Privacy & Data Protection

    Privacy notice compliant with the Swiss FADP.

    This notice explains how UpQuAI Solutions AG processes personal data for the Process Designer platform in accordance with the Swiss Federal Act on Data Protection (revFADP) and, where applicable, the GDPR.

    Data controller

    UpQuAI Solutions AG, Switzerland

    Registered address

    Poststrasse 13, 6300 Zug, Switzerland

    Contact for privacy

    privacy@upquai.com

    Swiss data protection first

    We process personal data in line with the revised Swiss Federal Act on Data Protection (FADP) and, where applicable, the GDPR.

    Purpose limitation

    Data is collected only for clearly defined product, support, and security purposes and never sold or shared for advertising.

    Restricted transfers

    We keep data in Switzerland or the EEA. If we must transfer data elsewhere, we apply recognized safeguards such as Standard Contractual Clauses.

    Retention discipline

    We keep data only as long as needed for the stated purpose, legal retention, or to resolve issues you raise.

    What we collect

    We collect only the data needed to provide, secure, and improve the platform. You remain in control of the content you load into Process Designer.

    Account and identity

    • Name, email address, organisation, role
    • Authentication and access logs
    • Preferences and settings

    Operational content

    • Flows, skills, and configurations you create
    • Knowledge base sources you connect
    • Metadata about executions and events (not the content of conversations unless you store it)

    Usage & telemetry

    • Product usage metrics (pages, features used)
    • Device/technical data (browser version, IP truncated/anonymised where possible)
    • Diagnostics to secure and improve the service

    Support interactions

    • Messages you send to support
    • Error reports you choose to share
    • Scheduling and meeting notes when applicable

    Why we process data

    • Performance of a contract and steps prior to entering into it (providing the platform, support, billing).
    • Compliance with legal obligations (security, accounting, retention duties under Swiss law).
    • Legitimate interests (product improvement, preventing abuse, ensuring platform reliability) balanced against your rights.
    • Consent where required by Swiss or EU law (for example, optional analytics or marketing communications).

    Retention & location

    • Data is kept only as long as needed for the purpose collected or required by Swiss law.
    • When retention ends, we delete or irreversibly anonymise data following documented procedures.
    • Primary hosting is in Switzerland or the EEA. Cross-border transfers rely on adequacy decisions or Standard Contractual Clauses plus technical safeguards.

    Sharing & processors

    We do not sell personal data. We share it only with trusted processors needed to run the service, bound by data protection agreements:

    • Cloud infrastructure and hosting providers located in Switzerland or the EEA.
    • Email and customer support tooling for service communications.
    • Analytics and monitoring tools configured to respect the least data necessary principle.

    Security measures

    • Encryption in transit and at rest for customer data.
    • Role-based access controls, least-privilege principles, and audit logging.
    • Network protection, backup routines, and incident response procedures tested regularly.
    • Vendor due diligence and contractual safeguards for all subprocessors.

    Cookies & analytics

    We use only essential cookies by default. Optional analytics or performance cookies, if enabled, rely on consent and can be managed via your browser or any consent prompts we provide. Disabling non-essential cookies does not affect core product access.

    Social media presences

    We maintain pages on social networks. When you visit those pages, the respective providers process data under their own privacy terms. Please review their notices for details.

    Meta Platforms Ireland Ltd. (Facebook)

    4 Grand Canal Square, Dublin 2, Ireland

    Privacy policy

    Instagram (Meta Platforms Ireland Ltd.)

    4 Grand Canal Square, Dublin 2, Ireland

    Privacy policy

    LinkedIn Ireland Unlimited Company

    Wilton Place, Dublin 2, Ireland

    Privacy policy

    Twitter, Inc.

    1355 Market St #900, San Francisco, CA 94103, USA

    Privacy policy

    YouTube LLC (Google)

    901 Cherry Ave, San Bruno, CA 94066, USA

    Privacy policy

    Medium Corporation

    San Francisco, CA, USA

    Privacy policy

    Your rights (FADP)

    You can exercise the following rights at any time. We respond without undue delay and within statutory timelines.

    Access: Receive confirmation whether we process your personal data and obtain a copy.

    Rectification: Correct inaccurate or incomplete data.

    Deletion: Request deletion when data is no longer needed or processing is unlawful.

    Objection & restriction: Object to processing based on legitimate interests or request limitation of processing.

    Portability: Receive data you provided to us in a commonly used format where processing is based on consent or contract and carried out by automated means.

    Withdraw consent: Where processing is based on consent, you may withdraw it at any time with future effect.

    Complain: You may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC).

    Questions or requests

    For any privacy request or to exercise your rights, reach out to:

    UpQuAI Solutions AG

    Data Protection · Switzerland

    Email: privacy@upquai.com

    Last updated: 9 January 2026