Website Privacy Policy

Last updated: 13.2.2026

This Privacy Policy describes how QADS e.U. ("AutoPhish", "we", "us", or "our") collects, uses, and protects personal data when you visit our public website at autophish.io.

We are committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Austrian data protection laws.

This policy covers the public marketing website. For information about data processing within the AutoPhish platform (phishing simulation service), please see our Service Privacy Policy.

1. Data Controller

QADS e.U. is the data controller for data collected through this website.

2. Data We Collect

Information You Provide:

  • Name and email address (if you use our contact form or register for an account)

Technical Data (collected automatically):

  • IP address
  • User agent (browser and device information)
  • Pages visited and referral URLs

3. Google Analytics

We use Google Analytics (provided by Google LLC / Google Ireland Limited) for website analytics. Google Analytics is only loaded if you explicitly opt in via our cookie preferences. If you do not consent to analytics cookies, Google Analytics is not loaded and no data is sent to Google.

Where Google Analytics is enabled, we configure it with IP anonymization so that your IP address is truncated before being transmitted to Google servers. Google Analytics uses cookies to collect aggregated usage data such as page views and session duration.

You can withdraw your consent at any time via the cookie preferences in the website footer.

4. Purpose and Legal Basis of Processing

Purposes:

  • Providing and improving the website
  • Responding to contact form inquiries
  • Website analytics (only with your consent)

Legal bases:

  • Article 6(1)(a) GDPR – consent (for analytics cookies / Google Analytics)
  • Article 6(1)(b) GDPR – contract performance (e.g., responding to inquiries)
  • Article 6(1)(f) GDPR – legitimate interest (e.g., website security, server logs)

5. Sub-Processors

We use the following sub-processors for the public website:

  • Contabo GmbH (Germany) – infrastructure and hosting
  • Crisp IM SAS (France) – customer support chat widget
  • Google (Google Analytics, Google Ireland Limited / Google LLC) – website analytics (opt-in only, IP anonymization enabled)

Contabo and Crisp are located in the EU. Google Analytics may involve the processing of data outside the European Economic Area (EEA). Google provides appropriate safeguards under Standard Contractual Clauses (SCCs) in accordance with GDPR requirements. Google Analytics data is only collected with your explicit consent.

6. Data Retention

We retain personal data only as long as necessary. Google Analytics data retention is configured to the minimum period available. Server log data is retained for a limited time for security purposes.

7. Data Security

We implement technical and organizational measures appropriate to the risks, including:

  • Encryption of data in transit (HTTPS)
  • Access controls
  • Monitoring and logging

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent (e.g., for analytics cookies)

9. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated on this page.

10. Questions

For any questions regarding this Privacy Policy, please contact:

QADS e.U.
Email: support@autophish.io