre‑contractual steps) or Art. 6(1)(f) GDPR (legitimate interests)
Storage period: Retained until your request has been fully processed
4. Data Processing in the SaaS Platform
4.1 Account Creation & Login
When creating a user account, we process personal data such as:
Name
Email address
Login / authentication data (via Clerk Inc.)
Purpose: Authentication and providing access to the SaaS platform
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
4.2 Use of Dashboard & Analytics
We process:
Configuration data of the dialogue solution
Usage statistics (e.g., number of interactions)
Log data (shortened IP addresses, timestamps)
Purpose: Operation, optimisation, and security of the services
Legal basis: Art. 6(1)(b) GDPR (performance of a contract)
4.3 Sub‑processors Used
We use the following sub‑processors to provide our services:
OpenAI Ireland Ltd. (Ireland/USA) – Processing of inputs for AI‑generated responses
Cloudflare Inc. (USA) – CDN, security, hosting
Neon Inc. (USA) – Database hosting
Clerk Inc. (USA) – Authentication & user management
Sentry Inc. (USA) – Logging & monitoring
Further details (including protective measures) are set out in our Data Processing Agreement (DPA).
4.4 Storage Period
Personal data is deleted once the purpose of processing no longer applies, unless legal retention obligations require otherwise.
5. Data Processing When Embedded on Customer Websites
When our dialogue solution is embedded on a customer’s website, we process:
End‑user inputs
Interaction histories
Potentially IP address and browser information
Purpose: Provision of dialogue and advisory functionality
Legal basis: Art. 6(1)(b) GDPR (performance of contract with the customer)
Note: Processing is carried out on behalf of the customer in accordance with our DPA.
Customers are responsible for informing their website visitors about the integration in their own privacy policies.
6. Rights of Data Subjects
Data subjects have the following rights:
Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Requests should be sent to: [email protected]
7. Security
We implement technical and organisational measures (TOMs) pursuant to Art. 32 GDPR to protect personal data.
8. Changes
We reserve the right to update this Privacy Policy if the legal situation, our services, or the nature of our data processing changes.