Last updated: March 20, 2026
This Privacy Policy explains what personal data Wings Software UG (haftungsbeschränkt) collects, why, and what rights you have in relation to it. It covers two contexts: the Wings Website (www.wings-software.com) and the Wings Desktop Application. Where provisions apply to only one context, this is indicated clearly. Shared provisions apply to both.
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
For the purposes of this Privacy Policy:
Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
Application refers to Wings, the desktop software program provided by the Company.
Company (referred to as either "the Company", "We", "Us" or "Our" in this Policy) refers to Wings Software UG (haftungsbeschränkt), Cosimastraße 121, 81925 Munich, Germany. For the purpose of the GDPR, the Company is the Data Controller.
Country refers to: Bavaria, Germany.
Data Controller, for the purposes of the GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
Device means any device that can access the Service such as a computer or a digital tablet.
GDPR refers to the EU General Data Protection Regulation.
Personal Data is any information that relates to an identified or identifiable individual. For the purposes of the GDPR, this includes any information relating to You such as a name, an identification number, location data, an online identifier or factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
Service refers to the Application or the Website or both.
Service Provider means any natural or legal person who processes data on behalf of the Company. For the purpose of the GDPR, Service Providers are considered Data Processors.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
Website refers to Wings Software, accessible from https://www.wings-software.com.
You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service. Under GDPR, You can be referred to as the Data Subject or the User.
This Part applies to your use of www.wings-software.com.
When You visit the Website, our infrastructure and CDN provider (Cloudflare) automatically record standard server log data, including IP address, browser type, operating system, referring URL, pages visited, and timestamp. This is technically necessary for the secure and stable operation of the Website.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests in operating and securing the Website.
Retention: Up to 30 days, then deleted or anonymised.
If You create an account, We collect your email address, first and last name, and a password (stored in hashed form), in order to provide access to the Service and manage your subscription.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
Retention: For the duration of your account, plus up to 6 years thereafter as required by German commercial records law (§ 257 HGB).
Account authentication on the Website is handled via Firebase Authentication, a service provided by Google LLC. Only email address and password authentication is currently supported. We may in future offer enterprise single sign-on (SSO) options; if and when we do, this Policy will be updated accordingly.
Firebase processes authentication data as a Data Processor on behalf of Wings Software UG, under Google's Data Processing Terms and EU Standard Contractual Clauses (SCCs) as the safeguard for transfers of personal data to the United States. For more information see https://policies.google.com/privacy.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
If You submit a demo request via the "Get a Demo" form on the Website, We collect the following information: email address, first and last name, country, company website, job level, job function, intended usage purpose, additional information (free text, optional), and date of submission. Phone number is also collected but is optional. We use this data solely to evaluate your request and to follow up with you regarding a product demonstration.
Form submissions are processed by FormSpree, Inc., a US-based service provider acting as a Data Processor on our behalf. FormSpree transmits submitted data to us by email and relies on EU Standard Contractual Clauses as the safeguard for transfers to the United States. For more information see https://formspree.io/legal/privacy-policy/.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests in evaluating and responding to business enquiries; or Art. 6(1)(b) GDPR where the request constitutes a pre-contractual step.
Retention: Up to 24 months from the date of submission, or until the conclusion of any resulting commercial relationship.
When You contact Us directly by email, We process the information You provide (name, email address, message content) in order to respond to your enquiry.
Legal basis: Art. 6(1)(f) GDPR — legitimate interests in responding to enquiries; or Art. 6(1)(b) GDPR where the enquiry relates to a contractual matter.
Retention: Up to 3 years from last interaction.
The Website uses cookies and similar tracking technologies. We use Google Tag Manager (GTM) to manage third-party scripts. GTM itself loads before consent and does not collect personal data; it acts solely as a container that activates further tracking scripts only after You have given your consent via our cookie banner.
We use both Session and Persistent Cookies for the purposes set out below:
Necessary / Essential Cookies. Type: Session Cookies. Administered by: Us. Purpose: These cookies are essential to provide You with services available through the Website and to authenticate users. Legal basis: Art. 6(1)(f) GDPR — legitimate interests; no consent required.
Cookie Consent Cookies. Type: Persistent Cookies. Administered by: Us (via consentmanager.net). Purpose: These cookies record whether You have accepted or declined the use of non-essential cookies, so that your preference is remembered on future visits.
Functionality Cookies. Type: Persistent Cookies. Administered by: Us. Purpose: These cookies allow Us to remember choices You make when You use the Website, such as language preference, to provide a more personalised experience.
Analytics and Performance Cookies. Type: Persistent Cookies. Administered by: Third parties (Google, Hotjar/Contentsquare). Purpose: These cookies are used to understand how visitors use the Website, to measure traffic, and to improve our Service. They are only activated after You have given your explicit consent via the cookie banner. Legal basis: Art. 6(1)(a) GDPR — consent. You may withdraw your consent at any time by revisiting your cookie preferences via the cookie settings link in the footer of this Website.
A full list of cookie and tracking technology providers used on the Website — including data categories, transfer mechanisms, cookie names, and storage durations — is available in the Cookie Information panel, accessible via the cookie settings link in the footer of this Website.
For further information, please also refer to our Cookie Policy at https://www.wings-software.com/legal/cookies.
We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC, to understand how visitors use the Website. The GA4 script is loaded only after You have given your explicit consent via the cookie banner. Google may transfer data to the United States; this transfer is covered by EU Standard Contractual Clauses. For more information: https://policies.google.com/privacy.
We also use Hotjar (a service provided by Contentsquare SAS) for user experience analytics, including heatmaps and session recordings. Hotjar is likewise only activated after your consent. For more information: https://contentsquare.com/privacy-center/.
You may withdraw consent to analytics cookies at any time by revisiting your cookie preferences via the cookie settings link in the Website footer.
Paid subscriptions are processed by Paddle.com Market Limited, our merchant of record. Wings Software UG does not receive or store your payment card details. Paddle processes payment data under its own privacy policy: https://www.paddle.com/legal/privacy. Wings Software UG receives only order confirmation data (amount, subscription tier, billing reference) necessary for account management.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract.
Retention: Billing records up to 10 years, as required by German tax law (§ 147 AO).
The Website is served via Cloudflare, Inc., which provides CDN and DDoS protection services. Cloudflare may process IP addresses and request metadata as part of this service. Data transfers to the United States are covered by EU Standard Contractual Clauses. For more information: https://www.cloudflare.com/privacypolicy/.
This Part applies to your use of the Wings desktop application — an AI-powered IDE and agent for AUTOSAR automotive software development.
The Application uses Firebase Authentication, a service provided by Google LLC, to manage user sign-in. Only email address and password authentication is currently supported. We may in future offer enterprise single sign-on (SSO) options; if and when we do, this Policy will be updated accordingly.
When You sign in to the Application:
Firebase/Google processes this data as a Data Processor on behalf of Wings Software UG, under Google's Data Processing Terms and EU Standard Contractual Clauses as the safeguard for transfers to the United States. For more information: https://cloud.google.com/terms/data-processing-addendum.
Legal basis: Art. 6(1)(b) GDPR — necessary for the performance of the contract (providing the Application).
Retention: The session token persists locally until You sign out or it expires. Firebase account data is retained for the duration of your account.
Wings Software's own components within the Application do not currently collect usage or telemetry data from your device. We may introduce optional telemetry features in future versions of the Application. If and when this occurs, this Policy will be updated before any such collection begins, and telemetry data will only be collected with your explicit consent.
Legal basis (if introduced in future): Art. 6(1)(a) GDPR — your consent.
Wings Software UG does not transmit, access, or store the contents of your AUTOSAR project files on Wings Software's own servers. Your project data remains on your device or your organisation's own infrastructure at all times, unless you explicitly choose to submit data to a third-party LLM provider as described below.
The Application includes Cline, an open-source AI agent component that provides core AI functionality within Wings. Cline's own telemetry is disabled by default within the Application.
When You use AI-agent features, the Application may transmit data — including your text prompts, file names, and file contents — to a Large Language Model (LLM) provider of your choice. Wings Software UG has no knowledge of which LLM provider you configure and no control over or responsibility for that provider's data practices.
In this context:
Wings Software strongly recommends reviewing your organisation's data classification policies before submitting any project data to an external LLM provider via the Application.
The Company may use Personal Data for the following purposes:
We may share Your personal data in the following situations:
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. The following retention periods apply:
Some of the Service Providers described in this Policy are located outside the European Economic Area, in particular in the United States. Where personal data is transferred to a country not providing an equivalent level of data protection, We rely on appropriate safeguards.
The following transfers currently take place:
You may request further information about the applicable transfer safeguards by contacting us at contact@wings-software.com.
We process personal data only where a lawful basis exists. The bases applicable to our processing activities are:
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
The security of Your Personal Data is important to Us. We implement appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and We cannot guarantee absolute security.
Depending on your jurisdiction, you have a number of rights regarding your personal data. Under the GDPR, these include:
Users in other jurisdictions — including California (CCPA), Brazil (LGPD), and Thailand (PDPA) — may have additional or equivalent rights under their applicable local law. We honour all such rights to the extent they apply to our processing of your personal data.
To exercise any of these rights, please contact us at contact@wings-software.com (att.: Data Protection). We may ask you to verify your identity before responding. We will respond within one month of receipt, which may be extended by a further two months in complex cases.
You have the right to lodge a complaint with a data protection supervisory authority. As a German company, our lead supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18, 91522 Ansbach, Germany
https://www.lda.bayern.de
If you are located in another EU/EEA member state, you may alternatively lodge a complaint with the supervisory authority in your country of habitual residence or place of work.
Our Service does not address anyone under the age of 18. We do not knowingly collect personal data from children under 18. If You are a parent or guardian and believe your child has provided Us with personal data, please contact Us and We will take steps to delete that information promptly.
Our Service may contain links to third-party websites not operated by Us. We have no control over and assume no responsibility for the content or privacy practices of any third-party sites. We strongly advise You to review the privacy policy of every site You visit.
We may update this Privacy Policy from time to time. We will notify You of any material changes by email and/or by a prominent notice on the Service prior to the change taking effect, and will update the "Last updated" date at the top of this Policy. We encourage You to review this Policy periodically.
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us:
