Learn how Wysor collects, uses, and protects your personal information.
Last updated: September 20, 2025
Wysor UG (haftungsbeschränkt) ("Wysor", "we", "us", or "our") processes personal data in various situations. The legal basis for this processing derives from the General Data Protection Regulation (GDPR), the German Telecommunications and Digital Services Data Protection Act (TTDSG), and the German Federal Data Protection Act (BDSG).
This privacy policy informs you in accordance with Articles 12 to 14 GDPR about how we process your personal data when we act as controller pursuant to Article 4(7) GDPR. It explains in particular what data we collect, for what purposes we use it, and on what legal basis the processing takes place – specifically for the following data processing activities:
This privacy policy also contains information about categories of recipients of personal data (see Section 3), data transfers to third countries (see Section 4), duration of data processing (see Section 5), your rights as a data subject (see Section 6 and Section 7), obligations to provide personal data (see Section 8), and automated decision-making (see Section 9).
Wysor UG (haftungsbeschränkt)
Hamburger Str. 19
22083 Hamburg, Germany
Email: [email protected]
For privacy-related questions, you can contact our Data Protection Officer at [email protected].
Our platform operates as an AI agents ecosystem where users create, deploy, and interact with intelligent AI agents that process various types of data to provide business automation, customer service, data analysis, and other AI-powered services.
Your data stays in the EU. All personal data is processed and stored exclusively on servers located within the European Union. We use EU-based infrastructure providers and ensure that your data never leaves EU jurisdiction. This provides you with the highest level of data protection under GDPR.
When you visit our websites, various personal data are processed depending on the type and scope of use. Personal data are information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an online identifier.
For the purpose of technically providing the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information (the "access data") is automatically captured and stored in server log files each time our website is accessed. Access data may include:
The processing of access data is technically necessary for providing a functional website and for system security. Beyond the purposes mentioned above, we use server log files exclusively for demand-oriented design and optimization of our internet offering on a purely statistical basis without drawing conclusions about your person. We do not combine this data with other data sources, nor do we evaluate the data for marketing purposes, unless you otherwise consent to such use (see Section 2.2).
Where you visit our website to inform yourself about our AI agent services or to use them on a contractual basis, the legal basis for temporary storage of access data is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.
Additionally, Article 6(1)(f) GDPR serves as the legal basis for temporary processing of access data. Our legitimate interests consist in being able to provide you with a technically functioning and user-friendly website and ensure the security of our systems. You have the right to object to processing for legitimate interests (see Section 7).
Storage duration and deletion of your access data are governed by Section 5 of this privacy policy. Your IP address is stored for IT security purposes for a maximum of 7 days.
We use cookies and similar tracking technologies such as fingerprinting technologies on our websites. Depending on the purpose, tracking serves to make our offerings more user-friendly, effective and secure, as well as to personalize content and advertising. Through tracking, we can analyze how and which visitors use our websites, allowing us to design website content primarily according to individual needs.
a) Functional Tracking:
The legal basis for accessing your device, collecting information and further processing any personal data is Section 25(2)(2) TTDSG and Article 6(1)(f) or (b) GDPR. Essential tracking helps us make a website technically usable and secure by enabling basic functions such as page navigation, login data, wish lists or access to protected areas of the website. This includes storing your selections in consent management. Without this type of tracking, the website cannot function properly. It is therefore necessary to implement the functions you have chosen or to protect our legitimate interests in the functionality, security and efficiency of our website.
b) Tracking for Marketing, Personalization or Analytics:
For all other purposes mentioned, your voluntary consent is required; the legal basis is then Section 25(1) TTDSG and Article 6(1)(a) GDPR. You can give consent for all purposes collectively by selecting "Accept All". In consent management, you can also individually determine which purposes tracking may be used for by selecting individual categories. You can consent to tracking to display interest-based advertising and evaluate your user behavior (Marketing), automatically consider your browser preferences for future visits (Personalization), and/or track your interests in specific content to optimize our website and services (Analytics).
After giving consent, you can revoke it at any time with effect for the future through our cookie settings banner.
We provide contact forms on our website for easy and quick electronic contact with us. When you submit inquiries via contact forms, your inquiries including the contact data you provide will be stored and processed for handling and responding to your inquiry and for follow-up questions. This also applies to your IP address and the date and time of sending your message.
Where you contact us within the framework of an existing contractual relationship, for support requests, or to obtain information about our AI agent services, the data and information you provide will be processed for handling and responding to your contact inquiry on the basis of Article 6(1)(b) GDPR.
Otherwise, processing occurs to protect our legitimate interests under Article 6(1)(f) GDPR in providing a contact form as a B2B company and for proper handling of customer/contact inquiries.
You are neither obligated to contact us via the contact form nor to provide personal data. If you do not provide your personal data, we may not be able to process your inquiry.
Storage duration and deletion of your contact data are governed by Section 5 of this privacy policy.
In the context of our existing or future business relationships, we process personal data that is either collected directly from you or transmitted to us by your employer as our B2B customer. This particularly concerns employees of business partners or persons involved in contract fulfillment, especially customers who purchase our AI agent services.
The provision of certain personal data may be legally or contractually required or necessary for contract conclusion. If there is an obligation to provide such data, we will inform you separately. In this case, failure to provide data may result in the requested service not being provided.
We primarily process personal data that you provide to us within the business relationship or that we receive from business partners. The scope of processed data depends on your function within the respective organization and includes:
The processing of personal data serves the preparation, implementation and handling of contracts, particularly for our AI agent platform services including account management, agent configuration, data processing through agents, billing, and customer support. We also use the data to optimize our business processes and for general support of our business partners.
The processing occurs on the basis of Article 6(1)(b) GDPR for contract performance and Article 6(1)(f) GDPR for our legitimate interests in providing efficient AI agent services, ensuring platform security, and improving our services.
When you use our AI agent platform, we process personal data to provide the core functionality of creating, configuring, and operating AI agents. This includes:
Agent Configuration and Management:
AI Data Processing:
Platform Operations:
When you configure AI agents to process personal data (for example, customer service inquiries), you act as the controller for that data processing, and we act as your processor under Article 28 GDPR. We process such data only according to your documented instructions and under our data processing agreement.
For our own platform operations and service provision, we rely on Article 6(1)(b) GDPR for contract performance and Article 6(1)(f) GDPR for our legitimate interests in platform security, performance optimization, and service improvement.
For organizational customers, we provide additional enterprise controls and compliance features. This includes processing data for:
This processing occurs on the basis of Article 6(1)(b) GDPR for contract performance and Article 6(1)(f) GDPR for our legitimate interests in providing comprehensive enterprise services and ensuring regulatory compliance.
Where we have your consent under Article 6(1)(a) GDPR or rely on legitimate interests under Article 6(1)(f) GDPR for B2B marketing, we may process your contact information to:
You can withdraw consent or object to marketing communications at any time through the unsubscribe mechanisms provided or by contacting us directly.
Security Monitoring: We process IP addresses, session data, user interactions, and technical information based on legitimate interests (GDPR Article 6(1)(f)) to protect our website and users from security threats, including:
This includes automated collection of:
Error Monitoring: We use EU-based error tracking services for real-time monitoring and security analysis. Session replay data is retained for 30 days for security analysis, while error logs are kept for 90 days for pattern analysis and system improvement.
Legal Basis: Article 6(1)(f) GDPR - legitimate interests in maintaining platform security and protecting user data from unauthorized access or manipulation.
To provide our services and operate our business efficiently, we work with external service providers who may have access to personal data in varying degrees. There are two categories:
Data Processors under Article 28 GDPR who act exclusively on our behalf and according to our instructions:
Independent Controllers who determine their own processing purposes:
All processors are bound by strict data processing agreements under Article 28(3) GDPR. Independent controllers must meet appropriate privacy and security standards.
We do not transfer your personal data outside the European Union. All our core infrastructure, including hosting, analytics, and error monitoring, operates exclusively within EU jurisdiction:
This ensures your data benefits from the full protection of EU data protection laws without requiring additional transfer safeguards.
We process your personal data for as long as necessary to fulfill the purposes outlined in this policy, including:
Deleted data is permanently removed within 30 days unless legal retention requirements apply.
You can exercise the following rights at any time via our contact information in Section 1:
6.1 Right of Access (Article 15 GDPR): You have the right to confirmation of whether personal data concerning you are processed and, if so, access to this data and specified information.
6.2 Right to Rectification (Article 16 GDPR): You have the right to immediate rectification of inaccurate personal data and completion of incomplete data.
6.3 Right to Erasure (Article 17 GDPR): You have the right to immediate deletion of personal data where specific grounds apply.
6.4 Right to Restriction (Article 18 GDPR): You have the right to restriction of processing under specified conditions.
6.5 Right to Data Portability (Article 20 GDPR): You have the right to receive personal data in a structured, commonly used format and transmit it to another controller.
6.6 Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time with future effect.
6.7 Right to Complain: You have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, workplace, or place of alleged infringement.
7.1 You have the right under Article 21(1) GDPR to object to processing based on Article 6(1)(e) or (f) GDPR for reasons arising from your particular situation.
7.2 For direct marketing purposes, you have an absolute right to object under Article 21(2) GDPR at any time.
Generally, you are not obligated to provide personal data. However, without certain data, we cannot provide full website functionality or respond to your inquiries. Mandatory data fields are marked accordingly.
We do not employ automated decision-making within the meaning of Article 22(1), (4) GDPR.
Company Information:
Wysor UG (haftungsbeschränkt)
Hamburger Str. 19
22083 Hamburg, Germany
Effective Date: September 15, 2025
Last Updated: September 15, 2025
This privacy policy may be updated to reflect legal changes or service improvements. Material changes will be communicated with appropriate notice.