Legal
Privacy Policy
Information on the processing of personal data pursuant to Art. 13 & 14 GDPR · Last updated: 2 June 2026
Please note: This is a convenience translation. Only the German version is legally binding. In the event of any discrepancy between the two, the German text prevails.
Protecting your personal data is important to us. We process your data exclusively on the basis of the applicable legal provisions (GDPR, the Austrian Data Protection Act, and the Austrian Telecommunications Act). In this privacy policy we inform you about the key aspects of data processing on our website and within the “VIZ” service.
1. Controller
The controller responsible for data processing within the meaning of the GDPR is:
- Company
- Numerobis GmbH
- Address
- Breitenaich 9, 4973 St. Martin im Innkreis, Austria
- Managing Director
- DI Alexander Greil
- Email (data protection)
- info@numerobis.at
Further company details can be found in our legal notice (Impressum, in German).
2. Server log files & provision of the website
When you access our website, the server automatically collects access data transmitted by your browser. This includes in particular:
- the IP address of the requesting device
- the date and time of access
- the page or file requested and the HTTP status code
- the amount of data transferred and the browser type used (user agent)
This processing is technically necessary in order to deliver the website, ensure its stability and security, and prevent misuse. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, uninterrupted operation).
3. User account & registration
To use the service you create a user account. In doing so, we process:
- your email address
- your password (stored exclusively as an encrypted hash – never in plain text)
- the plan you selected, your remaining image quota and the status of your account
- the time of registration and of your last login
- the language in which you registered (German or English), so that emails we send you are in that language
We need this data to provide your account, to authenticate you and to perform the contract. Legal basis: Art. 6(1)(b) GDPR (performance of the user agreement).
4. Uploaded images & generated visualizations
The core of the service is the creation of visualizations from the images you upload (e.g. 3D screenshots of your building models). For this purpose we process and store:
- the source images you upload
- the AI visualizations generated from them
- the settings you choose (e.g. style, lighting, surroundings) and the time of creation
This data is associated with your account so that we can provide you with the results and bill for the service. Uploaded images are not used for AI training purposes. On the paid plans we do not store your images permanently on our servers after generation. In the free trial we store the upload and the result temporarily for quality control and delete them automatically after 30 days at the latest; on request we will delete your images earlier at any time. Legal basis: Art. 6(1)(b) GDPR (performance of the contract).
5. Third parties & AI processing
Hosting
Our website and the service are hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The data is processed exclusively in data centers within the EU. Hetzner processes the data as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, efficient operation).
AI image processing
To generate the visualizations we use the AI service of OpenAI (OpenAI, L.L.C., 1455 3rd Street, San Francisco, CA 94158, USA). The images you upload are transmitted to OpenAI’s image API for this purpose and processed there in order to generate the resulting image.
Because OpenAI also processes data in the USA, a transfer to a third country takes place. This is carried out on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the Standard Contractual Clauses (SCC) adopted by the European Commission. Legal basis: Art. 6(1)(b) GDPR (performance of the contract) and Art. 28 GDPR (processing on behalf of the controller). Your data is not passed on to any other third parties unless we are legally obliged to do so.
6. Cookies
We use strictly necessary cookies only. None of them allows your browsing behaviour to be analysed:
viz_session— stores your logged-in session after login. Set as HttpOnly; deleted when you log out or when the session expires. It serves solely to keep the login working.viz_lang— remembers the language you selected (German or English) so that your next visit starts in that language. It contains only the valuedeorenand no personal data whatsoever.viz_no_track— set only on explicit request and excludes the device in question from the anonymous page-view count (see below).
We do not use any analytics, tracking or marketing cookies, and we do not embed any external advertising or tracking services. Legal basis: Art. 6(1)(f) GDPR and § 165(3) of the Austrian Telecommunications Act 2021 (cookies strictly necessary for operation).
Anonymous page-view count
To gauge reach, we count visits to the home page in a plain daily counter (date, language, number). No personal data is stored in the process – in particular no IP address, no identifier and no profile; individual visits cannot be traced back or linked together. No external analytics tool is used. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a rough, non-personal measurement of reach).
7. Retention periods
We store personal data only for as long as is necessary for the purposes stated:
- Account data: for as long as your account exists; after deletion it is removed, unless statutory retention obligations (e.g. under tax and company law, generally 7 years) require otherwise.
- Images & visualizations: not stored permanently on the paid plans; in the free trial for up to 30 days (after which they are deleted automatically), at the latest until your account is deleted – earlier on request at any time.
- Server log files: for a short period to ensure operation, then deleted or anonymised.
8. Your rights
With regard to your personal data you have the following rights:
- right of access (Art. 15 GDPR)
- right to rectification (Art. 16 GDPR)
- right to erasure (Art. 17 GDPR)
- right to restriction of processing (Art. 18 GDPR)
- right to data portability (Art. 20 GDPR)
- right to object to processing (Art. 21 GDPR)
To exercise your rights, an informal message to info@numerobis.at is sufficient.
9. Right to lodge a complaint with the supervisory authority
If you believe that the processing of your data infringes data protection law, you have the right to lodge a complaint with a supervisory authority. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.
10. Contact
If you have any questions about data protection or the processing of your personal data, you can reach us at info@numerobis.at.