FAMILIARIZE YOURSELF WITH
OUR PRIVACY POLICY
GENERAL
Last updated: 28 April 2026
This Privacy Policy explains how Wizata SA ("Wizata", "we", "us", "our") processes personal data when you visit our website www.wizata.com, interact with our marketing communications, use our industrial AI platform, or use the Wizata Mobile application for iOS and Android (together, the "Services").
Who we are
Wizata SA
89E Parc d'Activités Capellen
L-8308 Capellen, Luxembourg
CBE number 0661.584.738
Email: info@wizata.com
For privacy-related enquiries, please write to info@wizata.com with the subject "Privacy".
Scope and roles
This policy covers three contexts:
- Website visitors and prospects — anyone who browses www.wizata.com, submits a contact form, requests a demo, or subscribes to our newsletter. For this data, Wizata is the controller.
- Mobile App users — employees of customer organisations ("Tenants") who sign in to the Wizata Mobile app with their corporate Microsoft 365 / Azure Active Directory account. For account, identity, and device data described in section 4, Wizata is the controller. For business data processed through the App on behalf of the Tenant, Wizata is a processor acting on the Tenant's instructions.
- Platform users — customers and their end users of the Wizata SaaS platform. For business data and telemetry stored in a Tenant environment, Wizata is a processor; the Tenant is the controller. The terms of this processing are set out in the Data Processing Agreement (DPA) with each customer.
WHAT AND WHY WE PROCESS DATA
Website and marketing
When you interact with our website or marketing channels, we may process:
- Identification and contact details: name, professional email address, company name, job title, country, phone number — provided by you when you submit a contact form, request a demo, register for an event, or subscribe to our newsletter.
- Communications content: the messages you send us and our replies.
- Technical data: IP address, device and browser type, language, pages viewed, referring URL, and similar log data automatically collected when you browse the website.
- Cookies and similar technologies: see our Cookie Policy for the full list and for the consent options available to you.
We use this data to respond to your enquiries, send you the marketing communications you have subscribed to, organise events, secure and improve our website, and produce aggregated statistics. You can unsubscribe from marketing emails at any time using the link in each message.
Wizata Mobile application
The Wizata Mobile app is designed to minimise data collection. It does not include third-party analytics or crash-reporting SDKs, it does not collect advertising identifiers, and it does not track you across other apps or websites.
4.1 Account and identity
When you sign in, the App authenticates you through Microsoft Azure Active Directory using the Microsoft Authentication Library (MSAL). We receive and store on your device:
- your full name, email address, and Microsoft account identifier;
- the Tenant prefix, Microsoft tenant ID, OAuth client ID, and the OAuth scopes required to call the Wizata backend;
- a short-lived access token issued by Microsoft, used to authorise API calls.
Identity data is stored in the operating system's secure storage (iOS Keychain / Android Keystore-backed storage) and removed when you sign out.
4.2 Push-notification tokens
If you enable notifications, the App registers with Apple Push Notification service (APNs) on iOS or Firebase Cloud Messaging (FCM) on Android, and sends the resulting device token to the Wizata backend so it can deliver operational alerts. The token identifies your device installation but does not contain personal information by itself. We delete the token from our backend and from the device when you sign out or uninstall the App.
4.3 Operational and business data
While you use the App, we transmit business data between your device and the
Tenant's Wizata backend ({tenant}-wizard.onwizata.com). This may include
dashboards and tile configurations, industrial telemetry, asset metadata,
alert rules, edge-device status, pipeline executions, and log queries. This
data belongs to your employer and is processed on their behalf.
4.4 Local preferences
The App stores limited UI preferences locally (theme, notification toggle, dashboard tile layout cache). These preferences are not transmitted to Wizata or to any third party.
4.5 What the App does not collect
- No advertising identifier (IDFA, AAID).
- No precise or coarse geolocation.
- No contacts, photos, microphone, or camera data.
- No analytics or behavioural tracking.
- No crash reports sent to third parties.
Wizata SaaS platform
When you use the Wizata SaaS platform (web or API), we process the data uploaded by your Tenant for the purpose of providing the service: authentication credentials, asset and twin definitions, industrial telemetry and time-series data, machine-learning model artefacts, pipeline executions and logs, and similar operational records.
We process this data as a processor, on the Tenant's documented instructions and in accordance with the DPA signed with each customer. The Tenant is responsible for the lawfulness of the data they upload, including any personal data of their employees or end users.
Legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Respond to your enquiries and provide quotes / demos | Pre-contractual measures (Art. 6(1)(b)) |
| Send marketing emails and event invitations | Consent (Art. 6(1)(a)) — withdrawable at any time |
| Authenticate Mobile App users and authorise API calls | Contract performance (Art. 6(1)(b)) |
| Deliver push notifications | Consent (Art. 6(1)(a)) |
| Provide the SaaS platform to a Tenant | Contract performance (Art. 6(1)(b)) — for the Tenant; processor for end-user data |
| Secure our Services and prevent abuse | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations (accounting, tax, etc.) | Legal obligation (Art. 6(1)(c)) |
| Produce aggregated, non-identifying statistics | Legitimate interests (Art. 6(1)(f)) |
WITH WHOM DO WE SHARE DATA
Recipients and third-party processors
We share personal data only with parties that are necessary to operate the Services. Our principal processors are:
| Recipient | Purpose | Region |
|---|---|---|
| Microsoft Corporation — Azure Active Directory / MSAL | Authentication for the Mobile App | EU / global |
| Microsoft Azure | Hosting of the Wizata SaaS platform and Tenant environments | EU |
| Apple Inc. — Apple Push Notification service | Push delivery on iOS | EU / global |
| Google LLC — Firebase Cloud Messaging | Push delivery on Android | EU / global |
| Email and CRM providers | Marketing communications, customer support | EU / EEA |
| Professional advisors (auditors, lawyers, accountants) | Compliance and legal obligations | EU |
We do not sell personal data, and we do not share it for advertising. We may also disclose data when required by law or to protect our rights and the rights of others.
WHERE WE PROCESS DATA
International transfers
Where data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses, the EU-US Data Privacy Framework (where applicable), or another lawful transfer mechanism under Articles 44–49 GDPR. A copy of the safeguards is available on request from info@wizata.com.
HOW WE PROCESS DATA
Retention
We keep personal data only for as long as necessary for the purpose for which it was collected:
- Marketing prospects: until you unsubscribe, and at most three years after the last interaction.
- Mobile App identity and tokens: kept on your device until you sign out or uninstall the App; the FCM/APNs token is deleted from our backend at sign-out.
- Tenant business data: governed by the customer's contract and DPA; deleted on contract termination subject to legal retention obligations.
- Accounting and tax records: ten years, as required by Luxembourg law.
Security
We implement appropriate technical and organisational measures to protect personal data, including TLS encryption in transit, encryption at rest for authentication credentials and tokens (iOS Keychain / Android Keystore on mobile devices, encrypted volumes on our servers), access controls, audit logging, and security monitoring. Detailed security commitments for SaaS customers are set out in their service agreement.
Cookies
Our website uses cookies and similar technologies. The full list of cookies, their purposes, and their lifetimes is described in our Cookie Policy. You can manage your preferences via the consent banner on the website.
The Wizata Mobile app does not use cookies.
Children
Our Services are intended for professional use and are not directed to children under the age of 16. We do not knowingly process personal data of children.
YOUR RIGHTS & CONTACT
Your rights
Subject to GDPR or equivalent local law, you have the right to:
- access the personal data we hold about you;
- request rectification of inaccurate data;
- request erasure of your data ("right to be forgotten");
- request restriction of processing;
- request portability of data you provided;
- object to processing based on legitimate interests, including profiling;
- withdraw consent at any time, without affecting the lawfulness of processing carried out beforehand.
To exercise these rights:
- For Mobile App or SaaS business data controlled by your employer, please contact your employer's IT or data-protection team; we will support them in fulfilling your request.
- For data controlled by Wizata, write to info@wizata.com.
We will respond within one month, as required by GDPR. You may also lodge a complaint with your local data-protection authority. The supervisory authority for Wizata SA is the Commission nationale pour la protection des données (CNPD), Luxembourg (www.cnpd.lu).
Changes to this policy
We update this policy when our practices change. The "Last updated" date at the top indicates the latest revision. Material changes will be announced on this page and, where appropriate, by email or in the App.
Contact
Wizata SA
89E Parc d'Activités Capellen
L-8308 Capellen, Luxembourg
Email: info@wizata.com