Privacy & Data Protection

    Privacy notice for Switzerland and the EU.

    This notice explains how UpQuAI Solutions AG processes personal data for the Process Designer platform in accordance with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the GDPR.

    Data controller

    UpQuAI Solutions AG, Switzerland

    Registered address

    Poststrasse 13, 6300 Zug, Switzerland

    Contact for privacy

    privacy@upquai.com

    Swiss data protection first

    We process personal data in line with the revised Swiss Federal Act on Data Protection (FADP) and, where applicable, the GDPR.

    Purpose limitation

    Data is collected only for clearly defined product, support, and security purposes and never sold or shared for advertising.

    Restricted transfers

    We keep data in Switzerland or the EEA. If we must transfer data elsewhere, we apply recognized safeguards such as Standard Contractual Clauses.

    Retention discipline

    We keep data only as long as needed for the stated purpose, legal retention, or to resolve issues you raise.

    What we collect

    We collect only the data needed to provide, secure, and improve the platform. You remain in control of the content you load into Process Designer.

    Account and identity

    • Name, email address, organisation, role
    • Authentication and access logs
    • Preferences and settings

    Operational content

    • Flows, skills, and configurations you create
    • Knowledge base sources you connect
    • Metadata about executions and events (not the content of conversations unless you store it)

    Usage & telemetry

    • Product usage metrics (pages, features used)
    • Device/technical data (browser version, IP truncated/anonymised where possible)
    • Diagnostics to secure and improve the service

    Support interactions

    • Messages you send to support
    • Error reports you choose to share
    • Scheduling and meeting notes when applicable

    Why we process data

    • Performance of a contract and steps prior to entering into it (providing the platform, support, billing).
    • Compliance with legal obligations (security, accounting, retention duties under Swiss law).
    • Legitimate interests (product improvement, preventing abuse, ensuring platform reliability) balanced against your rights.
    • Consent where required by Swiss or EU law (for example, optional analytics or marketing communications).

    Retention & location

    • Data is kept only as long as needed for the purpose collected or required by Swiss law.
    • When retention ends, we delete or irreversibly anonymise data following documented procedures.
    • Primary hosting is in Switzerland or the EEA. Cross-border transfers rely on adequacy decisions or Standard Contractual Clauses plus technical safeguards.

    Website contact forms

    When you contact us through the website, we provide this notice at the point of collection in line with the Swiss FDPIC transparency guidance and GDPR Article 13 information duties.

    What we collect for inquiries

    • Name, business email, company (if provided), topic selection, and the message you submit.
    • Technical context needed for secure delivery and abuse prevention, such as IP address, browser, operating system, language, referrer/origin, and anti-bot challenge signals.
    • Optional client context such as the page URL, timezone, or viewport when supplied by your browser during submission.

    Why and on what basis

    • To respond to your inquiry and route it to the right team.
    • For sales, demo, or partnership requests, to take steps prior to entering into a contract.
    • To protect the contact channel against spam, abuse, and fraudulent submissions.
    • To maintain a record of business correspondence and follow-up context.

    Recipients and transfers

    Inquiry emails may be delivered via SendGrid and related service tooling. If personal data is transferred outside Switzerland or the EEA, we rely on adequacy decisions or Standard Contractual Clauses together with appropriate safeguards.

    Retention

    Contact-form inquiries are typically retained for up to 24 months after the last substantive interaction, unless a longer period is required for legal claims, compliance, or an ongoing business relationship.

    Required fields and automation

    Required form fields are necessary to review and answer your request. If you do not provide them, we may not be able to respond. We do not use the contact form for automated individual decision-making or profiling with legal or similarly significant effects.

    Sharing & processors

    We do not sell personal data. We share it only with trusted processors needed to run the service, bound by data protection agreements:

    • Cloud infrastructure and hosting providers located in Switzerland or the EEA.
    • Email and customer support tooling for service communications, including SendGrid for transactional delivery.
    • Analytics and monitoring tools configured to respect the least data necessary principle.

    Security measures

    • Encryption in transit and at rest for customer data.
    • Role-based access controls, least-privilege principles, and audit logging.
    • Network protection, backup routines, and incident response procedures tested regularly.
    • Vendor due diligence and contractual safeguards for all subprocessors.

    Cookies & analytics

    We use only essential cookies by default. Optional analytics or performance cookies, if enabled, rely on consent and can be managed via your browser or any consent prompts we provide. Disabling non-essential cookies does not affect core product access.

    Social media presences

    We maintain pages on social networks. When you visit those pages, the respective providers process data under their own privacy terms. Please review their notices for details.

    Meta Platforms Ireland Ltd. (Facebook)

    4 Grand Canal Square, Dublin 2, Ireland

    Privacy policy

    Instagram (Meta Platforms Ireland Ltd.)

    4 Grand Canal Square, Dublin 2, Ireland

    Privacy policy

    LinkedIn Ireland Unlimited Company

    Wilton Place, Dublin 2, Ireland

    Privacy policy

    Twitter, Inc.

    1355 Market St #900, San Francisco, CA 94103, USA

    Privacy policy

    YouTube LLC (Google)

    901 Cherry Ave, San Bruno, CA 94066, USA

    Privacy policy

    Medium Corporation

    San Francisco, CA, USA

    Privacy policy

    Your rights (revFADP & GDPR)

    You can exercise the following rights at any time. We respond without undue delay and within statutory timelines.

    Access: Receive confirmation whether we process your personal data and obtain a copy.

    Rectification: Correct inaccurate or incomplete data.

    Deletion: Request deletion when data is no longer needed or processing is unlawful.

    Objection & restriction: Object to processing based on legitimate interests or request limitation of processing.

    Portability: Receive data you provided to us in a commonly used format where processing is based on consent or contract and carried out by automated means.

    Withdraw consent: Where processing is based on consent, you may withdraw it at any time with future effect.

    Complain: You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and, where the GDPR applies, with your local EU/EEA supervisory authority.

    Questions or requests

    For any privacy request or to exercise your rights, reach out to:

    UpQuAI Solutions AG

    Data Protection · Switzerland

    Email: privacy@upquai.com

    Last updated: 8 April 2026