Innoworks Innoworks
Book an intro call
Legal

Privacy statement

Last updated: 19 June 2026

Innoworks takes your privacy seriously. This statement explains, in plain language, what personal data we collect, why, how long we keep it, who we share it with and the rights you have. We only process what is necessary, and never more than that.

1. Who is responsible for your data

The data controller is Innoworks B.V., established at Hoedemakerplein 2A, 7511 JP Enschede, the Netherlands, registered with the Dutch Chamber of Commerce under number 97446939. For any question about privacy or your personal data, reach us at info@innoworks.ai.

2. What data we process

We only collect data you provide yourself or that is technically required:

  • Contact form: your name, email address, optional phone number, the service or challenge you select and the content of your message.
  • AI-scan: the website you enter, the content of the conversation you have with our AI, a business profile derived from that conversation (such as sector and challenge), and any contact details (name, email, phone) you mention yourself during the conversation.
  • Email correspondence: messages you send us and our replies.
  • Technical data: your IP address, used only briefly for security and abuse prevention (rate-limiting and bot protection). We do not link it to a profile and do not use it to track you.

3. Why, and on what legal basis

We process your data for the following purposes, each with a legal basis:

  • Responding to your request and preparing a possible collaboration — basis: performance of, or steps prior to, a contract.
  • Our services and lead follow-up (following up a request, giving suitable advice) — basis: legitimate interest in being able to offer our services.
  • Security and abuse prevention of our forms and the AI-scan — basis: legitimate interest in a safe, working website.

We do not use your data for automated decision-making with legal effect, and we do not send you marketing unless you have asked for it or given consent.

4. The AI-scan specifically

When you enter a website in the AI-scan, our AI has a conversation with you and analyses the publicly available information of that website to give tailored advice. That conversation is stored so we can follow up on your request and improve the advice. If you mention your name or contact details, we keep them as part of your request. Don't want us to keep the conversation? Email us at info@innoworks.ai and we will delete it.

5. How long we keep your data

We keep your data no longer than necessary. Requests via the contact form and the AI-scan are kept for up to 24 months after the last contact, after which we delete or anonymise them. If your request leads to a collaboration, the statutory retention periods apply to the related data (for example the 7-year tax retention obligation for administration).

6. Who we share your data with

We never sell your data. We do rely on carefully selected processors that help us run the site. A data processing agreement is in place with each of them:

  • Supabase — secure database storing requests and scan conversations.
  • Resend — sending transactional email (confirmation + internal notification).
  • Upstash — rate-limiting against abuse.
  • Cloudflare (Turnstile) — bot protection on the forms.
  • Google (Gemini) — the AI model that runs the AI-scan and generates the note.
  • Vercel — hosting of the website and the server functions.

7. Transfers outside the EU

Some of the parties above may process data (partly) outside the European Economic Area. In that case we ensure appropriate safeguards, such as the European Commission's Standard Contractual Clauses, so your data is protected there too.

8. Cookies and analytics

This website uses no tracking cookies, no advertising pixels and no analytics. We do not track you and do not build a profile of your browsing behaviour. That is also why you see no cookie banner on our site. The only technical data we briefly process is needed for security (see point 2).

9. How we secure your data

We take appropriate technical and organisational measures. All traffic is encrypted over HTTPS, storage is protected with row-level access rules, forms are protected with bot checks and rate-limiting, and only authorised staff have access to your data.

10. Your rights

Under the GDPR you have the following rights, which you can exercise free of charge:

  • access to the data we hold about you;
  • rectification of inaccurate data;
  • erasure of your data ("right to be forgotten");
  • restriction of processing;
  • objection to processing;
  • portability of your data;
  • withdrawal of consent given earlier.

Send your request to info@innoworks.ai; we respond within the statutory period of one month. If you disagree with how we handle your data, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

11. Changes to this statement

We may update this privacy statement from time to time, for example for new services or changed regulations. The current version is always on this page, with the date of the last change at the top.

12. Contact

Questions about this statement or about your personal data? Feel free to email us at info@innoworks.ai. We are happy to help.