New

Introducing A11y Chatbot — Get instant expert help making your website WCAG compliant

Try it now

Our Services

View all →

Free Accessibility Check

Accessibility Plugin

Knowledge Base

Support & Help

Custom Solutions

Privacy Policy

Last Updated: January 2025

1. Controller

The controller responsible for data processing on this website is:

SSL Fruity AI GmbH & Co KG
Inkustraße 1–7/Stiege 2/Haus C/1. OG/Top 2109
3400 Klosterneuburg
Austria

Management: Ferdinand Ledermüller
Company Registration Number: 661608d

Contact:
Germany: +49 160 155 0555
Austria: +43 650 37 50 530
Email: info@fruitly.net

2. General Information on Data Processing

2.1 Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Processing of personal data occurs only with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.

2.2 Legal Basis for Processing Personal Data

Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

For processing personal data necessary for the performance of a contract, Article 6(1)(b) GDPR serves as the legal basis.

Where processing personal data is necessary for compliance with a legal obligation, Article 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require processing personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

2.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may occur beyond this if provided for by European or national legislators in EU regulations, laws, or other provisions. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for concluding or fulfilling a contract.

3. Data Processing on Our Website

3.1 Provision of the Website and Creation of Log Files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The user's IP address
  • Date and time of access
  • Websites from which the user's system reaches our website

The data is also stored in log files of our system. This data is not stored together with other personal data of the user.

Legal basis: Article 6(1)(f) GDPR. Our legitimate interest follows from the listed purposes for data collection.

Storage duration: Data is deleted as soon as it is no longer required to achieve the purpose of its collection. For data collected to provide the website, this is when the respective session ends. Log files are deleted after a maximum of 90 days.

3.2 Registration and User Account

On our website, we offer users the opportunity to register by providing personal data.

The following data is collected during registration:

  • Email address
  • Password (stored encrypted)
  • Time of registration

Legal basis: Article 6(1)(b) GDPR (contract performance) and Article 6(1)(a) GDPR (consent).

Storage duration: Data is deleted as soon as it is no longer required to achieve the purpose of its collection. This is the case for data collected during the registration process when registration on our website is canceled or modified, or when you delete your account.

3.3 Email Verification

To verify your email address, we send you a six-digit code. This code is stored only temporarily and automatically deleted after successful verification or after 24 hours.

3.4 Website Scans and Reports

When you use our service to check websites for accessibility, we process:

  • The URL of the website to be checked
  • Scan results and generated reports
  • Timestamps of scans
  • Assignment to your user account

Legal basis: Article 6(1)(b) GDPR (contract performance).

Storage duration: Scan results are stored as long as your account is active. Upon deletion of your account, all associated data is also deleted.

4. Data Hosting and Server Location

4.1 Own Servers in Vienna, Austria

Important: We operate our own servers exclusively in Vienna, Austria. No third-party cloud services (such as AWS, Google Cloud, Microsoft Azure, etc.) are used for storing or processing your data.

Benefits for you:

  • All data remains in the EU (Austria)
  • Complete control over infrastructure
  • No sharing with third-party providers
  • GDPR compliant through EU location

4.2 AI Processing

Our AI systems for accessibility analysis are operated entirely on our own servers in Vienna. There is no sharing of data with external AI services such as OpenAI, Google AI, or other third-party providers.

All processing takes place locally on our infrastructure, ensuring maximum data protection.

5. Sharing of Data

5.1 Principle: No Sharing with Third Parties

We do not share your personal data with third parties, except in the following cases:

  • You have expressly consented (Article 6(1)(a) GDPR)
  • Sharing is necessary to fulfill legal obligations (Article 6(1)(c) GDPR)
  • Sharing is necessary to assert, exercise, or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not sharing your data (Article 6(1)(f) GDPR)

5.2 No Use of Third-Party Services

We deliberately use no tracking tools, analytics services, or other third-party services that could process your data. This expressly includes:

  • No Google Analytics
  • No Facebook Pixel
  • No external advertising networks
  • No social media plugins with data transmission

6. Your Rights as a Data Subject

You have the following rights:

6.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data.

6.2 Right to Rectification (Article 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.

6.3 Right to Erasure (Article 17 GDPR)

You have the right to obtain from us the erasure of personal data concerning you without undue delay.

6.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to obtain from us restriction of processing.

6.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.

6.6 Right to Object (Article 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you.

6.7 Right to Withdraw Consent (Article 7(3) GDPR)

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint with a Supervisory Authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Competent supervisory authority in Austria:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

7. Data Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continually improved in accordance with technological developments.

Technical measures include:

  • SSL/TLS encryption for all data transmissions
  • Encrypted storage of passwords (Bcrypt)
  • Regular security updates
  • Firewall protection
  • Access restrictions and authentication
  • Regular backups

8. Cookies

Our website uses only technically necessary session cookies for the functionality of login and user management. These cookies contain no personal data and are automatically deleted after closing the browser.

We use no tracking cookies, marketing cookies, or analytics cookies.

9. Changes to This Privacy Policy

We reserve the right to adapt this Privacy Policy so that it always complies with current legal requirements or to implement changes to our services in the Privacy Policy. The new Privacy Policy will apply to your next visit.

10. Contact

If you have questions about data protection, please email us or contact us directly:

SSL Fruity AI GmbH & Co KG
Inkustraße 1–7/Stiege 2/Haus C/1. OG/Top 2109
3400 Klosterneuburg
Austria

Email: info@fruitly.net
Phone: +43 650 37 50 530 (Austria) or +49 160 155 0555 (Germany)