Fragly

Privacy Policy

Effective: March 1, 2026

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data when using our website and our software-as-a-service platform Fragly, including the embedded AI chat widget.

1. Controller

Bavaria2TM UG

Rickering 2a

94577 Winzer

Germany

Email: info@fragly.ai

Authorized Representative: Thomas Loesl

2. Role Distribution (Essential)

2.1 Use of Fragly on Customer Websites

When a website operator integrates Fragly into their website:

  • the website operator is the controller under GDPR for end-user data
  • Bavaria2TM UG processes this data as a processor pursuant to Art. 28 GDPR

Processing is carried out exclusively according to the instructions of the respective website operator.

2.2 Own Website & Platform Operation

For the processing of personal data on our own website as well as for accounts, billing, support, and communication, we are the controller.

3. Hosting & Technical Infrastructure

Our platform is operated in the European Union. We use external hosting, infrastructure, and database service providers for this purpose, who act exclusively within the framework of commissioned processing.

Data transmission is encrypted (SSL/TLS).

4. Data Categories Processed

Depending on use, we process in particular:

  • Account & contract data (name, email, login data, subscription information)

  • Chat & communication data (free text, possibly name, email, phone number, attachments)

  • Technical data (IP address, browser & device data, log files)

  • Usage & analytics information (only with consent)

5. AI Chat & Conversations

5.1 Purpose

Processing is carried out for:

  • Answering user inquiries
  • Providing the AI assistant
  • Lead capture (e.g., name, email, message)
  • Technical assurance and quality control

5.2 Storage

Chat histories and associated data are stored for up to 365 days, unless earlier deletion by the responsible website operator occurs or legal obligations prevent this.

5.3 Access

Access is granted to:

  • the respective website operator

  • Fragly support only upon customer request for support purposes

6. Use of AI Services

For generating responses, we use external AI services.

The following applies:

  • Content is processed exclusively for response generation

  • no use of data for training purposes

  • no independent further processing by us

Data transfer to third countries cannot be excluded. This is done on the basis of appropriate safeguards (e.g., standard contractual clauses).

7. Attachments & Uploads

Transmitted files are processed to handle the respective request. Storage is secure and time-limited according to the general retention period (max. 365 days).

8. Cookies & Similar Technologies

We use cookies and comparable technologies.

Categories:

  • Essential cookies (technically required)

  • Optional cookies (analytics & marketing)

Optional cookies are set only with consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time via the cookie settings.

9. Web Analytics

We use analytics tools to improve our offering.

  • Processing only with consent

  • IP addresses are shortened or anonymized
  • Legal basis: Art. 6 para. 1 lit. a GDPR

10. Affiliate Tracking

We operate an affiliate program.

  • Cookies/identifiers for attribution of referrals

  • Storage duration: 30 days

  • Activation only with consent
  • Legal basis: Art. 6 para. 1 lit. a GDPR

11. Newsletter & Communication

Upon registration or completion of a subscription, we may use your email address to:

  • send product-related information (Art. 6 para. 1 lit. b GDPR)

Marketing emails are sent only with explicit consent. Unsubscription is possible at any time.

12. Payment Processing

For payment processing, we use external payment service providers.

Processed data includes:

  • Name, email, billing data
  • Transaction and payment information

We do not receive complete payment data (e.g., credit card numbers).

Legal basis: Art. 6 para. 1 lit. b GDPR.

13. Social Login

We offer the option to register and log in via external accounts with Google, Apple, or Meta (Facebook) ("Social Login").

Use of Social Login is voluntary. Alternatively, registration with an email address is possible.

Google Login

When you log in via Google, we receive the following information from Google - depending on your Google account settings:

  • Name
  • Email address
  • Profile picture (if applicable)

Authentication is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

Data transfer to the USA cannot be excluded. This is done on the basis of appropriate safeguards (e.g., standard contractual clauses).

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance) or Art. 6 para. 1 lit. a GDPR (consent)

Apple Login

When you log in via "Sign in with Apple", we receive from Apple:

  • Your Apple ID email address (possibly an anonymous relay address provided by Apple)
  • Your name (only on first login, if applicable)

Processing is carried out by Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA or Apple Distribution International Ltd., Ireland.

Apple offers the option to hide your email address ("Private Relay").

Legal basis: Art. 6 para. 1 lit. b GDPR (contract performance)

Meta (Facebook) Login

We also offer the option to register and log in via a Meta Platforms account (e.g., Facebook) ("Meta Login").

Use of Meta Login is voluntary. Alternatively, registration with an email address is always possible.

When you log in via Meta, we receive - depending on your Meta account settings - the following information:

  • Name
  • Email address
  • Profile picture (if applicable)

Authentication is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to servers of Meta Platforms Inc. in the USA cannot be excluded. This is done on the basis of appropriate safeguards, in particular standard contractual clauses (Art. 46 GDPR).

In this context, Meta is an independent controller under GDPR.

Legal basis for processing is: Art. 6 para. 1 lit. b GDPR (contract performance) or Art. 6 para. 1 lit. a GDPR (consent by selecting Social Login)

14. Server Log Files

When visiting our website, technical log data is processed.

Purpose:

  • Security
  • Stability
  • Error analysis

Legal basis: Art. 6 para. 1 lit. f GDPR.

15. Your Rights

You have the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Data portability
  • Object
  • Withdraw given consents
Contact: info@fragly.ai

16. Right to Complain

You may file a complaint with a competent data protection supervisory authority.

17. Changes

We reserve the right to adapt this privacy policy. The current version is always available on our website.