Privacy policy
This privacy policy explains what personal data we collect, why we collect it, and what rights you have. It applies to the Waffle AI license server and the marketing pages served from this domain.
1. Data controller
The controller responsible for the processing of personal data on this website is:
Zehntech Solutionsimpressum@zehntech.com
2. Personal data we collect
When you interact with this website we may collect the following categories of personal data:
- Your email address — collected at sign-up and used to deliver your license, billing confirmations, and renewal reminders.
- Your IP address — recorded in server access logs for security, abuse-prevention, and rate-limiting purposes.
- A session cookie set after sign-in to keep you logged into your customer portal.
- A `waffle_lang` cookie storing your preferred display language (`en` or `de`). No identifying information.
3. Legal basis
Processing of your data takes place on the basis of Art. 6(1)(b) DSGVO (performance of a contract to which you are a party) and, where applicable, Art. 6(1)(f) DSGVO (legitimate interest in operating and securing the service).
4. Data processors
We rely on the following sub-processors:
- Stripe Payments Europe Limited (Ireland) — billing, payment processing, and customer-portal management.
- Zehntech-operated SMTP relay (Germany) — transactional email delivery (welcome, magic-link, renewal reminders).
- Amazon Web Services EMEA SARL — AWS Frankfurt (eu-central-1) hosting for the database, application server, and downloadable plugin assets.
5. Retention
Customer and license records are retained for the duration of your subscription and for an additional 36 months thereafter for tax, accounting, and legal record-keeping. Access logs are retained for 30 days. Marketing-page visit information (rate-limit token buckets) is retained for at most 24 hours.
6. Your rights under the GDPR
Under the GDPR you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — request that we correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your personal data, subject to legal retention obligations.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to lodge a complaint with a supervisory authority — typically the data-protection authority in your country of residence.
7. How to exercise your rights
To exercise any of these rights, contact the data controller at: