Effective: April 20, 2026
This privacy policy explains how Parallax Technologies GmbH ("we", "us", "our"), operating the platform witness-compliance.eu ("Witness", "the Service"), collects, uses, and protects your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian data protection law.
The data controller responsible for processing your personal data is:
Parallax Technologies GmbH
E-Mail: [email protected]
Favoritenstraße 92/131, 1100 Wien, Österreich. Registered with the commercial register of the Handelsgericht Wien under FN 678180 z. VAT ID (UID): ATU83326713.
We collect and process the following categories of personal data:
Email address and name, collected during registration for authentication via magic link.
Company name, country, industry, and organization size, provided by you to establish your compliance context.
Form field data you enter when using our compliance tools (classifier, technical documentation, risk management, FRIA, etc.). This is the core service of Witness and constitutes your compliance work product.
If you upload documents for AI-assisted analysis, the extracted text is sent to our AI provider (Anthropic) for processing within the scope of the compliance workflow you have requested. Uploaded document files are processed in memory only and are not stored as files on our servers. After the workflow completes, only the extracted field values and the associated guidance metadata you have accepted into your compliance artifact are persisted; the original file content is discarded. You remain in control: you decide which uploaded field values to accept into your artifact and can remove them at any time.
Messages you send through the expert chat feature are stored in our database and sent to our AI provider to generate responses.
Payment processing is handled entirely by Paddle. We only store your Paddle customer ID and access tier. We do not have access to your credit card details or bank information.
We collect aggregate page-level analytics via Umami Cloud. Umami is configured without cookies and is used to understand broad product usage, not to build advertising profiles.
Authentication session tokens, locale preferences, anti-abuse verification data, request identifiers, and security logs needed to operate and protect the service.
We process your data on the following legal bases under GDPR Article 6:
Processing of account data, organization data, compliance documentation, uploaded document text submitted for AI-assisted analysis, and chat conversations is necessary for the performance of our contract with you — providing the Witness compliance platform and the features you request.
Cookieless page-level analytics, security logging, abuse prevention, and service diagnostics are processed based on our legitimate interests in understanding how the platform is used, improving reliability, and protecting the service.
Where we ask for consent, such as for optional communications or optional non-essential features, you may withdraw that consent at any time. Document uploads are user-requested service inputs and are processed under the contract basis described above.
We use the following third-party service providers to operate Witness:
Some of our processors are based in or may process data from outside the European Union (including Anthropic, OpenAI, Resend, Sentry, Cloudflare, and Paddle). Data transfers are conducted on the basis of an adequacy decision, the EU-US Data Privacy Framework, and/or Standard Contractual Clauses (SCCs) in accordance with GDPR Chapter V where required. Our database hosting (Railway) is located in the EU West region, so stored application data is hosted in the EU at rest.
We retain your data for the following periods:
You have the following rights regarding your personal data:
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
Parallax Technologies GmbH processes personal data only as necessary to provide the Service. We are not responsible for the accuracy or completeness of personal data that you or your authorised users enter, upload, or include in compliance artifacts. To the extent permitted by applicable law, we are not liable for regulatory fines, audit findings, notified-body decisions, or other regulatory consequences arising from inaccurate, incomplete, or outdated data that you have provided. This section does not limit liability that cannot be limited under mandatory data-protection law (including Article 82 GDPR).
You have the right to lodge a complaint with the competent data protection supervisory authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Austria
Witness uses essential cookies and local browser storage needed for authentication, language selection, anti-abuse verification, and saving in-progress form state:
We do not use advertising cookies. Umami analytics is configured without cookies; Cloudflare Turnstile may process technical browser signals for abuse prevention.
Witness is a business-to-business compliance platform and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this privacy policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via email or through an in-app notice. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.