Privacy Policy
Last updated: May 24, 2026
Auttendo is a brand of Dazzled VOF ("Auttendo", "we", "us", "our"), established at Hoedemakerplein 3 Room 6, 7511 JR Enschede, the Netherlands, KvK 89338731. We operate the website auttendo.com, build websites for business customers and process changes through WhatsApp. This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use our service, in line with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch privacy law.
1. Data controller
Dazzled VOF is the data controller for personal data we collect via auttendo.com and for the business data of our customers. For end customers visiting a website we built and host for a customer, our customer is the data controller and Auttendo acts as a data processor on their behalf.
Contact:
- Email: hi@auttendo.com
- Address: Dazzled VOF, Hoedemakerplein 3 Room 6, 7511 JR Enschede, the Netherlands
- KvK: 89338731
2. What data we collect
2.1 Visitors of auttendo.com
When you visit auttendo.com we may collect:
- Analytics data such as page views, referrer, device type and browser, collected via a privacy-friendly analytics provider (visitors.now). No cross-site tracking, no advertising identifiers.
- Form data when you request a free redesign or contact us: name, email, WhatsApp number, business name, and anything else you provide.
- Communication data: messages, emails and WhatsApp conversations you initiate with us.
2.2 Customers (business owners with a site at Auttendo)
When you become a customer we collect:
- Account data: name, email, telephone, business name, KvK or VAT number where applicable, and domain.
- Billing data: invoice address and payment details, processed through our payment provider. We do not store full card numbers.
- Content you share with us: photos, texts, opening hours, menus, prices, brand assets and anything else needed to build, edit and operate your site.
- WhatsApp conversations: the messages you send us through WhatsApp to request site updates, including attachments such as images or PDFs.
- Usage data: which updates were requested, when changes went live, and basic operational logs.
2.3 Visitors of websites we host for our customers
On websites we built and host for a customer, the customer is the data controller. We are the processor. Depending on the customer site we may, on behalf of the customer, collect:
- Analytics data (page views, device, referrer) where the customer has enabled it.
- Form submissions (for example a reservation or contact form) which are passed to the customer.
- Strictly necessary cookies for security and form handling. No advertising cookies.
3. How we use your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Building, hosting and maintaining your website | Performance of a contract (Art. 6(1)(b)) |
| Processing site changes you request via WhatsApp | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and invoicing | Performance of a contract (Art. 6(1)(b)) |
| Responding to redesign or contact requests | Pre-contractual measures (Art. 6(1)(b)) |
| Sending service updates and account notices | Legitimate interest (Art. 6(1)(f)) |
| Sending marketing emails (only with consent) | Consent (Art. 6(1)(a)) |
| Analysing website usage on auttendo.com to improve the site | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal and tax obligations | Legal obligation (Art. 6(1)(c)) |
4. WhatsApp and AI processing of site changes
WhatsApp is the primary channel through which our customers request site changes. Messages and attachments you send us via WhatsApp are processed for one purpose: to apply the requested change to your website and confirm it back to you.
- WhatsApp Business API. We use Meta Platforms Ireland Limited as a processor for WhatsApp Business communications. Meta processes message metadata to deliver messages.
- AI processing. To execute changes quickly we use Anthropic, Inc. as a processor. Message content and attachments you send for the purpose of a change are passed to Anthropic to generate the corresponding site update. Anthropic does not train its models on data sent via the API.
- Human review. Our designers review the resulting changes before they go live, where appropriate.
- Retention. WhatsApp conversations and attachments are retained for as long as you are a customer, so we can refer back to earlier decisions. You can ask us to delete a specific conversation or attachment at any time.
5. Cookies and local storage
On auttendo.com:
- We use a privacy-friendly analytics provider (visitors.now) that does not set cross-site tracking cookies.
- We use localStorage to remember your preferred language and to avoid showing the same prompts twice.
- We do not use advertising cookies.
On websites we host for customers, cookie usage depends on the customer. We aim for the minimum that the site needs to function and any analytics the customer has opted into. The customer is responsible for any cookie banner shown on their own site.
6. Sub-processors
We share personal data only as needed to provide the service. We do not sell your personal data. The following sub-processors may receive personal data:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting of auttendo.com and customer websites | US, with EU regions where available; SCCs in place |
| Resend, Inc. | Transactional and contact-form email | US; SCCs in place |
| Visitors.now | Privacy-friendly website analytics for auttendo.com | EU |
| Meta Platforms Ireland Limited | WhatsApp Business API for customer communication | EU/IE, with international transfers under SCCs |
| Anthropic, Inc. | AI processing to execute WhatsApp-requested site changes | US; SCCs in place; no model training on API content |
| Google LLC | Web font delivery (Space Grotesk) on auttendo.com | US; standard web request metadata only |
| flagcdn.com | Country flag SVGs in the language switcher | EU/CDN; standard web request metadata only |
| GitHub, Inc. | Source code hosting for auttendo.com and customer sites | US; SCCs in place |
All sub-processors are bound by data processing agreements and may only process personal data on our instructions.
7. International data transfers
Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (for example to sub-processors in the United States), we ensure appropriate safeguards are in place, including the EU Standard Contractual Clauses (SCCs), adequacy decisions by the European Commission, and the EU-U.S. Data Privacy Framework where applicable.
8. Data retention
| Data type | Retention period |
|---|---|
| Redesign and contact requests (not converted to customers) | Up to 12 months after last contact, then deleted |
| Customer account and billing data | Duration of the relationship, plus the legally required tax retention period of 7 years for invoices |
| Site content (photos, texts, menus, etc.) | Duration of the relationship; we keep a 30-day backup after termination, then deletion |
| WhatsApp conversations and attachments | Duration of the relationship; deletable on request |
| Analytics data on auttendo.com | 26 months (aggregated) |
| Marketing email subscribers | Until you unsubscribe |
9. Your rights
Under the GDPR you have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you.
- Rectification: request correction of inaccurate data.
- Erasure: request deletion of your data ("right to be forgotten").
- Restriction: request that we limit processing of your data.
- Data portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at hi@auttendo.com. We will respond within 30 days.
If you visited a website we host for a customer and want to exercise your rights regarding data on that site, please contact the customer directly. They are the data controller. You can also contact us and we will help direct your request.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
10. Data security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest.
- Access controls and authentication for internal systems.
- Regular security reviews and dependency updates.
- Incident response procedures.
While we take reasonable precautions, no system is completely secure. If you discover a security vulnerability, please report it to hi@auttendo.com.
11. Children's privacy
Our service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on auttendo.com or by email. The "Last updated" date at the top reflects the latest revision.
13. Contact
If you have questions about this Privacy Policy or how we handle your data:
- Email: hi@auttendo.com
- Address: Dazzled VOF, Hoedemakerplein 3 Room 6, 7511 JR Enschede, the Netherlands