Privacy Policy

Version of 21 May 2026

1. Who we are and our two roles

Renner & Schneider GbR (trading as “werila”), Donauwörther Straße 49, 86663 Asbach-Bäumenheim, Germany. Partners authorised to represent the company: Daniel Renner, Tim Schneider. Contact: [email protected]. Wilow is a product of werila.

This policy distinguishes two situations, because our legal role differs:

We have not appointed a Data Protection Officer; we are not legally required to do so under § 38 BDSG. For any data-protection enquiry, contact [email protected].

2. Your right to complain

You have the right to lodge a complaint with a data-protection supervisory authority, in particular in the EU Member State of your residence or workplace. The authority competent for werila is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany.

3. Data we process as controller

4. Purposes and legal bases

Where any processing is based on your consent, you may withdraw that consent at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal.

5. Sub-processors

To deliver the service we use the following sub-processors (recipients within the meaning of Art. 13 (1) (e) GDPR):

Transfers to recipients in the USA are safeguarded by the EU Standard Contractual Clauses pursuant to Art. 46 (2) (c) GDPR (Implementing Decision (EU) 2021/914), supplemented by a Transfer Impact Assessment. A copy of the safeguards is available on request. We have contractually ensured that data sent to AI providers is not used to train their models.

6. International data transfers

Some sub-processors listed above are based in the USA. We rely on the EU Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework, together with additional technical and organisational measures, as the safeguard for these transfers.

7. Access logs

For security and troubleshooting, our servers record technical log data for each request, including the IP address, the requested path, the time, the HTTP status, the response time and the browser user-agent. These logs are stored for a maximum of 30 days and are then automatically deleted. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in a secure, functioning service). Because these logs serve a security purpose, individual entries may persist for the remainder of the 30-day window even after an associated account is deleted.

8. Data retention

Customer account and conversation data is retained for the duration of the active subscription. A customer can configure a shorter automatic deletion window for conversation data. After an account is deleted, the associated data is removed from our live systems; encrypted off-site backups are rotated out within a further 90 days, and access logs follow the 30-day window in Section 7. Billing records are kept for as long as statutory commercial and tax retention periods require.

9. Your rights

Under the GDPR you have the right to information / access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and to object to processing (Art. 21). Where processing rests on consent, you may withdraw it at any time (Art. 7 (3)). To exercise any of these rights, or to complain, contact [email protected]. See also Section 2.

10. Chat-widget visitor data (werila as processor)

When you use a Wilow chat widget on a company's website, that company is the controller of your data and its own privacy policy is the binding notice. On its behalf we process: the messages you send, an anonymous random visitor ID, the page URL where the widget runs, your browser user-agent, your IP address, the referrer, any images you choose to upload, and — if you provide them in the conversation — contact details such as name, email or phone (a “lead”). This data is used solely to operate the chat service for that company and is processed by the sub-processors in Section 5. To exercise data-subject rights regarding this data, you can contact either that website's operator or us at [email protected]; we will act on the controller's instructions.

11. Automated processing & AI

Wilow is an AI chatbot. Replies are generated by automated large-language-model systems and may be incomplete or incorrect. This processing does not produce any decision with legal effect or similarly significant effect concerning you within the meaning of Art. 22 GDPR.

12. Cookies and local storage

Wilow sets no tracking cookies and loads no third-party trackers or analytics. The chat widget stores a small number of entries in your browser's local/session storage, all strictly necessary for the widget's own operation: a random visitor ID and conversation state (for conversation continuity), a language preference, an expanded/closed UI state, and a first-visit flag plus a counter used to limit how often the widget proactively opens. None of these are shared with third parties or used to track you across other websites.

13. Contact

Renner & Schneider GbR (werila)
[email protected] · see also our Imprint.