Privacy Policy

Genwolf

Last updated: January 2026

1. Introduction

This Privacy Policy explains how Genwolf ("we", "us", "our") collects, uses, and protects personal data in connection with the use of the Genwolf platform available at https://genwolf.ai (the "Service").

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Polish and EU laws.

2. Data Controller

The controller of personal data is:

Oskar Więckowicz, conducting business as Oskar Więckowicz Software Development, a sole proprietor registered in Poland, address: aleja Marcina Kromera 61/3, 51-163 Wrocław, Poland, VAT / Tax ID: PL8992924472, contact email: contact@genwolf.ai.

3. Scope of This Policy

This Policy applies to:

  • users of the Service
  • visitors of the website
  • persons whose data is processed within the Service by Users

4. Google Sign-In (OAuth)

If you choose to sign in using Google, we only request access to basic account information required for authentication and account setup:

  • your email address (scope: https://www.googleapis.com/auth/userinfo.email)
  • your basic profile information (scope: https://www.googleapis.com/auth/userinfo.profile)
  • OpenID identifier used for sign-in (scope: openid)

We use this data solely to create your account, authenticate you, and secure access to the Service. We do not request access to your Gmail, Google Drive, Calendar, contacts, or any other restricted or sensitive Google data.

5. Categories of Personal Data

Depending on how the Service is used, we may process:

5.1 Account and Contact Data

  • email address
  • name (if provided)
  • company name
  • billing details

5.2 Usage and Technical Data

  • IP address
  • device and browser information
  • timestamps and logs
  • interactions with the Service
  • usage limits and consumption metrics

5.3 User-Provided Content

  • prompts configured by Users
  • AI responses and generated outputs
  • workspace names and labels
  • URLs, brand names, or keywords provided by Users

Note: We do not intentionally collect special categories of personal data. Users should avoid submitting sensitive personal data unless strictly necessary.

6. Purposes and Legal Bases of Processing

PurposeLegal Basis (GDPR)
Providing and maintaining the ServiceArt. 6(1)(b)
Account management and authentication (including Google Sign-In, if used)Art. 6(1)(b)
Billing and paymentsArt. 6(1)(b), Art. 6(1)(c)
Improving the Service and analyticsArt. 6(1)(f)
Security and abuse preventionArt. 6(1)(f)
Legal obligationsArt. 6(1)(c)
Marketing communications (if consented)Art. 6(1)(a)

7. AI Models and Data Processing

  1. The Service uses third-party AI models to generate responses.
  2. Prompts and related data may be transmitted to AI providers solely to perform the requested functionality.
  3. We do not use User data to train our own AI models unless explicitly stated otherwise.
  4. AI outputs are generated automatically and may vary depending on the model and context.

8. Data Processing on Behalf of Users

  1. In many cases, we act as a data processor, processing data on behalf of Users.
  2. Users remain responsible for the lawfulness of the data they submit.
  3. A Data Processing Agreement (DPA) is available upon request or incorporated by reference into the Terms of Service.

9. Data Retention

We retain personal data only for as long as necessary to:

  • provide the Service
  • fulfill legal obligations
  • resolve disputes
  • enforce agreements

Account data is retained for the duration of the contract and a limited period thereafter, unless longer retention is required by law.

10. Data Recipients and Sub-processors

We may share data with trusted service providers, including:

  • cloud infrastructure providers
  • AI model providers
  • payment processors
  • analytics and monitoring tools
  • email delivery services

A current list of sub-processors may be made available upon request.

11. International Data Transfers

Personal data may be transferred outside the European Economic Area (EEA) where required to provide the Service.

Such transfers are safeguarded using:

  • Standard Contractual Clauses (SCCs), or
  • other lawful transfer mechanisms under GDPR.

12. Security Measures

We implement technical and organizational measures to protect personal data, including:

  • encryption
  • access controls
  • logging and monitoring
  • regular security reviews

13. Data Subject Rights

Under GDPR, individuals have the right to:

  • access their personal data
  • rectify inaccurate data
  • erase data ("right to be forgotten")
  • restrict processing
  • data portability
  • object to processing
  • lodge a complaint with a supervisory authority

Requests can be submitted to contact@genwolf.ai.

14. Cookies and Tracking Technologies

The Service uses cookies and similar technologies. Details are provided in a separate Cookie Policy.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. Material changes will be communicated through the Service or by email.

16. Contact

For privacy-related questions, contact: contact@genwolf.ai