Privacy Policy

This policy explains how personal data is processed when you use Wrappify (wrappify.net) in accordance with the General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for data processing on this website is:

Matthias Hübner
c/o Block Services
Stuttgarter Str. 106
70736 Fellbach
Germany
Phone: +49 7433 1407240
Email: Info@matthiashuebner.com

Note: Where Wrappify processes installer files and configurations on behalf of a Microsoft Entra tenant (your organization), this constitutes processing on behalf of a controller. The respective organization is the controller for that content; to conclude a data processing agreement (DPA), please contact the address above.

2. General information on data processing

We process personal data only insofar as this is necessary to provide a functional website and our services. The legal bases are, in particular, Art. 6 (1)(b) GDPR (contract / usage relationship), (f) GDPR (legitimate interest in secure, trouble-free operation), and (a) GDPR (consent), where such consent is obtained.

3. Hosting and server log files

When you access the website, the hosting/server operation automatically processes information that your browser transmits. This includes in particular:

• the IP address of the requesting device,
• the date and time of access,
• the URL / file requested,
• the HTTP status code and amount of data transferred,
• the referrer URL as well as browser type and operating system.

This data is processed to deliver the website, ensure system security, and analyze errors (Art. 6 (1)(f) GDPR), and is deleted or anonymized after a short period.

4. Sign-in via Microsoft Entra ID (OIDC)

Use of the application requires sign-in with your Microsoft Entra ID account (OpenID Connect). In this context we process the data transmitted by Microsoft in the token, in particular your name, your email address/UPN, your user ID, and the tenant ID of your organization. This data is used for authentication, authorization, and the tenant-isolated assignment of your data. The legal basis is Art. 6 (1)(b) GDPR.

5. Upload and processing of installers

When you upload installation files (e.g. .exe, .msi, .msp, .zip) or provide them via URL, we store these files and the metadata deterministically extracted from them (e.g. manufacturer, product name, version) in order to create the Intune package. Uploaded installers are never executed — only metadata is read. Processing is tenant-isolated and serves exclusively to provide the packaging and deployment service (Art. 6 (1)(b) GDPR).

6. Processing by AI providers (LLM)

To generate the install and detection proposals, we transmit the extracted installer metadata to an AI provider (large-language-model provider) chosen by your organization. The selection and the API key are provided by your organization in the settings. Possible providers are:

• Anthropic (Claude) — default/recommended,
• OpenAI,
• xAI (Grok),
• Google (Gemini).

Only the metadata required to generate the proposal is transmitted to the provider; the installer file itself is not sent to the AI provider. As some of these providers are based outside the EU/EEA (in particular in the USA), a transfer to a third country may take place (see section 10). The legal basis is Art. 6 (1)(b) GDPR.

7. Deployment to Microsoft Intune (Microsoft Graph)

At your instruction, Wrappify uploads the generated .intunewin package to your organization's Microsoft Intune tenant via the Microsoft Graph API and, if applicable, creates app assignment groups there. A tenant-specific access token (client credentials flow) is used for this purpose. Processing is carried out on behalf of and on the instructions of your organization (Art. 6 (1)(b) GDPR).

8. Cookies and local storage

Wrappify does not use any advertising or marketing cookies. For sign-in, technically necessary data is stored in the browser (in particular the MSAL token cache in local/session storage). This is strictly required for login (Art. 6 (1)(f) GDPR and § 25 (2) TDDDG). The web analytics described in section 9 set no cookies and do not store or read any information on your device.

9. Web analytics (Umami)

To understand how the website is used and to improve it, we use Umami, a privacy-friendly web-analytics tool that we operate ourselves (self-hosted) on our own infrastructure. The analytics data is therefore not shared with any third party.

Umami works without cookies and does not create cross-site or cross-session user profiles. It records aggregated, anonymous usage statistics such as the pages visited, the referrer, and the approximate device, browser and country (derived from the IP address, which is not stored). This data does not allow us to identify you personally. The legal basis is our legitimate interest in the needs-based design and the statistical analysis of our website (Art. 6 (1)(f) GDPR). Because no information is stored on or read from your device, consent under § 25 (2) TDDDG is not required.

10. Transfer to third countries

As part of the AI processing (section 6) and the use of Microsoft services (sections 4 and 7), data may be transferred to providers based outside the EU/EEA. Where this is the case, the transfer takes place on the basis of appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the EU Standard Contractual Clauses or — where applicable — an adequacy decision (EU-US Data Privacy Framework).

11. Retention and deletion

We store personal data only for as long as is necessary for the stated purposes or as required by statutory retention periods. Using the offboarding function, an organization can permanently delete the data stored with Wrappify (uploads, builds, profiles, LLM cache, settings); apps already deployed to Intune and groups created in Entra remain within the organization.

12. Your rights

Under the GDPR, you have in particular the following rights:

• access (Art. 15 GDPR),
• rectification (Art. 16 GDPR),
• erasure (Art. 17 GDPR),
• restriction of processing (Art. 18 GDPR),
• data portability (Art. 20 GDPR),
• objection to processing (Art. 21 GDPR),
• withdrawal of consent given, with effect for the future (Art. 7 (3) GDPR).

To exercise your rights, a message to the contact details in section 1 is sufficient.

13. Right to lodge a complaint with a supervisory authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the member state of your residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

14. Changes to this privacy policy

We will update this privacy policy as soon as changes to our data processing or the legal situation make this necessary. The current version published here applies in each case.

Last updated: June 2026 · © 2026 Wrappify · wrappify.net