Book a Demo Start for Free
GermanGerman|EnglishEnglish
Platform Login Platform Login

Privacy Policy of Evoya AI GmbH

Last updated: June 20, 2025

1. Introduction and Scope

The protection of your personal data is our top priority. This privacy policy applies to all digital offerings, platforms, and services of Evoya AI GmbH (hereinafter "Evoya AI", "we", "us"), Brunnenstrasse 27, 8610 Uster, Switzerland. It is directed at users in Switzerland, the European Economic Area (EEA), the EU, and beyond.

Our platform brings together various AI models and providers from Switzerland, the EU, and international markets. We guarantee the highest transparency, security, and compliance with all applicable data protection laws – particularly the Swiss Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR).

2. Responsible Party and Contact

Responsible entity for data processing:
Evoya AI GmbH
Brunnenstrasse 27
8610 Uster
Switzerland
[email protected]

Data Protection Officer (DPO):
Steven Chareonbood
Tel.: +41 (0)44 520 16 48

3. Categories of Personal Data

We process, depending on the use of our platform, particularly the following categories of data:

Contact data (Name, First Name, Email, Address, Phone Number)

Contract and Payment Data (Billing data, Payment method, Services booked)

Login and Profile Data (Username, Password hash, Roles/Profile)

Usage Data of the Platform (Chat content, Questions asked, Generated answers, System logs, IP address, Device data)

Support and Communication Data (Inquiries, Tickets, Feedback, Logs)

Cookie and Tracking Data (e.g., Session ID, Preferences, Pseudonymized analysis and marketing data)

Special categories of personal data (such as health data) are only processed if you explicitly enter them into the platform.

4. Purposes and Legal Bases of Processing

Your data will only be processed for clearly defined, lawful purposes:

  • Provision, operation, and technical assurance of the platform, its modules, and interfaces
  • Enabling access to various AI models and providers (including Swiss, European, and international providers)
  • Contract processing, billing, and accounting
  • Support, user communication, and care
  • Analysis and further development of the platform and services (pseudonymized/anonymized)
  • Marketing, information about new features, product information, and events
  • Compliance with legal obligations and regulatory requirements
  • Protection of legitimate interests (e.g., prevention of abuse, IT security, enforcement of rights)

Legal Bases:

  • Contract fulfillment (Art. 6 para. 1 lit. b GDPR / Art. 31 para. 2 DSG)
  • Consent (Art. 6 para. 1 lit. a GDPR)
  • Legal obligation (Art. 6 para. 1 lit. c GDPR)
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR; careful balancing, your interests and fundamental rights are always considered)

5. Processing, Storage, and Security of Data

Your data is generally stored in Switzerland, in an ISO-certified data center.

Unless otherwise instructed by the customer, no storage occurs outside of Switzerland.

Customers can, upon request, also store their data on their own servers (On-Premise) or with a cloud provider of their choice; in this case, the responsibility for data security and compliance with data protection requirements lies with the customer.

We implement modern technical and organizational protective measures, such as encrypted transmission, role-based authorization concepts, access restrictions, and ongoing reviews of data security.

We only share data with authorized persons and contractually bound service providers, as far as necessary and a data protection-compliant contract exists.

6. Order Processing and Disclosure to Third Parties

External service providers (e.g., hosting, IT support, payment processing, communication) gain access to personal data only to the extent necessary for the provision of their service and a valid, GDPR/DSG-compliant data processing agreement (DPA) has been concluded.

An up-to-date list of relevant processors will be provided to you upon request or as part of the DPA.

Subcontractors (sub-processors) may be used and are contractually bound to the same data protection standards.

7. International Data Transfer and Location Transparency

For the transfer of personal data to AI providers in countries outside of Switzerland, the EU, or the EEA, we ensure, where possible, that an adequate level of data protection is guaranteed through appropriate safeguards such as EU Commission Standard Contractual Clauses (SCC) or an adequacy decision.

On our platform, it is transparently visible for each AI model and service in which country the server of the respective provider is located. The selection and use of a specific AI model is your own responsibility as a customer.

Please note that there may be AI providers from so-called unsafe third countries that do not provide such guarantees – however, this only affects a very small part of all models available on our platform (over 95% of the models are not affected). As part of the data processing agreement (DPA), you will receive a complete list of all providers used and their server locations upon request.

8. Storage Duration and Deletion

Your personal data will generally only be stored as long as necessary for the stated purposes or as required by legal regulations. The storage duration of chat content and other usage data can be individually set by you as a customer on our platform – up to Zero Data Retention (no storage after the session ends). Certain AI providers on our platform also offer this option; whether and to what extent this is possible will be indicated on our platform or communicated transparently upon request.

Please note: If you use an external AI model or third-party provider, it may happen that this provider temporarily stores input data (prompts and outputs) according to its own terms of service, for example, for up to 30 days for quality, debugging, or compliance purposes. This storage occurs outside our influence and is subject to the data protection regulations of the respective AI provider. We recommend that you inquire directly about the respective data retention practices if necessary.

After the expiration of the respective retention period or after the purpose has ceased, your data stored with us will be deleted.

9. Use of Your Inputs for Training AI Models

The data you enter when using the AI models integrated into our platform will not be used for training purposes according to the respective providers. We rely on the official interfaces (APIs) of the providers and adhere to their communicated data usage policies.

10. Automated Decision-Making / Profiling

Our platform does not make automated decisions with legal effect for affected individuals. The integrated AI models only provide assisting suggestions, answers, or analyses.

If you, as a customer, implement profiling or scoring functions based on the platform, the legal responsibility for their permissibility and transparency lies with you.

11. Rights of Affected Persons

You have the following rights under the DSG and GDPR at any time:

  • Information about the data stored about you
  • Correction of inaccurate or incomplete data
  • Deletion of your data, provided that no legal retention obligations oppose it
  • Restriction of the processing of your data
  • Data portability (provision of your data in a machine-readable format)
  • Objection to the processing for reasons arising from your particular situation
  • Withdrawal of granted consents with effect for the future
  • Right to lodge a complaint with a data protection supervisory authority (Switzerland: FDPIC, EU: national supervisory authority)

Please direct your inquiries to [email protected]. We will process your request promptly, at the latest within one month.

12. Cookies and Tracking

Our platform and website use cookies and similar technologies:

  • Technically necessary cookies (Login, Security, Session Management)
  • Functional cookies (Preferences, Language settings)
  • Analysis and statistics cookies (Usage statistics, Error analyses – pseudonymized)
  • Marketing/Tracking cookies (only with consent)

Further information and your options for settings can be found in our cookie policy. You can adjust your cookie preferences at any time.

13. Data Protection for Minors and School Use

Our services are primarily aimed at individuals aged 16 and older or at individuals for whom appropriate consent has been obtained by a responsible person (e.g., school authority, school management, administration).

If schools use our platform, the use occurs within the framework of a contract with the respective institution, which is responsible for compliance with data protection requirements and obtaining the necessary consents.

14. Changes to the Privacy Policy

We reserve the right to adjust this privacy policy at any time, for example, in the event of legal or technical changes. The current version is always available on our website.

Substantial changes will be communicated to you before they take effect via email or upon your next login.

15. Validity and Additional Notes

This privacy policy applies to all digital offerings and services of Evoya AI GmbH, including our platform, website, APIs, and subdomains. We take no responsibility for linked offerings or services of third parties – their own privacy policies apply.

If individual provisions of this declaration are or become ineffective, the effectiveness of the remaining provisions shall remain unaffected.

Contact and Exercise of Your Rights

For questions, concerns, or to exercise your data protection rights, please contact [email protected] or send mail to the address mentioned above.